TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1036
Signature ID: 37024
SQL Injection with SQL UPDATE Statement
Threat Level: Severe
Signature Description: This Rule hits when http request argument consists of SQL UPDATE statement. This statement
is used to modify the database records. Attacker uses this statement to modify the records of victim’s database.
Successful attacker gains admin access on the victim’s database.
Signature ID: 37025
Login Bypass Attempt Possible Signature Evasion
Threat Level: Severe
Signature Description: This Rule hits when http request argument consists of SQL Injection pattern and with SQL
convert statement. SQL Convert statement is used to convert alphabets to integers and vice-versa. Attacker uses this
function to evade SQL Injection Signatures. Successful attacker gains admin access on the affected system.
Signature ID: 37026
SQL Injection with SQL Statement Delimiter semi-colon
Threat Level: Severe
Signature Description: This rule hits when http request argument has the pattern like –123’; . SQL
statement delimiter is semicolon, is used to terminate SQL statement. Attacker passes this symbol for to terminate sql
statements. Successful attacker gains admin access on the victim’s machine.
Signature ID: 37027
SQL Injection with Conditional Joining, Possible Signature Evasion
Threat Level: Severe
Signature Description: This rule hits when http request argument consists of SQL Conditional joining operator
“and”. And SQL SUBSTRING function found. SQL “and” statement is used to join two
or more conditions. SQL SUBSTRING function is used to frame a sub string from a large string. This rule hits when
http request argument sample pattern like -1 and substring(“abcd”,3) =
substring(“abcd”,3) which results –1 and “d”=”d” . This pattern is
Classical SQL Injection , attacker uses this pattern to bypass IDS Signatures. Successful attacker gains admin access on
the victim’s machine.
Signature ID: 37028
Blind SQL Injection Attempt
Threat Level: Severe
Signature Description: This rule hits when http request argument consists of pattern like “ % ‘/*”.
Attacker uses this pattern to check whether victim’s machine is reacting for malicious SQL Statement. If any
response received from the victim machine then attacker uses general SQL Injections. Successful attack may leads to
some other SQL Injection attacks.
Signature ID: 37029
SQL Injection with Windows Formatted Local File Inclusion (LFI) Attempt
Threat Level: Severe
Signature Description: This rule hits when http request argument consists of widows absolute path. Attacker uses this
technique to Include Local Files. Successful attack allows remote code execution. and may disclose sensitive
information of the victim's system information including passwords.