For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Henk_Oostland's avatar
Henk_Oostland
Icon for Nimbostratus rankNimbostratus
Jun 12, 2017

SQL injection problem!

We have an application VIP with an ASM profile. The application runs on Windows, IIS, ASP.net and SQL server.

 

Our BIGIP runs TMOS11.5.4HF4.

 

The application requires a login. When we fill in: 1'or'1'= '1'in te username field, ASM blocks the request. When we fill in: 1'or'1'= '1'-- ASM does not block the request.

 

What is the problem?

 

application delivery
ASM Advanced WAF
security

3 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Jun 12, 2017

    Henk, do you have the following Attack Sigs associated to your ASM Security policy and not in Staging? 200002430, 200002419, 200002444?