sql injection finalv1 - virtual security operations center · 2014-08-25 · popular types of sql...

ii

©Copyright IBM Corporation 2014. All rights reserved. IBM and the IBM logo are trademarks or registered trademarks of the IBM Corporation in the United States,

other countries or both. Other company, product or service names may be trademarks or service marks of others.

RESEARCH AND INTELLIGENCE REPORT

RELEASE DATE: AUGUST 25, 2014

BY: DAVID MCMILLEN, SENIOR THREAT RESEACHER

IBM MSS SQL INJECTION – INPUT VALIDATION

iii



TABLE OF CONTENTS

EXECUTIVE OVERVIEW/KEY FINDINGS ................................................................................................................ 1

DISTRIBUTION OF ATTACK SOURCES ................................................................................................................... 1

SQL INJECTION ATTACK METRICS ........................................................................................................................ 2

POPULAR TYPES OF SQL INJECTION ATTACKS ...................................................................................................... 3

IBM’S SQL INJECTION DETECTION ENGINE .......................................................................................................... 3

RECOMMENDATIONS/MITIGATION TECHNIQUES ............................................................................................... 4

IDPS SIGNATURES AND/OR SIEM RULES ............................................................................................................................. 4 Proventia ................................................................................................................................................................................. 4 AirDefense ............................................................................................................................................................................... 5 Akamai .................................................................................................................................................................................... 5 Checkpoint ............................................................................................................................................................................... 5 Cisco IDS .................................................................................................................................................................................. 8 IBM ........................................................................................................................................................................................ 11 Intrushield .............................................................................................................................................................................. 11 Nessus.................................................................................................................................................................................... 14 Netscreen .............................................................................................................................................................................. 15 Palo Alto ................................................................................................................................................................................ 15 Snort ...................................................................................................................................................................................... 17 Sourcefire............................................................................................................................................................................... 19 Tipping Point ......................................................................................................................................................................... 21

ADDITIONAL RECOMMENDATIONS .................................................................................................................................... 26

REFERENCES .................................................................................................................................................... 26

CONTRIBUTORS ............................................................................................................................................... 26

DISCLAIMER ..................................................................................................................................................... 26

1



EXECUTIVE OVERVIEW/KEY FINDINGS

Data breaches seem to be everywhere these days. Every time a major security event makes the headlines

there is usually one common denominator associated with it: weak SQL database security policy. Bad

actor groups make a living off of it and have come to utilize this attack vector more than any other, largely

because they know getting the perfect database security solution implemented requires much time,

strategy and money. Most enterprise database deployments are not going to be locked down very

securely. Although not the norm, off the shelf database deployments are out there, and they are ripe for

picking. In the cases where primary security concerns have been taken into consideration and mitigated,

there is almost always a lack of data validation. No matter how secure you think your databases are,

there is an attacker out there willing to prove you wrong and make you pay one way or the other.

Whether by giving up sensitive customer information, credit card data or intellectual capital, it will be just

a matter of time when you will be adversely affected if you don’t trap unexpected input. This paper will

look at this subject and provide some remediation tactics that you can utilize to further strengthen your

database farm, your reputation and protect your endpoints.

DISTRIBUTION OF ATTACK SOURCES

According to IBM’s Managed Security Services data, the top attacking countries are allegedly the United

States and China. It is generally believed that the Chinese attackers for the most part are state

sponsored while American attackers are more aligned with hacktivist groups.

2



SQL INJECTION ATTACK METRICS

Although SQL injection volume has declined over the course of the year, it is still highly prevalent when

compared to all other attack types. The incidents illustrated above were tracked from actual security

incidents where SQL Injection activity was confirmed and customers were notified.

We see a plethora of different styles of SQL injection against a wide variety of entry types. PHP, ASP,

Wordpress, URL, and Parallels Plesk are the most popular attacked entry points. A fair amount of the

attacks we track are solely focused on defacing web pages. The remainder are usually targeting sensitive

data.

3



POPULAR TYPES OF SQL INJECTION ATTACKS

There are four main types of SQL injection;

1. First Order Attack - An attacker can enter a malicious string and cause the modified code to be

executed immediately

2. Second Order Attack - An Attacker injects persistent storage (such as a table) which normally is a

trusted source and the attack is carried out by a second activity

3. Lateral Injection - An attacker can manipulate the function To_Char() by changing environmental

variables

4. Blind Injection – SQL Injection attacks that don’t require error messages to be returned to the

attacker and are more focused on vulnerable applications.

Input fields on web applications are major injection entry points. Search fields are also utilized to send

injection attack strings. Expected characters need to be defined and anything outside of that range,

rejected. These are called “check constraints”. Check constraints are rules that define acceptable

column values for row data within a table. These constraints can validate the integrity of one or multiple

columns. You can also use multiple constraints within a single column. If the data that is being inserted

or updated violates the check constraint, then the database will reject the operation from occurring.

Complex applications can have a large number of entry points. This makes it extremely difficult for a

developer to enforce rules. All possible forms of input must be tested to check whether the application

sufficiently validates the data prior to using it. Input validation is useful as a defense-in-depth strategy.

Although input validation and check constraints are certainly extremely important, they are not infallible.

The use of stored procedures is as important as data validation. Stored procedures are a group of SQL

statements that perform a particular task. SQL code for a stored procedure is defined and stored in the

database itself, and then called from the application. The main benefit of using stored procedures are

performance gains from precompiled execution, reduction in client/server traffic and security controls by

granting users permissions on the stored procedures instead of database tables.

IBM’S SQL INJECTION DETECTION ENGINE

Relying on raw signature events to detect SQL Injection is hardly a perfect solution. IBM has developed a

very reliable and robust set of rules within its SIEM environment that allow us nearly a 100% accuracy rate

4



of detection. We see new attack strings on a daily basis which we analyze and implement to the rule sets.

New strings are captured within a set of active lists and sent to analysts within minutes of their capture.

Once the offending strings are confirmed to be malicious, they are then added to the production

detection rules. No one else in the industry has such a proactive solution.

If a SQL Injection attack is escalated to you it is imperative that you take this action seriously and inspect

the target server(s) immediately. Since a large majority of the attack strings are purposely meant to

exploit an application first, you MUST ensure your patch management solution is robust.

RECOMMENDATIONS/MITIGATION TECHNIQUES

As mentioned earlier, it is highly prudent to implement check constraints in order to prevent an attacker

from pushing an injection string through a data input field. Please check the following resource for more

information.

https://www.owasp.org/index.php/Data_Validation

Designing stored procedures is also key to good database security posture. More can be found at the

following link.

http://msdn.microsoft.com/en-us/library/cc505879.aspx

Where possible, we recommend that customers immediately enable the signatures listed below for

blocking and analyzing any events generated by them. In addition, ensure that any related security

patches and anti-virus solutions are up-to-date. These signatures may not be enabled by default.

Because of the wide scope of attack types that can affect SQL, the list of signatures is very large. It may

not be prudent for customers to turn on each and every SQL signature for their specific vendor. A large

majority of these signatures are focusing on specific applications. Enabling only the signatures that cover

your specific applications would be best practice. IBM Proventia utilizes heuristics within its SQL injection

detection signature which allows for a single signature to cover all SQL attack types.

