TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1032
Signature ID: 37002
Classical SQL Injection with a tautology condition framed with strings
Threat Level: Severe
Signature Description: SQL injection is a type of security exploit in which the attacker adds Structured Query
Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a
request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user
enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query.
If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However,
most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions
are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to
download the entire database or interact with it in other illegal ways. This rule hits when http request argument data
value consists of the pattern like ‘) or (‘a’ = ‘a . An attacker passes a tautology condition
with strings to gain the access on target system. Successful attacker gains the admin access on the affected web-site.
Signature ID: 37003
SQL Injection with String Delimiter character and with Inline Comments
Threat Level: Severe
Signature Description: SQL injection is a type of security exploit in which the attacker adds Structured Query
Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a
request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user
enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query.
If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However,
most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions
are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to
download the entire database or interact with it in other illegal ways. This rule hits when SQL string terminating
character single/double quote followed with sql comments – detected. This pattern must not present in the post
data. Successful attacker gains access to the admin page.
Signature ID: 37004
SQL Injection with MySQL Comment
Threat Level: Severe
Industry ID: CVE-2008-4516
Signature Description: SQL injection is a type of security exploit in which the attacker adds Structured Query
Language (SQL) code to a Web form input box to gain access to resources or make changes to data. An SQL query is a
request for some action to be performed on a database. Typically, on a Web form for user authentication, when a user
enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query.
If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However,
most Web forms have no mechanisms in place to block input other than names and passwords. Unless such precautions
are taken, an attacker can use the input boxes to send their own request to the database, which could allow them to
download the entire database or interact with it in other illegal ways. This rule hits when http request argument value
consists of MySQL Comments. An attacker uses this technique to include his own MySQL query as a string. MySQL
Query will be framed at the server side. And the Attacker includes MySQL Comments using(#) to ignore the rest of the
Query string at run time.
Signature ID: 37005
SQL Injection with MySQL Comment
Threat Level: Severe
Industry ID: CVE-2008-2914
Signature Description: This Rule hits when http request argument value consists of MySQL Comment statements like