TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1035
Signature ID: 37018
SQL Injection with SQL UNION Statement
Threat Level: Severe
Industry ID: CVE-2008-2916
Signature Description: This rule hits when http request argument consists of SQL UNION statement, UNION
statement is used to join two or more SQL Statements to form one single SQL statement, attacker uses this statement to
include his own SQL statement. Successful attempt allows attackers to gain the admin access on the affected
victim’s database. This signature detects attacks attackpattern with negative numbers.
Signature ID: 37019
Login Bypass attempt with Classical SQL Injection technique
Threat Level: Severe
Signature Description: This rule hits when http request argument consists of the pattern 1’ or ‘1=31-- .
Attacker uses this pattern to bypass logins. Single/double quotes are used as string terminating characters. Successful
attempt allows attackers to gain the admin access on the affected victim’s database.
Signature ID: 37020
Login Bypass Attempt with Classical SQL Injection and with MySQL Comments
Threat Level: Severe
Signature Description: This rule hits when http request argument has the pattern admin’ or ‘1=1# .
Attacker uses this pattern to bypass logins. Single/double quotes are used as string terminating characters. Successful
attempt allows attackers to gain the admin access on the affected victim’s database.
Signature ID: 37021
Login Bypass attempt with MySQL Comment Statement
Threat Level: Severe
Signature Description: This rule hits when http request argument consists of the pattern like admin’ or
‘1=1/* . Attacker uses this pattern to bypass logins. Single/double quotes are used as string terminating
characters. Successful attempt allows attackers to gain the admin access on the affected victim’s database.
Signature ID: 37022
Login Bypass Attempt with Classical SQL Injection
Threat Level: Severe
Signature Description: This rule hits when http request argument consists of the pattern like admin’) or
‘1=1/* . Attacker uses this pattern to bypass logins. Single/double quotes are used as string terminating
characters. And closing brackets are used as condition terminator, Attacker uses these patterns to bypass logins.
Successful attempt allows attackers to gain the admin access on the affected victim’s database.
Signature ID: 37023
Login Bypass Attempt with Classical SQL Injection
Threat Level: Severe
Signature Description: This rule hits when http request argument consists of the pattern like admin’) or
(‘1=1-- . Attacker uses this pattern to bypass logins. Single/double quotes are used as string terminating
characters. And closing brackets are used as condition terminator and opening brackets are used for opening of a
condition. Attacker uses these patterns to bypass logins. Successful attempt allows attackers to gain the admin access
on the affected victim’s database.