Signature Detail
Short Name |
HTTP:SQL:INJ:MS-SQL-TABLE-NAME |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Category |
HTTP |
Keywords |
MS-SQL Table Name in URL Variable SQL Injection |
Release Date |
2012/07/13 |
Update Number |
2161 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: MS-SQL Table Name in URL Variable
This signature detects Microsoft SQL table names being sent in HTTP URL variables. Such activity could be an SQL Command Injection attempt. It could also detect non-malicious references to Microsoft SQL table names, such as in a blog posting, or for websites that use SQL commands in their URL's as a part of that website's normal functionality (not recommended).
References