IDPS SIGNATURES AND/OR SIEM RULES

PROVENTIA

SQL_Injection

5



AIRDEFENSE

SSID SQL Injection Attack

AKAMAI

Basic MongoDB SQL Injection Attempts

Basic SQL Injection - Common Attack Payloads

Blind SQL Injection Attack

Chained SQL Injection Attempts 1/2

Chained SQL Injection Attempts 2/2

Classic SQL Injection Probes 1/2

Classic SQL Injection Probes 2/2

Concatenated Basic SQL Injection and SQLLFI Attempts

Conditional SQL Injection Attempts

Detects SQL Injections that Use Time Delays

SQL Injection (DROP Statement)

SQL Injection (String Termination and Comment Sequence)

SQL Injection Attack

SQL Injection Attack: Common DB Names Detected

SQL Injection Attack: Common Injection Testing Detected

SQL Injection Attack: SQL Operator Detected

SQL Injection Bypass/Probing

CHECKPOINT

ActiveCampaign 1-2-All Broadcast Email sername Parameter SQL Injection - Ver2

AdaptWeb Web Application SCADA SQL Injection

Adobe RoboHelp Server SQL Injection

Advantech WebAccess SQL Injection Information Disclosure

AJ Dating view_profile.php user_id Parameter SQL Injection - Ver2

Benders Calendar index.php this_day Parameter SQL Injection - Ver2

Bit 5 Blog processlogin.php username Parameter SQL Injection - Ver2

BSQL Automated SQL Injection tool

CA Total Defense Suite UNCWS exportReport SQL Injection

CA Total Defense Suite UNCWS Multiple Report Stored Procedure SQL Injections

Chimera Web Portal System linkcategory.php id Parameter SQL Injection - Ver2

Cisco Unified Communications Manager Multiple SQL Injections

Cybozu Garoon tid Parameter SQL Injection - Ver2

Dell SonicWALL Scrutinizer SQL Injection

Forum Livre info_user.asp user Parameter SQL Injection - Ver2

6



Fourtwosevenbb showthread.php ForumID Parameter SQL Injection - Ver2

GeoBlog viewcat.php cat Parameter SQL Injection - Ver2

GNUTurk mods.php t_id Parameter SQL Injection - Ver2

Havij Automated SQL Injection tool

HP Data Protector Multiple Products FinishedCopy SQL Injection

HP Data Protector Multiple Products GetPolicies SQL Injection

HP Data Protector Multiple Products LogClientInstallation SQL Injection

HP Data Protector Multiple Products RequestCopy SQL Injection

IBM Tivoli Provisioning Manager Express Asset.getMimeType SQL Injection

IBM Tivoli Provisioning Manager Express User.updateUserValue SQL Injection

InTouch index.php user Parameter SQL Injection - Ver2

Ipswitch WhatsUp Web Interface SQL Injection

Jive Software Openfire Jabber Server SQL Injection

Joomla! Jobline Component 'search' Parameter SQL Injection

Lighttpd Host Header mod_mysql_vhost SQL Injection

Lingxia ICE CMS media.cfm session.user_id Parameter SQL Injection - Ver2

McAfee ePolicy Orchestrator UID Multiple SQL Injection

MyPhPim calendar.php3 cal_id Parameter SQL Injection - Ver2

Nagios Core Config Manager tfPassword SQL Injection

Novell ZENworks Patch Management Multiple SQL Injection Vulnerabilities

Oracle Database DBMS_AQADM_SYS.GRANT_TYPE_ACCESS Procedure SQL Injection

Oracle Database Server CREATE_TABLES SQL Injection

Oracle Database Server DBMS_CDC_PUBLISH Multiple Procedure SQL Injection

Oracle Database Server DBMS_METADATA Package SQL Injection

Oracle Database Server LT.ROLLBACKWORKSPACE SQL Injection

Oracle Database Server MDSYS.SDO_LRS Package SQL Injection

Oracle Database Server Multiple Procedures SQL Injection

Oracle Database Server REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection

Oracle Database Server SQL Injection In Package SYS.KUPV

Oracle Database Server SYS.DBMS_METADATA_UTIL Package SQL Injection

Oracle Database Server SYS.LT.FINDRICSET Function SQL Injection

Oracle Database Server Workspace Manager Multiple SQL Injection

Oracle Database Server XDB PITRIG TRUNCATE and DROP SQL Injection

Oracle Database SUBSCRIPTION_NAME Parameter SQL Injection

Oracle Database SYS.KUPW-WORKER Package MAIN Procedure SQL Injection

Oracle Database SYS.LT.FINDRICSET SQL Injection

Oracle Database Trigger MDSYS.SDO_TOPO_DROP_FTBL SQL Injection

Oracle Warehouse Builder Stored Procedure SQL Injection

Oracle Warehouse Builder WB_OLAP_AW_REMOVE_SOLVE_ID SQL Injection

Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE Multiple SQL Injections

Pangolin Automated SQL Injection tool

7



PHPenpals profile.php personalID Parameter SQL Injection - Ver2

PHPjournaler index.php readold Parameter SQL Injection - Ver2

PollMentor pollmentorres.asp id Parameter SQL Injection - Ver2

ProFTPD Server Username Handling SQL Injection

Red Hat CloudForms Management Engine SQL Injection

Ruby on Rails Hash SQL Injection

Saphplesson id Parameter SQL Injection - Ver2

ScozBook auth.php adminname Parameter SQL Injection - Ver2

SePortal staticpages SQL Injection

SQL Servers Blind SQL Injection

SQL Servers MSSQL Vendor-specific SQL Injection

SQL Servers MySQL Vendor-specific SQL Injection

SQL Servers Oracle Vendor-specific SQL Injection

SQL Servers SQL Injection Evasion Techniques

SQL Servers SQL Injection Evasion Techniques - ver 2

SQL Servers Stack Query SQL Injection

SQL Servers Time-based SQL Injection

SQL Servers Unauthorized Commands SQL Injection

SQL Servers Unauthorized SQL Injection Command Execution

SQL Servers UNION Query-based SQL Injection

Sqlmap Automated SQL Injection tool

Sqlninja Automated SQL Injection tool

Symantec IM Manager Administrator Interface SQL injection

Symantec IM Manager IMAdminReportTrendFormRun.asp SQL Injection

Symantec IM Manager IMAdminScheduleReport.asp SQL Injection

Symantec IM Manager LoggedInUsers.lgx Definition File Multiple SQL Injections

Symantec IM Manager LoggedInUsers.lgx Definition File SQL Injections

Symantec IM Manager rdpageimlogic.aspx Multiple SQL Injections

Symantec Web Gateway blocked.php Blind SQL Injection

Symantec Web Gateway blocked.php Blind SQL Injection - Ver2

Symantec Web Gateway ldap_latest.php Blind SQL Injection - Ver2

TheWebForum login.php username Parameter SQL Injection - Ver2

Trend Micro Control Manager ad hoc query Module SQL Injection

vBulletin Nodeid Parameter SQL Injection

VEGO Web Forum index.php theme_id Parameter SQL Injection - Ver2

VEGO Web Forum login.php username Parameter SQL Injection - Ver2

Venom Board post.php3 topic_id Parameter SQL Injection - Ver2

Wordcircle index.php password Parameter SQL Injection - Ver2

WordPress Plugin AdRotate SQL Injection

Xerox DocuShare ResultBackgroundJobMultiple SQL Injection

Zabbix Multiple SQL Injections Information Disclosure

8



CISCO IDS

5381 "VPASP SQL injection"

5480 "phpBB SQL injection"

5481 "VPASP SQL injection"

5483 "Cyberstrong eShop SQL Injection"

