MediumRealSecure Network, Proventia Server IPS for Linux technology, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Desktop, Proventia Network IPS, BlackICE Server Protection, Proventia Server IPS for Microsoft Windows technology, BlackICE PC Protection, BlackICE Agent for Server, RealSecure Server Sensor:
This signature checks HTTP GET requests for usage of the "UNION SELECT" SQL statement. It is not necessarily indicative of an attack but could be an attempt at SQL injection.
Medium
RealSecure Network: XPU 5.12, RealSecure Network: XPU 20.13, Proventia Server IPS for Linux technology: 1.0, Proventia Network MFS: 1.0, Proventia-G 1.1 and earlier: G Series, Proventia Desktop: 8.0.614.1, Proventia Network IPS: 2.0, BlackICE Server Protection: 3.6.cpa, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, BlackICE PC Protection: 3.6cpa, BlackICE Agent for Server: 3.6eof, RealSecure Server Sensor: XPU 20.16
Linux Kernel, Microsoft Windows, Various vendors Unix
Unauthorized Access Attempt
SQL Injection is a technique used to pass user-supplied SQL code into an application that is not properly filtered and not intended by the developer. "UNIONSELECT" is a traditional SQL statement used for SQL injection in HTTP GETS and POSTS. SQL injections can be used to modify the logic of underlying SQL queries, obtain information, and possibly allow the attacker to add, modify or delete data in the backend database.
This event is for informational purposes only.
SQLSecurity
SQL Injection FAQ
http://www.sqlsecurity.com/FAQs/SQLInjectionFAQ/tabid/56/Default.aspx
ISS X-Force
HTTP SQL "UNIONSELECT" statement usage
http://www.iss.net/security_center/static/11568.php