Follow:

Exploit:Win/HTTP.URL.SQLInj!NIS-2009-0003

Severity rating
Important

Class/Type
Exploit

Discovered date
2010-03-30T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Low



On this page




Description

This signature detects commonly used exploitation techniques for SQL injection vulnerabilities



Impact

By exploiting the SQL injection vulnerability an attacker could modify the query that is submitted to the database. This would give the attacker the ability to insert malicious SQL commands embedded in a URL that would be passed to the database.



Technical details (analysis)

The easiest way to explain SQL Injection is via a scenario. Suppose a web site hosted an application that allowed visitors to the site to search an online database for particular words. If that application operated by simply taking whatever input a user provided, inserting it into a database query, and running the query, it could be possible for an attacker to provide SQL statements instead of text. The result would be that when the web application ran its query, the attacker's commands would be executed as part of this query. This type of vulnerability is known as a SQL Injection.



Affected software

NA



Non-affected software

NA



References

NA



Solutions

NA



NIS signature

Name: Exploit:Win/HTTP.URL.SQLInj!NIS-2009-0003
Release Date: 2010-03-30T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

NA