5803.0 Sygate Login Servlet SQL Injection

ActiveCampaign 1-2-All Control Panel Username SQL Injection Vulnerability

Adaptcms Config.Php Question Parameter SQL Injection Vulnerability

BlackNova Traders News.php SQL Injection Vulnerability

Boonex Dolphin Categories.php SQL Injection

Cinfores SQL injection Vulnerability

Cisco Call Manager SQL Injection

Cisco Network Admission Control Manager SQL Injection

ClipShare Gid Parameter SQL Injection

ClipShare Ugroup_videos.php SQL Injection Vulnerability

Computer Associates Total Defense Suite UNCWS SQL Injection

Cotonti SQL Injection Vulnerability

Cyberstrong eShop SQL Injection

Datalogicco CMS SQL Injection Vulnerability

DBlog CMS SQL Injection Vulnerability

Dir2web SQL Injection Vulnerability

DotNetNuke SQL Injection

EasyWebScripts EBay Clone Script Gallery.php Script SQL Injection

EasyWebScripts EBay Clone Script Product_desc.php Script SQL Injection

EasyWebScripts EBay Clone Script Showcategory.php Script SQL Injection

Elite Bulletin Board Groups.php SQL Injection

Elite Bulletin Board Index.php SQL Injection

Elite Bulletin Board Login.php SQL Injection Vulnerability

Elite Bulletin Board Register.php SQL Injection Vulnerability

Generic SQL Injection

GNUTurk mods.php t_id Parameter SQL Injection

HP Data Protector RequestCopy SQL Injection

HTTP Alibaba Clone SQL Injection

HTTP Free Hosting Manager viewaccount.php SQL Injection Vulnerability

IBM Rational ClearQuest Username Parameter SQL Injection

iisPROTECT Admin SQL Injection

IMP SQL Injection

9



Integrated CMS SQL Injection Vulnerability

inTouch index.php user Parameter SQL Injection

Joomla VirtueMart Component SQL Injection

Kwok SQL Injection Vulnerability

Lizamoon SQL Injection

Lizard Cart CMS id Parameter SQL Injection Vulnerability

MLM Auction SQL Injection Vulnerability

MLM Script Productview.Php SQL Injection

Monkeycms SQL Injection Vulnerability

Musicbox genre_albums.php id Parameter SQL Injection

Nagios XI SQL Injection

NConf Delete Attr Script SQL Injection Vulnerability

NConf Write2DB Script SQL Injection Vulnerability

Oracle Database Server DBMS_CDC_PUBLISH SQL Injection

Oracle Database Workspace Manager SQL Injection

OrangeHRM ViewCustomers SQL Injection

OrangeHRM ViewPayGrades SQL Injection Vulneraibility

OrangeHRM ViewSystemUsers SQL Injection

Ovidentia Item Parameter SQL Injection

Palms SQL Injection Vulnerability

Parallel Plesk Panel Remote SQL Injection

Parallels Plesk Panel Remote SQL Injection

PHP Address Book Admin Index SQL Injection

PHP Address Book Edit User Save SQL Injection

PHP Address Book Edit User SQL Injection

PHP Address Book Link Tick SQL Injection

PHP Address Book Password Reset Save SQL Injection

PHP Address Book Reset Password SQL Injection

PHP Address Book Username SQL Injection

PHP Address Traffic SQL Injection

PHP Labs Top Auction SQL Injection Vulnerability

PHP-Fusion Bbcodes.php Script SQL Injection Vulnerability

PHP-Fusion Messages.php SQL Injection

PHP-Fusion News.php SQL Injection

PHP-Fusion Postedit.php Script SQL Injection Vulnerability

PHP-Fusion Postnewthread.php Script SQL Injection Vulnerability

phpBB SQL injection

Phpfox SQL Injection Vulnerability

PhpMyRecipes Viewrecipe.php SQL Injection

PhpVibe blind SQL injection vulnerability

PK-CMS SQL Injection Vulnerability

10



Plogger plog-feedback.php SQL Injection Vulnerability

Process PHP login parameter SQL Injection Vulnerability

Psychostats SQL Injection Vulnerability

Rebus List List.Php SQL Injection Vulnerability.

Request Tracker ShowPending Parameter SQL Injection Vulnerability

Rlswordpresssearch Plugin For Wordpress Register.Php SQL Injection Vulnerability

Rsfiles Component For Joomla Cid Parameter SQL Injection Vulnerability

Ruby on Rails Where Hash SQL Injection

SalesLogix SQL Injection Vulnerability

Scripts Genie Domain Trader Script Catalog.php SQL Injection

Scripts Genie Gallery Personals gallery.php SQL Injection

Scripts Genie Games Site Script Index.php SQL Injection

Scripts Genie Pet Rate Pro Index.php SQL Injection

Scripts Genie Top Sites Script Out.php SQL Injection

SHOP CMS Listproduct.asp Script SQL Injection

SHOP CMS Productdetails.asp Script SQL Injection

Snitz Forums SQL injection

SonicWALL Aventail CategoryID Parameter SQL Injection

Sygate Login Servlet SQL Injection

Symphony CMS BluePRINTs URI SQL Injection

Symphony Sort Parameter SQL Injection

SynConnect SQL Injection Vulnerability

SYS.KUPW-WORKER Package MAIN Procedure SQL Injection Attempt

Telmanik CMS Press SQL Injection

TheWebForum Login.php Username Parameter SQL Injection

Vbbux And Vbplaza SQL Injection Vulnerability

VEGO Web Forum login.php username Parameter SQL Injection

Voila CMS SQL Injection

VPASP SQL injection

Web Cookbook Currid Parameter SQL Injection

Web Cookbook Searchrecipe.Php Script SQL Injection Vulnerability

Web Cookbook Showtext.Php Script SQL Injection Vulnerability

WHMCS Group Pay Plugin SQL Injection

Wordcircle index.php password Parameter SQL Injection

WordPress Ck-processkarma.php SQL Injection Vulnerability

WordPress Easy Webinar Plugin Wid Parameter SQL Injection

WordPress G-Lock Double Opt-In Manager Plugin SQL Injection

Wordpress HD Webplayer Plugin Config.php SQL Injection

Wordpress HD Webplayer Plugin Config.php SQL Injection Vulnerability

WordPress ProPlayer Plugin Id Parameter SQL Injection

WordPress Webplayer Plugin ID Parameter SQL Injection

11



WordPress Wp-ImageZoom Theme ID Parameter SQL Injection

WordPress Wysija Newsletters Plugin SQL Injection

Xoops WebChat SQL Injection

Xpede sprc.asp SQL Injection

Zenphoto Index.php SQL Injection Vulnerability

Zyxware SQL Injection Vulnerability

IBM

osTicket ajax.php SQL Injection

xbtit index.php SQL Injection

INTRUSHIELD

BOT: SQL Injection - Danmec Bot SQL Injection Attack Detected

BOT: SQL Injection - Danmec Bot SQL Injection Attack Detected II

DBMS_METADATA Package SQL Injection

FTP: ProFTPD Server Username Handling SQL Injection

HTTP: Ipswitch WhatsUp Web Interface SQL Injection

HTTP: ActiveCampaign 1-2-All main.php username Parameter SQL Injection

HTTP: Astium VoIP PBX SQL Injection Authentication Bypass

HTTP: Blind SQL Injection - Exploit

HTTP: Blind SQL Injection - Timing

HTTP: CA Total Defense Suite UNC Management Console Operations SQL Injection Remote Code Execution

