MediumRealSecure Desktop Protector 3.6, Proventia Network IPS, Proventia Network MFS, IBM Security Server Protection for Windows, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Network IDS, BlackICE Server Protection, BlackICE PC Protection, BlackICE Agent for Server, RealSecure Server Sensor, RealSecure Network, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware:
This signature checks HTTP GET requests for usage of the "UNION SELECT" SQL statement. It is not necessarily indicative of an attack but could be an attempt at SQL injection.
Medium
RealSecure Desktop: baseline, RealSecure Desktop Protector 3.6: baseline, Proventia Network IPS: 2.0, Proventia Network MFS: 1.0, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.0, Proventia-G 1.1 and earlier: G Series, Proventia Desktop: 8.0.614.1, Proventia Network IDS: XPU 20.13, BlackICE Server Protection: 3.6.cpa, BlackICE PC Protection: 3.6cpa, BlackICE Agent for Server: 3.6eof, RealSecure Server Sensor: XPU 20.16, RealSecure Network: XPU 5.12, RealSecure Network: XPU 20.13, Proventia Server IPS for Linux technology: 1.0, Virtual Server Protection for Vmware: 1.0, Virtual Server Protection for Vmware: 1.0
Linux Kernel, Microsoft Windows, Unix Unix
Unauthorized Access Attempt
SQL Injection is a technique used to pass user-supplied SQL code into an application that is not properly filtered and not intended by the developer. "UNIONSELECT" is a traditional SQL statement used for SQL injection in HTTP GETS and POSTS. SQL injections can be used to modify the logic of underlying SQL queries, obtain information, and possibly allow the attacker to add, modify or delete data in the backend database.
This event is for informational purposes only.
SQLSecurity
SQL Injection FAQ
http://www.sqlsecurity.com/FAQs/SQLInjectionFAQ/tabid/56/Default.aspx
ISS X-Force
HTTP SQL "UNIONSELECT" statement usage
http://www.iss.net/security_center/static/11568.php