TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

1031

ProCurve TMS zl Module IPS/IDS Signature

Reference Guide Version RLX.10.2.2.94

1040

or eval functions of Script Statements, These functions are executed on the victims browser. Successful attacker can

redirect sensitive information, or he can gain access on the affected system

Signature ID: 37048

PHP Remote File Inclusion(RFI)

Threat Level: Warning

Industry ID: CVE-2008-2912

CVE-2008-2905 CVE-2008-2854 CVE-2008-2836 CVE-2008-2690 CVE-2008-2689

CVE-2008-2520 CVE-2008-2480 CVE-2008-2396 CVE-2008-2341 CVE-2008-2296 CVE-2008-2270 CVE-2008-

2228 CVE-2008-2224 CVE-2008-2220 CVE-2008-2199 CVE-2008-2198 CVE-2008-2193 CVE-2008-2128 CVE-

2008-1903 CVE-2008-1876 CVE-2008-1862 CVE-2008-1776 CVE-2008-1773 CVE-2008-1760 CVE-2008-1505

CVE-2008-1416

CVE-2008-1405 CVE-2008-1170 CVE-2008-1069 Bugtraq: 28074

Signature Description: PHP provides code reusablity. So developers can group one or more php script files together

using include() function, by passing filenames as an argument to the include function. At runtime server includes and

executes the scripts as single script. The PHP include function allows users to access local files or remote files with

different internet protocols like http,https, and ftp. An Attacker passes, remote php script filenames as an argument to

the servers-php script, server-php script includes the remote php file into the server-php page and executes the

attacker's php script with the priviliges of the user.

Signature ID: 37049

SQL Injection UNION Attack

Threat Level: Severe

Industry ID: CVE-2007-0984

Signature Description: SQL Injection vulnerability allows the remote attackers to execute their own queries on the

contect of the database of the webserver. Attacker can add more number of queries by joining two sql statements with

sql statement called "union". Attacker prepares the carefully crafted sql injection attack pattern, and he can inject any

number of sql statements using union statement.

Signature ID: 37050

SQL Injection With OR

Threat Level: Warning

Signature Description: In the SQL Statements, the Word OR is used to join two different conditions. SQL Injection

attacker can inject his own queries to by pass the condition, by passing the tautology conditions to the vulnerable

parameter of the web applications. By Joining two or more conditions with tautology condition, the result of of the total

condition becomes true. Using this attack pattern, an attacker can bypass validations at the web application. This rule

hits when any argument consists of the SQL Keyword "OR" with special charactes.

Signature ID: 37051

SQL Injection With AND

Threat Level: Warning

Signature Description: In the SQL Statements, the keyWord AND is used to join two different conditions.<br>SQL

Injection attacker can inject his own queries by sending the crafted sql statements with AND Operator. At the execution

time of the SQL Statement, all the sub sql statements and the conditions will be executed first, so irrespective of the

result of the SQL Statement, the embedded statements will be executed. The attacker injects his queries by joining them

with AND / OR Keywords. At the time of execution the attacker queries may be executed, resulting the system to be

compromised