HTTP: CA Total Defense Suite UNCWS exportReport SQL Injection

HTTP: Cisco Unified Communications Manager Multiple SQL Injection

HTTP: Coppermine Blind SQL Injection

HTTP: Cybozu tid Parameter SQL Injection

HTTP: Danmec Bot SQL Injection Attacks Detected

HTTP: Firefuzzer SQL Injection Scanning I

HTTP: Firefuzzer SQL Injection Scanning II

HTTP: Firefuzzer SQL Injection Scanning III

HTTP: Firefuzzer SQL Injection Scanning IV

HTTP: FlexBB Start PHP SQL Injection Vulnerability

HTTP: Forum Livre info_user.asp user Parameter SQL Injection

HTTP: FullASPSite ASP Hosting Windows ASP SQL Injection Vulnerability

HTTP: HP Data Protector Multiple Products FinishedCopy SQL Injection

HTTP: HP Data Protector Multiple Products GetPolicies SQL Injection

HTTP: HP Data Protector Multiple Products LogClientInstallation SQL Injection

12



HTTP: HP Data Protector Multiple Products RequestCopy SQL Injection

HTTP: IBM Tivoli Provisioning Manager Express User.updateUserValue SQL Injection

HTTP: MiniMySqlat0r SQL Injection Scanning I

HTTP: Netsparker SQL Injection Scanning I

HTTP: phpBB Search.php SQL Injection

HTTP: phpBB Search.php SQL Injection (0x40219400)

HTTP: Ruby on Rails Where Hash SQL Injection

HTTP: ScozNet ScozBook AdminName Variable SQL Injection Vulnerability

HTTP: SonicWALL Aventail SSL-VPN SQL Injection Information Disclosure

HTTP: SQL Injection - Adobe RoboHelp Server SQL Injection Vulnerability

HTTP: SQL Injection - Blind Injection Exploit II

HTTP: SQL Injection - Blind Injection Exploit III

HTTP: SQL Injection - Danmec Bot SQL Injection Attack Detected

HTTP: SQL Injection - Danmec Bot SQL Injection Attack Detected II

HTTP: SQL Injection - data MySQL

HTTP: SQL Injection - data Oracle

HTTP: SQL Injection - data Oracle II

HTTP: SQL Injection - database_crawler

HTTP: SQL Injection - database_crawler II

HTTP: SQL Injection - database_crawler III

HTTP: SQL Injection - database_crawler_MSSQL

HTTP: SQL Injection - detection

HTTP: SQL Injection - detection DB2

HTTP: SQL Injection - detection II

HTTP: SQL Injection - detection MySQL

HTTP: SQL Injection - directory_traversal

HTTP: SQL Injection - evasion

HTTP: SQL Injection - evasion II

HTTP: SQL Injection - evasion III

HTTP: SQL Injection - Exploit

HTTP: SQL Injection - Exploit II

HTTP: SQL Injection - Exploit III

HTTP: SQL Injection - Exploit IV

HTTP: SQL Injection - Exploit V

HTTP: SQL Injection - extension Oracle

HTTP: SQL Injection - file_download

HTTP: SQL Injection - http_request Oracle

HTTP: SQL Injection - OSCodeExecution Oracle

HTTP: SQL Injection - package Oracle

HTTP: SQL Injection - Phorum SQL read.php3 Attack

HTTP: SQL Injection - phpBB Search.php SQL Injection

13



HTTP: SQL Injection - PrivilegeEscalation Oracle

HTTP: SQL Injection - registry_reader

HTTP: SQL Injection - system_command_execution

HTTP: SQL Injection - union Oracle

HTTP: SQL Injection - writefile MySQL

HTTP: SQL Injection Exploit

HTTP: SQL Injection Exploit II

HTTP: SQL Injection Exploit III

HTTP: SqlMap SQL Injection - Scanning I

HTTP: SqlMap SQL Injection - Scanning II

HTTP: Stored Procedure Name Detected by SQL Injection Heuristic Engine

HTTP: Symantec IM Manager Administrative Interface IMAdminReportTrendFormRun SQL Injection

HTTP: Symantec IM Manager Administrative Interface IMAdminScheduleReport.asp SQL Injection

HTTP: Symantec IM Manager Administrator Interface SQL Injection

HTTP: Symantec Web Gateway Blind SQL Injection

HTTP: TheWebForum login php SQL Injection Vulnerability

HTTP: Trend Micro Control Manager AdHocQuery Module SQL Injection

HTTP: VEGO Links Builder Login Script SQL Injection Vulnerability

HTTP: Venom Board Post PHP3 Multiple SQL Injection Vulnerability

HTTP: Wordcircle index.php password Parameter SQL Injection Vulnerability

ORACLE: CTX_DOC SQL Injection Vulnerability

ORACLE: DBMS DataPump Metadata API SQL Injection Vulnerability

ORACLE: DBMS METADATA_UTIL Package SQL Injection Vulnerability

ORACLE: DBMS_CDC_UTILITY Multiple Procedure SQL Injection Vulnerability

ORACLE: DBMS_CDC_UTILITY Multiple Procedure SQL Injection Vulnerability (0x46c03a00)

Oracle: DBMS_METADATA Package SQL Injection

ORACLE: DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC Package SQL Injection

ORACLE: DBMS_REPCAT_RPC.VALIDATE_REMOTE_RC Package SQL Injection II

ORACLE: Generic SQL Injection Detected

ORACLE: MDSYS.SDO_LRS Package SQL Injection Vulnerability

ORACLE: MDSYS.SDO_TOPO_MAP SQL Injection Vulnerability

ORACLE: Oracle Database CREATE_TABLES SQL Injection vulnerability

ORACLE: Oracle Database EXFSYS PLSQL Injection Vulnerability

ORACLE: Oracle Database LT.ROLLBACKWORKSPACE SQL Injection vulnerability

ORACLE: Oracle Database LT.ROLLBACKWORKSPACE SQL Injection Vulnerability II

ORACLE: Oracle Database Server Multiple SQL Injection Vulnerabilities

ORACLE: Oracle DBMS_AQADM_SYS Package GRANT_TYPE_ACCESS Procedure SQL Injection

Oracle: SQL Injection in package SYS.KUPW$WORKER

ORACLE: SQL Injection Vulnerability on Crafted Data Types

ORACLE: SYS KUPV Package Multiple Procedure SQL Injection Vulnerability

ORACLE: SYS KUPV Package Multiple Procedure SQL Injection Vulnerability (0x46c03b00)

14



ORACLE: SYS.DBMS_DEFER_SYS SQL Injection Vulnerability

Oracle: SYS.KUPV$FT.ATTACH_JOB Package SQL Injection

ORACLE: Workspace Manager SQL Injection Vulnerability

SYMANTEC: Symantec Altiris DS SQL Injection

NESSUS

ASP-Rider SQL Injection

aspWebAlbum SQL Injection

aspWebCalendar SQL Injection

b2Evolution title SQL Injection

BroadBoard SQL Injection

CactuShop XSS and SQL injection flaws

cfWebStore SQL injection

Comersus Login SQL injection

CoolForum XSS and SQL Injection Vulnerabilities

CubeCart SQL injection

FishCart SQL injections

IBProArcade index.php SQL Injection

INL ulog-php SQL injection

Invision Power Board Arcade SQL Injection Vulnerability

Invision Power Board Calendar SQL Injection Vulnerability:

Invision Power Board Post SQL Injection Vulnerability

Invision Power Board ssi.php SQL Injection Vulnerability

Invision Power Board st Parameter SQL Injection Vulnerability

Invision Power Top Site List SQL Injection:

