SID 1:13990

Report a false positive

Rule Category

SQL -- Snort has detected traffic associated with SQL injection or the presence of other vulnerabilities against SQL like servers.

Alert Message

SQL union select - possible sql injection attempt - GET parameter

Rule Explanation

This event is generated when SQL injection exploitation attempt Impact: Misc Attack Details: Ease of Attack:

What To Look For

This event is generated when SQL injection exploitation attempt.

Known Usage

No public information

False Positives

No known false positives

Contributors

Cisco Talos Intelligence Group

Rule Groups

No rule groups

CVE

CVE-2005-3004 CVE-2006-0065 CVE-2006-0154 CVE-2006-2835 CVE-2006-6268 CVE-2007-1021 CVE-2007-2824 CVE-2011-1667

Additional Links

osvdb.org/show/osvdb/19611
osvdb.org/show/osvdb/22275
osvdb.org/show/osvdb/31042
osvdb.org/show/osvdb/31953
osvdb.org/show/osvdb/35130
osvdb.org/show/osvdb/38056
osvdb.org/show/osvdb/71463

Rule Vulnerability

SQL Injection

SQL Injection attacks target PHP and ASP applications primarily and involve SQL queries or commands added to unverified user input. A successful attack can lead to data leaks (entirely exposed data), database modification (data deletion or tampering), administrative permissions misuse, and sometimes direct commands passed to the operating system.

CVE Additional Information

This product uses data from the NVD API but is not endorsed or certified by the NVD.
CVE-2005-3004
 Loading description
CVE-2006-0065
 Loading description
CVE-2006-0154
 Loading description
CVE-2006-2835
 Loading description
CVE-2006-6268
 Loading description
CVE-2007-1021
 Loading description
CVE-2007-2824
 Loading description
CVE-2011-1667
 Loading description

MITRE ATT&CK Framework

Tactic: Collection

Technique: AppleScript

For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org