MediumRealSecure Desktop, Proventia Network MFS, Proventia-G 1.1 and earlier, Proventia Network IDS, RealSecure Desktop Protector 3.6, Proventia Server IPS for Linux technology, Proventia Network IPS, Proventia Desktop, RealSecure Server Sensor, RealSecure Network, BlackICE PC Protection, BlackICE Agent for Server, Proventia Server IPS for Microsoft Windows technology, BlackICE Server Protection:
This signature checks HTTP GET requests for usage of the "UNION SELECT" SQL statement. It is not necessarily indicative of an attack but could be an attempt at SQL injection.
Medium
RealSecure Desktop: baseline, Proventia Network MFS: 1.0, Proventia-G 1.1 and earlier: G Series, Proventia Network IDS: XPU 20.13, RealSecure Desktop Protector 3.6: baseline, Proventia Server IPS for Linux technology: 1.0, Proventia Network IPS: 2.0, Proventia Desktop: 8.0.614.1, RealSecure Server Sensor: XPU 20.16, RealSecure Network: XPU 5.12, RealSecure Network: XPU 20.13, BlackICE PC Protection: 3.6cpa, BlackICE Agent for Server: 3.6eof, Proventia Server IPS for Microsoft Windows technology: 1.0.914.0, BlackICE Server Protection: 3.6.cpa
Linux Kernel, Microsoft Windows, Various vendors Unix
Unauthorized Access Attempt
SQL Injection is a technique used to pass user-supplied SQL code into an application that is not properly filtered and not intended by the developer. "UNIONSELECT" is a traditional SQL statement used for SQL injection in HTTP GETS and POSTS. SQL injections can be used to modify the logic of underlying SQL queries, obtain information, and possibly allow the attacker to add, modify or delete data in the backend database.
This event is for informational purposes only.
SQLSecurity
SQL Injection FAQ
http://www.sqlsecurity.com/FAQs/SQLInjectionFAQ/tabid/56/Default.aspx
ISS X-Force
HTTP SQL "UNIONSELECT" statement usage
http://www.iss.net/security_center/static/11568.php