Kayako eSupport SQL Injection and Cross-Site-Scripting

mod_survey ENV tags SQL injection

MyDMS SQL Injection and Directory Traversal

Nucleus CMS SQL Injection

Password Protect SQL Injection

PhotoPost showgallery.php SQL Injection

PHPCatalog SQL injection:

PHPMyWebHosting SQL Injection Vulnerability

PHPNews sendtofriend.php SQL injection

PlaySMS Cookie SQL Injection

Psychoblogger SQL Injection:

Serendipity SQL Injections

Snitz Forums 2000 SQL injection

SpiderSales Shopping Cart SQL injection

SQL injection in Antiboard

SQL injection in JPortal:

15



SQL injection in Photopost PHP Pro

SQL injection in phpBB (2):

SQL injection in phpBB (3)

SQL injection in ReviewPost PHP Pro:

SQL injection in XTreme ASP Photo Gallery

TorrentTrader SQL Injection

Tutos SQL injection and Cross Site Scripting Issues

vbulletin calendar SQL Injection Vulnerability

vBulletin SQL injection Issue

VP-ASP shopsearch SQL injection:

VP-ASP SQL Injection

NETSCREEN

HTTP: osCommerce products_id Parameter SQL Injection

PALO ALTO

ActiveCampaign 1-2-All Admin Panel Username Parameter SQL Injection

Adobe RoboHelp Server SQL Injection Vulnerability

Benders Calendar index.php this_day Parameter SQL Injection

Best Software SalesLogix SQL Injection Vulnerability

CA Total Defense UNCWS Web Service deleteReportFilter SQL Injection Vulnerability

CA Total Defense UNCWS Web Service exportReport SQL Injection Vulnerability

CA Total Defense UNCWS Web Service UnAssignAdminUsers SQL Injection Vulnerability

Coppermine Photo Gallery SQL Injection Vulnerability

Cyclope Employee Surveillance Solution v6 SQL Injection Vulnerability

DBMS_METADATA Package GET_GRANTED_XML Funtion SQL Injection

DBMS_METADATA Package GET_XML Funtion SQL Injection

DBMS_METADATA Package Open Function SQL Injection

Dell SonicWALL Plixer Scrutinizer SQL Injection Vulnerability

FlexBB index.php flexbb_lang_id Cookie SQL Injection

FullASPSite ASP Hosting Windows.ASP SQL Injection

HP Data Protector Multiple Products FinishedCopy SQL Injection Vulnerability

HP Data Protector Multiple Products GetPolicies SQL Injection Vulnerability

HP Data Protector Multiple Products LogClientInstallation SQL Injection Vulnerability

HTTP SQL Injection Attempt

IBM Rational ClearQuest Username Parameter SQL Injection Vulnerability

IBM Tivoli Provisioning Manager register.do SQL Injection Vulnerability

Ipswitch WhatsUp Professional LOGIN.ASP SQL Injection Vulnerability

16



Lyris ListManager Read Message Attachment SQL Injection Vulnerability

Malicious Websites Compromised by Massive SQL Injection Attacking

Microsoft BizTalk Server DTA Interface SQL Injection Vulnerability

Microsoft SQL Server 2000 sp_MScopyscript SQL Injection Vulnerability

Oracle Database CTX_DOC Package Markup Procedure SQL Injection Vulnerability

Oracle Database DBMS_AQADM_SYS Package SQL Injection

Oracle Database DBMS_DEFER_SYS Package SQL Injection Vulnerability

Oracle Database KUPM-MCP Package MAIN Procedure SQL Injection

Oracle Database Server CompressWorkspaceTree SQL Injection

Oracle Database Server CREATE_TABLES SQL Injection Vulnerability

Oracle Database Server Rollbackworkpsace SQL Injection

Oracle Database Server ROLLBACKWORKSPACE SQL Injection

Oracle Database Server SYS.KUPV Package SQL Injection

Oracle Database Server SYS.LT.FINDRICSET SQL Injection

Oracle Database Server XDB PITRIG TRUNCATE and DROP Procedures SQL Injection

Oracle Database SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE SQL Injection Vulnerability

Oracle Database VALIDATE_REMOTE_RC SQL Injection

Oracle DBMS_CDC_PUBLISH Package SQL Injection Vulnerability

Oracle DBMS_METADATA Package SQL Injection

Oracle Retail Central Office invoiceAdvSearchDone.do SQL Injection Vulnerability

Oracle SYS.DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE SQL Injection Vulnerability

Oracle SYS.LT.COMPRESSWORKSPACETREE SQL Injection Vulnerability

Oracle SYS.LT.MERGEWORKSPACE SQL Injection Exploit

Oracle SYS.LT.MERGEWORKSPACE SQL Injection Vulnerability

Oracle SYS.LT.REMOVEWORKSPACE SQL Injection Exploit

Oracle SYS.LT.REMOVEWORKSPACE SQL Injection Vulnerability

Oracle Warehouse Builder WB_OLAP_AW_REMOVE_SOLVE_ID SQL Injection Vulnerability

Oracle Warehouse Builder WB_RT_AUDIT_SHADOW_TABLE SQL Injection Vulnerability

Parallels Plesk Panel SQL Injection Vulnerability

Philboard philboard_forum.asp forumid Parameter SQL Injection

PHP Nuke HTTP Referer Header SQL Injection Vulnerability

phpnuke Search Module Query variable SQL Injection

PollMentor pollmentorres.asp id Parameter SQL Injection

ProFTPD Server Username Handling SQL Injection Vulnerability

Ruby on Rails Action Parameter Parsing SQL Injection Vulnerability

ScozBook auth.php adminname Parameter SQL Injection

Snitz Forums pop_profile id Parameter SQL Injection

Solarwinds Storage Manager SQL Injection Vulnerability

Symantec IM Manager Multiple SQL Injection Vulnerabilities

Symantec Sygate Management Server SMS Authentication Servlet SQL Injection

Symantec Web Gateway blocked.php SQL Injection Vulnerability

17



Trend Micro Control Manager id Parameter SQL injection Vulnerability

Wordpress FormCraft Plugin SQL Injection Vulnerability

SNORT

DELETED SERVER-WEBAPP Symantec Web Gateway blocked.php id parameter sql injection attempt

DELETED SPECIFIC-THREATS Adobe RoboHelp r0 SQL injection attempt

DELETED SQL Jive Software Openfire Jabber Server SQL injection attempt

INDICATOR-OBFUSCATION encoded union select function in POST - possible sql injection attempt

INDICATOR-OBFUSCATION encoded waitfor delay function in POST - possible sql injection attempt

INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation

INDICATOR-OBFUSCATION large number of calls to char function - possible sql injection obfuscation

INDICATOR-OBFUSCATION large number of calls to chr function - possible sql injection obfuscation

INDICATOR-OBFUSCATION large number of calls to concat function - possible sql injection obfuscation

INDICATOR-OBFUSCATION oversized cast statement - possible sql injection obfuscation

INDICATOR-OBFUSCATION oversized convert statement - possible sql injection obfuscation

INDICATOR-OBFUSCATION select concat statement - possible sql injection obfuscation

INDICATOR-SCAN sqlmap SQL injection scan attempt

MALWARE-CNC Lizamoon sql injection campaign phone-home

MALWARE-CNC Lizamoon sql injection campaign ur.php response detected

MALWARE-CNC Win.Trojan.Dexter CasinoLoader SQL injection

MALWARE-TOOLS Havij advanced SQL injection tool user-agent string

ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt

PROTOCOL-SCADA Sinapsi SQL injection attempt

SERVER-ORACLE DBMS_ASSERT.simple_sql_name double quote SQL injection attempt

SERVER-ORACLE DBMS_EXPORT_EXTENSION SQL injection attempt

SERVER-ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt

SERVER-ORACLE SYS.KUPW-WORKER sql injection attempt

SERVER-ORACLE Warehouse builder WE_OLAP_AW_REMOVE_SOLVE_ID SQL Injection attempt

SERVER-ORACLE Warehouse builder WE_OLAP_AW_SET_SOLVE_ID SQL Injection attempt

SERVER-OTHER CA Total Defense Suite UNCWS deleteReportFilter SQL injection attempt

