[Owasp-appsensor-project] SQL injection attack

Emmanouil Prekas grad1107 at di.uoa.gr
Sun Feb 12 14:36:47 UTC 2012


Could these two pattern find the most sql injection attacks that have or,and?
[ ][oO][rR][ ].*[=<>!]
[ ][aA][nN][dD][ ].*[=<>!]
I think they can have some false positive but it is rare? Is this pattern
include the most attacks? If not can you please tell me the kind of attack
that is not being included?
Thank you very much
M.P.

> Hello all
> I am working on sql injection attack and i found that the patterns have
> some problems. If you test killme it returns attack. Also the other words
> in the pattern's list, when one of these is discovered in the text it
> returns attack, althought the most of the times is not. I am trying to fix
> the pattern for or/and now cause this attack is not recognised at all for
> now. I have seen the previous conversation and i am willing to help if you
> want
> Manolis Prekas
>
> _______________________________________________
> Owasp-appsensor-project mailing list
> Owasp-appsensor-project at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-appsensor-project
>




More information about the Owasp-appsensor-project mailing list