Hillstone Networks

RULE（RULE ID：316990）

Rule General Information


Release Date:		2017-03-20

Rule Name:		SQL Injection Detection - SELECT Injection 26

Severity:

CVE ID:

Rule Protection Details


Description:		SQL injection vulnerability is caused by the web application's lack of validation of user input. Attackers submit sql statement to change the execution logic of background sql query, so as to obtain sensitive information or upload webshell.This rule is used to detect suspicious attempts to use the SELECT function for SQL injection.

Impact:		Through SQL injection attacks, an attacker can inject any SQL commands to view or modify the database of the target system.

Affected OS:		Windows, Solaris, Other Unix, FreeBSD, Linux

Reference:		SecurityFocusBID:77295 SecurityTrackerID:1033950 ExploitDB:38797

Solutions

1. Filter and escape the data entered by users to ensure that the input does not contain malicious SQL code. 2. use parameterized queries or precompiled statements to avoid directly splicing user input data into SQL statements. 3, ensure that the application connects to the database with the principle of least permission, avoid using the database account with too high permission to perform unnecessary operations.