SERVER-OTHER CA Total Defense Suite UNCWS DeleteReports stored procedure SQL injection

SERVER-OTHER CA Total Defense Suite UNCWS deleteReportTemplate SQL injection attempt

SERVER-OTHER CA Total Defense Suite UNCWS reGenerateReports/DeleteReports SQL injection attempt

SERVER-OTHER CA Total Defense Suite UNCWS ReportFilterID/reportTemplateID SQL injection attempt

SERVER-OTHER Nagios core config manager tfpassword sql injection attempt

SERVER-OTHER Ruby on Rails authlogic session cookie SQL injection attempt

SERVER-WEBAPP ADNForum SQL injection in index.php fid attempt

SERVER-WEBAPP Advantech WebAccess ChartThemeConfig SQL injection attempt

SERVER-WEBAPP ASPMForum SQL injection attempt

18



SERVER-WEBAPP Benders Calendar SQL injection in index.php this_day attempt

SERVER-WEBAPP Bit 5 Blog SQL injection in processlogin.php username via

SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure POST SQL injection attempt

SERVER-WEBAPP CA Total Defense Suite UNCWS UnassignFunctionalRoles stored procedure SQL injection attempt

SERVER-WEBAPP cacti graph_image SQL injection attempt

SERVER-WEBAPP Click N Print Coupons coupon_detail.asp SQL injection attempt

SERVER-WEBAPP Demarc SQL injection attempt

SERVER-WEBAPP Devellion CubeCart searchStr parameter SQL injection

SERVER-WEBAPP DuWare DuClassmate default.asp iCity sql injection attempt

SERVER-WEBAPP F5 Networks FirePass my.activation.php3 state parameter sql injection attempt

SERVER-WEBAPP geoBlog SQL injection in viewcat.php cat parameter attempt

SERVER-WEBAPP HP Data Protector LogClientInstallation SQL Injection attempt

SERVER-WEBAPP HP LoadRunner Virtual User Generator EmulationAdmin getReport SQL injection attempt

SERVER-WEBAPP IBM Tivoli Provisioning Manager Express asset.getmimetype sql injection attempt

SERVER-WEBAPP IBM Tivoli Provisioning Manager express user.updateUserValue sql injection attempt

SERVER-WEBAPP inTouch SQL injection in index.php user attempt

SERVER-WEBAPP Joomla weblinks-categories SQL injection attempt

SERVER-WEBAPP Kloxo webcommand.php SQL injection attempt

SERVER-WEBAPP Lizard Cart CMS SQL injection in detail.php id attempt

SERVER-WEBAPP Lizard Cart CMS SQL injection in pages.php id attempt

SERVER-WEBAPP McAfee ePO DisplayMSAPropsDetail.do sql injection attempt

SERVER-WEBAPP McAfee ePO showRegisteredTypeDetails.do sql injection attempt

SERVER-WEBAPP Neocrome Land Down Under profile.inc.php SQL injection attempt

SERVER-WEBAPP Novell ZENworks patch management SQL injection attempt

SERVER-WEBAPP Nucleus CMS action.php itemid SQL injection

SERVER-WEBAPP Outfront Spooky Login a_register.asp SQL injection attempt

SERVER-WEBAPP Outfront Spooky Login register.asp SQL injection attempt

SERVER-WEBAPP PHP-Nuke index.php SQL injection attempt

SERVER-WEBAPP phpBB mod shoutbox sql injection attempt

SERVER-WEBAPP phpBB mod tag board sql injection attempt

SERVER-WEBAPP Ruby on Rails SQL injection attempt

SERVER-WEBAPP ScozBook SQL injection in auth.php adminname attempt

SERVER-WEBAPP SePortal poll.php SQL injection attempt

SERVER-WEBAPP SePortal print.php SQL injection attempt

SERVER-WEBAPP SePortal staticpages.php SQL injection attempt

SERVER-WEBAPP Symantec IM Manager administrator interface SQL injection attempt

SERVER-WEBAPP Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt

SERVER-WEBAPP Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt

SERVER-WEBAPP Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt

SERVER-WEBAPP Symantec Sygate Policy Manager SQL injection

SERVER-WEBAPP TankLogger SQL injection in showInfo.php livestock_id attempt

19



SERVER-WEBAPP TheWebForum SQL injection in login.php username attempt

SERVER-WEBAPP VEGO Web Forum SQL injection in login.php username attempt

SERVER-WEBAPP Venom Board SQL injection attempt

SERVER-WEBAPP Visuplay CMS news_article.php unspecified SQL injection attempt

SERVER-WEBAPP WHMCS SQL injection attempt

SERVER-WEBAPP Wordcircle SQL injection attempt

SERVER-WEBAPP Zabbix session id disclosure via sql injection attempt

SQL 1 = 0 - possible sql injection attempt

SQL 1 = 1 - possible sql injection attempt

SQL char and sysobjects - possible sql injection recon attempt

SQL declare varchar - possible SQL injection attempt

SQL IBM System Storage DS storage manager profiler sql injection attempt

SQL Jive Software Openfire Jabber Server sql injection attempt

SQL large number of calls to ascii function - possible sql injection obfuscation

SQL large number of calls to concat function - possible sql injection obfuscation

SQL McAfee ePolicy Orchestrator timing based SQL injection attempt

SQL or kic = kic - known SQL injection routine

SQL oversized cast statement - possible sql injection obfuscation

SQL oversized convert statement - possible sql injection obfuscation

SQL parameter ending in comment characters - possible sql injection attempt - POST

SQL parameter ending in encoded comment characters - possible sql injection attempt - POST

SQL PHPSESSID SQL injection attempt

SQL Ruby on rails SQL injection attempt

SQL union select - possible sql injection attempt - POST parameter

SQL use of concat function with select - likely SQL injection

SQL waitfor delay function - possible SQL injection attempt

SQL waitfor delay function in POST - possible sql injection attempt

WEB-MISC Adobe RoboHelp r0 SQL injection attempt

WEB-MISC Demarc SQL injection attempt

WEB-MISC Symantec Sygate Policy Manager SQL injection

WEB-PHP cacti graph_image SQL injection attempt

WEB-PHP phpBB mod shoutbox sql injection attempt

WEB-PHP phpBB mod tag board sql injection attempt

SOURCEFIRE

FTP ProFTPD username sql injection attempt

HTTP: SQL Injection Exploit (0x40216400)

ORACLE DBMS_EXPORT_EXTENSION SQL injection attempt

ORACLE DBMS_METADATA Package SQL Injection attempt

20



ORACLE Oracle Database DBMS_AQADM_SYS package GRANT_TYPE_ACCESS procedure SQL injection attempt

ORACLE Oracle Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt

ORACLE Oracle database server CompressWorkspaceTree SQL injection attempt

ORACLE Oracle database server CREATE_TABLES SQL injection attempt

ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt

ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt

ORACLE Oracle database server MergeWorkspace SQL injection attempt

ORACLE Oracle database server RemoveWorkspace SQL injection attempt

ORACLE Oracle Database Server RollbackWorkspace SQL injection attempt

ORACLE Oracle database SYS.LT.FINDRICSET SQL injection attempt

ORACLE SYS.KUPW-WORKER sql injection attempt

PROTOCOL-FTP ProFTPD username sql injection attempt

SERVER-ORACLE Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL injection attempt

