Signature Detail

Short Name	HTTP:IIS:ENUMDSN-ATTEMPT
Severity	Low
Recommended	No
Category	HTTP
Keywords	enumdsn
Release Date	2003/04/22
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: IIS SQL Server xp_enumdsn Attempt

This signature detects attempts to use the Microsoft SQL Server xp_enumdsn command.

Extended Description

Attackers may be calling the xp_enumdsn function in order to gain sensitive information in preparation for further attacks. Of course, legitimate users may be calling it in order to retrieve information they require for normal database use.

References

URL: http://www.databasejournal.com/features/mssql/article.php/1441251
URL: http://www.nextgenss.com/papers/advanced_sql_injection.pdf

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: IIS SQL Server xp_enumdsn Attempt

Extended Description

References