Manualshelf

TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
1031103210331034103510361037103810391040
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
1037
Signature ID: 37030
Classical SQL Injection with HTML Encoded format, Possible Signature Evasion
Threat Level: Severe
Signature Description: This rule hits when http request argument consists of HTML Encoded format Character
’ . Attacker uses this pattern to evade IPS Signatures, but browsers execute this pattern successfully on their
local machines. Successful attacker gains admin access on the affected system.
Signature ID: 37031
SQL Injection with MySQL Comments
Threat Level: Severe
Industry ID: CVE-2008-2902
Signature Description: This rule hits when http request argument consists of the pattern like “-abc/*”.
MySQL allows “/*” string a comment statement. Attacker passes this pattern to bypass validations on the
victim’s machine. Successful attacker gains admin access.
Signature ID: 37032
SQL Injection with MySQL Comments
Threat Level: Severe
Industry ID: CVE-2008-2890 Bugtraq: 29861
Signature Description: This rule hits when http request argument consists of pattern like “abc’/*”
. MySQL allows comment Statement in the SQL Statement. Attacker uses comment statements to terminate or to
ignore rest of query part at run time. Successful attacker gains admin access on the affected system.
Signature ID: 37033
SQL Injection with SQL UNION Statement
Threat Level: Severe
Industry ID: CVE-2008-2903
Signature Description: This Rule hits when http request argument consists of SQL UNION Statement. This statement
is used to join two or more SQL queries. Attacker passes this pattern to include his own SQL Statements. Successful
attacker gains admin access on the affected system. And this rule hits when http request argument data consists of the
pattern single quote(') followed with any number of spaces and with UNION statement.
Signature ID: 37034
SQL Injection with SQL GROUP Statement
Threat Level: Severe
Industry ID: CVE-2008-0270
Signature Description: This rule hits when http request argument consists of SQL GROUP Clause. The GROUP
keyword is used when we are selecting multiple columns from a table. Attacker uses this statement to by pass
authentication, by resulting more number of records. Successful attacker gains admin access on the affected system
database.
Signature ID: 37035
SQL Injection with MySQL Comments
Threat Level: Severe
Industry ID: CVE-2008-2901 CVE-2008-2902
Signature Description: This rule hits when http request argument consists of MySQL Comment statement
“/*”. This statement is used to specify SQL query action in the SQL statement. Attacker uses this pattern
to ignore rest of the SQL statement. Successful attacker gains admin access on the affected system database.