SERVER-ORACLE DBMS_METADATA Package SQL Injection attempt

SERVER-ORACLE Oracle Database DBMS_AQADM_SYS package GRANT_TYPE_ACCESS procedure SQL injection attempt

SERVER-ORACLE Oracle database server CompressWorkspaceTree SQL injection attempt

SERVER-ORACLE Oracle database server CREATE_TABLES SQL injection attempt

SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.ALTER_CHANGE_SOURCE procedure SQL injection attempt

SERVER-ORACLE Oracle Database Server DBMS_CDC_PUBLISH.DROP_CHANGE_SOURCE procedure SQL injection attempt

SERVER-ORACLE Oracle database server MergeWorkspace SQL injection attempt

SERVER-ORACLE Oracle database server RemoveWorkspace SQL injection attempt

SERVER-ORACLE Oracle Database Server RollbackWorkspace SQL injection attempt

SERVER-ORACLE Oracle database server Workspace Manager multiple SQL injection attempt

SERVER-ORACLE Oracle database SYS.LT.FINDRICSET SQL injection attempt

SERVER-OTHER HP DPNECentral RequestCopy type SQL injection attempt

SERVER-WEBAPP Adobe RoboHelp r0 SQL injection attempt

SERVER-WEBAPP Adobe RoboHelp rx SQL injection attempt

SERVER-WEBAPP CA Total Defense management.asmx sql injection attempt

SERVER-WEBAPP Cisco Unified Communications Manager sql injection attempt

SERVER-WEBAPP Gazi Download Portal down_indir.asp SQL injection attempt

SERVER-WEBAPP HP Data Protector FinishedCopy SQL Injection attempt

SERVER-WEBAPP HP Data Protector GetPolicies SQL Injection attempt

SERVER-WEBAPP Oracle Fusion Middleware WebCenter selectedLocale parameter sql injection attempt

SERVER-WEBAPP Symantec Web Gateway blocked.php blind sql injection attempt

SPECIFIC-THREATS Adobe RoboHelp r0 SQL injection attempt

SPECIFIC-THREATS Oracle database server Workspace Manager multiple SQL injection attempt

SQL large number of calls to char function - possible sql injection obfuscation

SQL union select - possible sql injection attempt - GET parameter

SQL url ending in comment characters - possible sql injection attempt

WEB-CGI Nucleus CMS action.php itemid SQL injection

WEB-CGI Symantec IM Manager LoggedInUsers.lgx definition file multiple SQL injections attempt

21



WEB-MISC Adobe RoboHelp rx SQL injection attempt

WEB-MISC Novell ZENworks patch management SQL injection attempt

WEB-MISC Symantec IM manager IMAdminReportTrendFormRun.asp sql injection attempt

WEB-MISC Symantec IM Manager IMAdminScheduleReport.asp SQL injection attempt

TIPPING POINT

10534: HTTP: Symantec IM Manager Administrative Interface SQL Injection Vulnerability (ZDI-10-225)

10607: HTTP: Symantec IM Manager sGetDefinition SQL Injection Vulnerability (ZDI-10-226)

10889: HTTP: Cisco Unified Call Manager SQL Injection Vulnerability (ZDI-11-143)

10895: HTTP: WordPress Plugin Comment Rating SQL Injection Vulnerability

11063: HTTP: Computer Associates Total Defense Suite SQL Injection Vulnerability (ZDI-11-134)







11162: HTTP: SQL Injection Attempt with Empty Quotes

11171: HTTP: SQL Injection (UNION)

11365: HTTP: Symantec Web Gateway SQL Injection Vulnerability (ZDI-11-233)

11447: HTTP: Computer Associates Total Defense Suite SQL Injection Vulnerability

11493: HTTP: Havij SQL Injection Tool Access

11632: Oracle: Oracle SQL Injection Near Vulnerable Package



11812: HTTP: HP Data Protector Notebook Extension Policy Server SQL Injection (ZDI-11-321)

11812: HTTP: HP Data Protector Notebook Extension Policy Server SQL Injection (ZDI-11-321-327)

11897: Oracle: SQL Function SQL Injection


11938: HTTP: SQL Injection (Boolean Identity)

12019: HTTP: Joomla XBall SQL Injection Vulnerability



12143: HTTP: Parallels Plesk Small Business Panel SQL Injection Vulnerability

12324: HTTP: Symantec IM Manager Administrative Interface SQL Injection Vulnerability

12497: TCP: HP Operations Orchestration RSScheduler Service SQL Injection Vulnerability (ZDI-12-172)

12523: HTTP: SQL Injection Percent Encoded (Boolean Identity)

12529: HTTP: SQL Injection Unsanitized Characters in Request

12580: HTTP: SQL Injection (Cookie Header)

12598: HTTP: IBM Tivoli Provisioning Manager SQL Injection Vulnerability (ZDI-12-040)

12638: HTTP:Trend Micro Control Manager SQL Injection

22



1897: HTTP: Snitz Forum SQL Injection

1922 HTTP: xp_cmdshell SQL Injection

1922: HTTP: xp_cmdshell SQL Injection

2033 HTTP: iisProtect SQL Injection / Cmd Exec

2033: HTTP: iisProtect SQL Injection / Cmd Exec

2128 HTTP: Xpressions.com authenticate.asp SQL Injection

2128: HTTP: Xpressions.com authenticate.asp SQL Injection

2131 HTTP: Xpressions.com login.asp SQL Injection

2131: HTTP: Xpressions.com login.asp SQL Injection

2229 HTTP: CyberStrong eShop SQL Injection

2229: HTTP: CyberStrong eShop SQL Injection

2236 HTTP: EarlyImpact ProductCart Login.asp SQL Injection

2236: HTTP: EarlyImpact ProductCart Login.asp SQL Injection

2240 HTTP: EarlyImpact ProductCart Custvb.asp SQL Injection

2240: HTTP: EarlyImpact ProductCart Custvb.asp SQL Injection

2244 HTTP: Virtual Programming VP-ASP Shopping Cart SQL Injection

2244: HTTP: Virtual Programming VP-ASP Shopping Cart SQL Injection

2258 HTTP: eStore SQL Injection

2258: HTTP: eStore login.php SQL Injection

2450 HTTP: DeskPro faq.php SQL Injection

2450: HTTP: DeskPro faq.php SQL Injection

2451 HTTP: DeskPro view.php SQL Injection

2451: HTTP: DeskPro view.php SQL Injection

2453 HTTP: DeskPro login.php SQL Injection

2453: HTTP: DeskPro login.php SQL Injection

2525: HTTP: phpBB search.php SQL Injection

2526: HTTP: VP-ASP shopdisplayproducts.asp SQL Injection

2527: HTTP: VP-ASP shopsearch.asp SQL Injection


3624: HTTP: SQL Injection (SELECT)

3625: HTTP: SQL Injection (OPENROWSET)

3626: HTTP: SQL Injection (WAITFOR)


3634: HTTP: Claroline Multiple SQL Injection




3801: HTTP: SQL Injection (EXECUTE)

3802: HTTP: SQL Injection (DROP/CREATE)

3803: HTTP: SQL Injection (INSERT)

3804: HTTP: SQL Injection (UPDATE)

23



3805: HTTP: SQL Injection (ALTER)

