HTTP: SQL Command in URL

This signature detects a SQL command in a URL. Because SQL commands are not normally used in HTTP connections, this can indicate a SQL injection attack. This can also be a false positive. To reduce false positives, it is strongly recommended that these signatures only be used to inspect traffic from the Internet to your organization's Web servers that use SQL backend databases to generate content and not to inspect traffic going from your organization to the Internet.

Extended Description

Netscape's iPlanet iCal application is a network based calendar service built for deployment in organizations which require a centralized calendar system. Certain versions of iCal ship with a vulnerability introduced in the installation process which will allow malicious local users to gain root on the system. During the installation process a large number of files are left world readable and writable. One such file, /opt/SUNWicsrv/cal/bin/iplncal.sh is designed to be run at startup as root and is world writable by default. This allows users to modify the contents of this startup script and have it executed at boot up time or whenever the machine is re-initialized.

Affected Products

Netscape ical

References

BugTraq: 77208 67754 22593 1768 66302 100966 45050 93864

CVE: CVE-2018-17243

URL: https://www.tenable.com/security/research/tra-2016-10 http://esupport.trendmicro.com/solution/en-us/1114749.aspx http://www.solarwinds.com/documentation/storage/storagemanager/docs/releasenotes/releasenotes.htm https://www.trustwave.com/Resources/SpiderLabs-Blog/Joomla-SQL-Injection-Vulnerability-Exploit-Results-in-Full-Administrative-Access/ http://developer.joomla.org/security-centre/628-20151001-core-sql-injection.html

Short Name

HTTP:SQL:INJ:CMD-IN-URL

Severity

Minor

Recommended

False

Recommended Action

None

HTTP: SQL Command in URL

Extended Description

Affected Products

References

Found a potential security threat?