Signature Detail

HTTP: Generic SQL Procedure Detection

This signature detects specific characters, typically used in SQL procedures, within an HTTP connection. Because these characters are not normally used in HTTP, this can indicate a SQL injection attack through a procedure. However, it can be a false positive.

Extended Description

SQL instructions could disclose, modify or destroy records stored in the database. This capability could be leveraged by the attacker to further penetrate the target host(s).

References

• URL: http://security-papers.globint.com.ar/oracle_security/sql_injection_in_oracle.php