Forum Discussion

Lazar_92526's avatar
Lazar_92526
Icon for Nimbostratus rankNimbostratus
May 22, 2013

SQL-INJ "drop Schema" reporting in ASM 11.3

All,     In our 11.3 ASM, we triped an attack signiture detected for the following. Looking to understand why this registered? I see schema included as part of the parameter value, but is tha...
app sec
BIG-IP Access Policy Manager (APM)
security
Lazar_92526's avatar
Lazar_92526
Icon for Nimbostratus rankNimbostratus
May 23, 2013

Chris,

 

 

This is coming from the default signature (see below) and not a customized one. Do the default sigs just trip on keywords?

 

 

 

Signature Properties

 

Name SQL-INJ "DROP SCHEMA" (Parameter)

 

ID 200002283

 

Signature Type Request

 

Apply to Parameter, XML, JSON, GWT

 

Attack Type SQL-Injection

 

Systems General Database IBM DB2 Microsoft SQL Server MySQL Oracle PostgreSQL Sybase/ASE

 

Accuracy High

 

Risk High

 

User-defined No

 

Revision 1

 

Last Updated 02/05/2013

 

Documentation View

 

References www.owasp.org/index.php/SQL_Injection www.webappsec.org/projects/threat/c...tion.shtml