HTTP: Generic SQL Injection Detection
This signature detects specific characters, typically used in SQL, within an HTTP connection. Because these characters are not normally used in HTTP, this can indicate a SQL or command injection attack. However, it can be a false positive. To reduce False Positives, it is strongly recommended that these signatures only be used to inspect traffic from the Internet to your organization's web servers that use SQL backend databases to generate content and not to inspect traffic going from your organization to the Internet. Some attempts at Cross Site Scripting attacks also trigger this signature.
Extended Description
inTouch is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.
Affected Products
Intouch intouch
References
BugTraq: 60816 7804 17040 39489 16110 93864
CVE: CVE-2021-40578
URL: http://www.securityfocus.com/infocus/1768 https://www.drupal.org/sa-core-2014-005 http://resources.infosecinstitute.com/checking-out-backdoor-shells/ https://github.com/danielmiessler/SecLists/tree/master/Payloads https://www.drupal.org/SA-CORE-2014-005 http://www.sektioneins.de/en/advisories/advisory-012014-drupal-pre-auth-sql-injection-vulnerability.html http://0day.today/exploit/19259 http://insecurety.net/?p=144 http://www.symantec.com/connect/blogs/ddos-attacks-zemra-bot https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt http://seclists.org/bugtraq/2016/Aug/45 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/netgear-wnr2000.txt http://seclists.org/fulldisclosure/2016/Dec/72 http://kb.netgear.com/000036549/Insecure-Remote-Access-and-Command-Execution-Security-Vulnerability http://seclists.org/fulldisclosure/2017/Jan/40 https://raw.githubusercontent.com/pedrib/PoC/master/advisories/zyxel_trueonline.txt https://blogs.securiteam.com/index.php/archives/2910 http://webstersprodigy.net/2012/10/25/cve-2012-5357cve-1012-5358-cool-ektron-xslt-rce-bugs/ http://technet.microsoft.com/en-us/security/msvr/msvr12-016
Short Name
HTTP:SQL:INJ:GENERIC
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2006-0088 CVE-2006-1148 CVE-2009-4596 CVE-2010-0432 CVE-2010-0764 CVE-2010-1073 CVE-2010-1090 CVE-2010-1091 CVE-2010-1661 CVE-2010-1662 CVE-2010-2699 CVE-2010-2700 CVE-2010-2714 CVE-2010-2715 CVE-2010-3481 CVE-2010-4143 CVE-2010-4480 CVE-2010-4635 CVE-2010-5003 CVE-2010-5023 CVE-2011-0267 CVE-2011-4801 CVE-2012-1495 CVE-2012-1670 CVE-2012-1777 CVE-2012-1911 CVE-2012-2740 CVE-2012-2925 CVE-2012-3183 CVE-2012-3184 CVE-2012-4258 CVE-2012-4262 CVE-2012-4869 CVE-2012-5098 CVE-2012-6584 CVE-2013-3502 CVE-2013-5311 CVE-2013-7349 CVE-2014-10035 CVE-2014-2586 CVE-2014-7864 CVE-2014-9347 CVE-2015-2216 CVE-2015-5148 CVE-2015-6058 CVE-2016-10174 CVE-2016-8580 CVE-2018-19127 CVE-2021-40578 CVE-2021-42169 Detection Generic Injection SQL bid:16110 bid:17040 bid:39489 bid:60816 bid:7804 bid:93864
Release Date
05/26/2004
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Frequently
Vendors
Intouch
CVSS Score
7.5
6.5
4.3
10.0
4.9
6.8
5.0