|
Description: | | SQL injection vulnerability is caused by the web application's lack of validation of user input. Attackers submit sql statement to change the execution logic of background sql query, so as to obtain sensitive information or upload webshell.This rule is used to detect suspicious attempts to use the SELECT function for SQL injection. |
|
Impact: | | Through SQL injection attacks, an attacker can inject any SQL commands to view or modify the database of the target system. |
|
Affected OS: | | Windows, Solaris, Other Unix, FreeBSD, Linux |
|
Reference: | | SecurityFocusBID:77295 SecurityTrackerID:1033950 ExploitDB:38797
|
|