Forum Discussion
NoamRotter
Altostratus
AltostratusHow to block Time-Based Blind SQL Injection Attacks
I have a web app and a PT was successful to perform this attack:
https://mywebsite/Login.aspx?test=;waitfor delay '0:0:__TIME__'—
The VS has ASM profile with server technologies:
- IIS
- MSSQL
- ASP.NET
- Microsoft Windows
The policy is in blocking mode
I don't want to remove "test" parameter from the parameters list
In the ASM policy I see Signature ID: 200002548
"SQL-INJ waitfor delay (URI)" in Block = YES and Enable = YES
I don't understand why the ASM is not blocking this attack?
How do I block this kind of attack using attack signatures?
NoamRotterI have noticed that Parameter * was in staging
and URL * was in staging.
Enforcing them made the attack to be blocked.