TMS zl Module IPS/IDS Signature Reference Guide RLX.10.2.2.94
ProCurve TMS zl Module IPS/IDS Signature
Reference Guide Version RLX.10.2.2.94
893
Signature ID: 35154
MySQL User defined function Injection and Modification attempts on Existing data
Threat Level: Severe
Signature Description: MySQL Allows user defined functions, Attackers injects functions with the same as existing
functions causing naming collisions. Successful attempt causes MySQL Application to crash. This Rule hits when
attempt to inject user-defined functions or trying to modify the existing data with MySQL DDL Statements.
Signature ID: 35155
Attempt to Crash MySQL using Charset function injection
Threat Level: Severe
Signature Description: MySQL has rich charset, but while handling or translating languages such as Russian, Hindi
MySQL fails. Attacker can crash MySQL Server by sending requests in Russian, or Hindi. Successful attempt will
cause MySQL Server to crash or may show data with unknown format.
Signature ID: 35156
MySQL stored procedure or function injection
Threat Level: Severe
Signature Description: Attacker injects his own procedures or functions with the same name as stored procedure
causing MySQL Server to crash. This rule checks the http request line for any of the procedures CREATE,
PROCEDURE, FUNCTION, declare, exec.
Signature ID: 35157
SQL Injection attempt on postgres database
Threat Level: Severe
Signature Description: Attacker can stop,shutdown,sleep the operations of postgres server by injecting WAITFOR,
SHUTDOWN, or by selecting pg_sleep functions. Attacker passes these functions to execute his own queries to get
sensitve information from the vulnerable web site.
Signature ID: 35158
MySQL Code execution or information stealing attempt
Threat Level: Severe
Industry ID: CVE-2008-2892
Signature Description: This rule hits when any of MySQL EXEC or DUMP or OUT functions is present in the
attribute value, attacker can execute his own functions on the target system, can execute by sending these statements
with sql injection techniques.
Signature ID: 35159
SQL Injections using HAVING,MATCH,MERGE,EXECUTE Statements
Threat Level: Severe
Signature Description: This Rule hits when attribute values consists any of MATCH,MERGE, EXECUTE, or
HAVING Clause found. Attacker can inject or can execute his own functions using these functions.
Signature ID: 35160
MySQL SPACE or Keyword injection
Threat Level: Severe
Signature Description: This rule hits when attribute value consists of any MySQL Keywords,including SPACE macro.
This rule checks the http request line for any of these SQL Keywords like SELECT, FROM, CREATE, RENAME,
TRUNCATE, LOAD, ALTER, DELETE, UPDATE, INSERT, DESC, SPACE.