3806: HTTP: SQL Injection (DELETE)

3807: HTTP: SQL Injection Evasion Inline SQL Comment

3808: HTTP: SQL Injection Variable Declaration Evasion

3809: HTTP: SQL Injection Evasion SQL Comment Terminator

3810: HTTP: SQL Injection Evasion (System Variables)

3936: HTTP: SQL Injection Evasion (Oracle PL/SQL Block)

3940: HTTP: Oracle SQL Injection using Vulnerable Functions

3986: HTTP: SQL Injection (Oracle GRANT TO)

4001: HTTP: SQL Injection MySQL Show Function

4010: HTTP: Lyris Attachment SQL Injection

4098: Oracle: AUTH_ALTER_SESSION Sql Injection Attack

4115: HTTP: Oracle SQL Injection using Vulnerable Functions

4352: HTTP: Oracle SQL Injection Using Vulnerable Functions



4559: HTTP: Coppermine Photo Gallery SQL Injection

4636: HTTP: Symantec Sygate Management Server SQL Injection

4776: HTTP: Mambo Cookie SQL Injection

4804: HTTP: SQL Injection (Cookie Header)


4921: HTTP: Oracle E-Business Suite SQL Injection Vulnerability (ZDI-08-088)

4925 BRIGHTSTOR: Computer Associates Hierarchical Storage Manager SQL Injection (TPTI-07-017)

4925: BRIGHTSTOR: Computer Associates Hierarchical Storage Manager SQL Injection (TPTI-07-017)

4925: BRIGHTSTOR: Computer Associates Hierarchical Storage Manager SQL Injection (TPTI-07-17)

5063: HTTP: Cacti SQL injection Vulnerability

5064: HTTP: PAfileDB SQL Injection Vulnerability


5092: HTTP: Oracle E-Business Suite SQL Injection Vulnerability (ZDI-07-058)

5092: HTTP: Oracle E-Business Suite SQL Injection Vulnerability (ZDI-CAN-159)

5176: HTTP: SQL Injection Evasion (String Functions)

5178: Oracle: Oracle SQL Injection Using Vulnerable Functions




5296: HTTP: Wordpress XMLRPC SQL Injection

5302: HTTP: PunBB SQL Injection

5314: HTTP: Phorum SQL Injection Attack




24



5389: HTTP: SQL Injection Evasion (MySQL Functions)

5390: HTTP: SQL Injection Evasion Inline SQL Comment

5413: HTTP: WordPress SQL Injection Vulnerability

5421: HTTP: Wordpress XMLRPC SQL Injection

5450 HTTP: Advanced Guestbook SQL Injection Vulnerability

5450: HTTP: Advanced Guestbook SQL Injection Vulnerability

5468 HTTP: Buddy Zone SQL Injection Vulnerability

5468: HTTP: Buddy Zone SQL Injection Vulnerability

5528 HTTP: Firestorm Joomla com_gmaps SQL Injection

5528: HTTP: Firestorm Joomla com_gmaps SQL Injection

5572 Oracle: Oracle SQL Injection Using Vulnerable Functions


5591 HTTP: Oracle SQL Injection Using Vulnerable Functions


5617 HTTP: Plesk Cookie SQL Injection

5617: HTTP: Plesk Cookie SQL Injection

5618 HTTP: Plesk Cookie SQL Injection

5618: HTTP: Plesk Cookie SQL Injection


5670: HTTP: SQL Injection (SELECT)

5671: HTTP: SQL Injection (OPENROWSET)

5672: HTTP: SQL Injection (WAITFOR)




5719: HTTP: SQL Injection (CAST)


5773: HTTP: SQL Injection (EXECUTE)

5774: HTTP: SQL Injection (DROP/CREATE)

5775: HTTP: SQL Injection (INSERT)

5776: HTTP: SQL Injection (UPDATE)

5777: HTTP: SQL Injection (ALTER)

5778: HTTP: SQL Injection (DELETE)

5836 HTTP: PAfileDB SQL Injection Vulnerability

5836: HTTP: PAfileDB SQL Injection Vulnerability

5880: HTTP: PHP Real Estate SQL Injection Vulnerability

5935: ALTIRIS: Symantec Altiris Deployment Solution SQL Injection Vulnerability (ZDI-08-024)

6055: HTTP: SQL Injection (Content-Type Header)



6103: HTTP: SQL Injection (RESTORE)

25



6115: HTTP: SQL Injection (CONVERT)


6127: HTTP: SQL Injection Worm Payload Download Request

6133: HTTP: SQL Injection Evasion

6134: HTTP: SQL Injection Variable Declaration Evasion

6135: HTTP: SQL Injection Evasion

6139: HTTP: 68 Classifieds SQL Injection Vulnerability

6226: HTTP: SQL Injection Tool with Asprox Botnet


6236: HTTP: SQL Injection (RESTORE)



6312: HTTP: Joomla Token SQL Injection Vulnerability

6321: HTTP: SQL Injection (CONVERT)

6388: HTTP: SQL Injection (Benchmark)

6392: HTTP: SQL Injection (Benchmark)


6549: HTTP: Joomla Components SQL Injection Vulnerability


6639: HTTP: SQL Injection Asprox Botnet Variant

6641: HTTP: Joomla Live Chat SQL Injection Vulnerability



6769: HTTP: SQL Injection MS-SQL Stored Procedure

8026: HTTP: Novell ZENworks SQL Injection Vulnerability (ZDI-10-003)



8372: HTTP: SQL Injection Select Into Outfile

8373: HTTP: SQL Injection Select Load_file

8799: HTTP: Jive Software Openfire Jabber Server SQL Injection

8834: Oracle: Multiple SQL Function SQL Injection



9072: ORACLE: Oracle DBMS_Assert SQL Injection

9074: ORACLE: Oracle Kupw-Worker SQL Injection

9166: HTTP: Ipswitch WhatsUp Web Interface SQL Injection



9418: HTTP: Zen Cart SQL Injection Vulnerability


9563: HTTP: Oracle Real User Experience Insight rsynclogdird SQL Injection Vulnerability (ZDI-11-016)

26



9696: HTTP: Symantec IM Manager SQL Injection Vulnerability (ZDI-10-220, ZDI-10-221, ZDI-10-222,223,224)

9740: HTTP: Joomla Multi-Venue RestaurantManager SQL Injection Vulnerability





9785: HTTP: SQL Injection (Referer Header)

9924: HTTP: Multiple Vendors SQL Injection Vulnerability

HTTP: Phorum SQL Injection Attack

HTTP: WordPress SQL Injection Vulnerability

HTTP: Wordpress XMLRPC SQL Injection

ADDITIONAL RECOMMENDATIONS

• Implement strong server side validation for all user inputs including cookie values

• Escape special characters in user inputs

• Avoid using EXEC command in SQL server

• Never use sa account to connect database from applications

• Configure generic error page for applications and do not display error messages to users

• Trap all possible exceptions and use global exception handler

REFERENCES

https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

http://www.codeproject.com/Tips/706692/Preventing-SQL-Injection-Attacks

CONTRIBUTORS

Nick Bradley, Threat Research Practice Lead

DISCLAIMER

This document is intended to inform clients of IBM Security Services of a threat or discovery by IBM Managed

Security Services and measures undertaken or suggested by IBM Security Service Teams to remediate the threat.

The data contained herein describing tactics, techniques and procedures is classified Confidential for the

consumption of IBM MSS clients only.

sql injection finalv1 - virtual security operations center · 2014-08-25 · popular types of sql...

Documents