Protect Against SQL Attack Assertion Blocked Common Threats
search cancel

Protect Against SQL Attack Assertion Blocked Common Threats

book

Article ID: 278176

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

This KB article outlines examples of SQL injection attacks that can be blocked by the Protect Against SQL Attack assertion.

Environment

API Gateway 10.x, 11.x

Resolution

The SSG will protect against various pre-defined SQL injection attacks, through the SQL Injection assertion. The following are considered the most common threats, and are optionally blocked by the assertion:

Known MS SQL Server Exploits Protection


block: "exec" followed by whitespace and "sp" then string
Sample Request Message  https://test.example.com:9090/test/sqlattack/SqlAttack_MsSqlServerExploit_sp.xml https://test.example.com:9090/test/sqlattack/SqlAttack_MsSqlServerExploit_CapitalSP.xml
block: "exec" followed by whitespace and "xp" then string
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_MsSqlServerExploit_xp.xml
block: "exec" followed by whitespace and "sp" and "xp" then string
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_MsSqlServerExploit.xml
Known Oracle Exploit Protection
block: bfilename
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_OracleExploit_bfilename.xml
block: tz_offset
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_OracleExploit_offset.xml
block: to_timestamp_tz
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_OracleExploit_timestamp.xml
Standard SQL Injection Attack Protection
block: hash mark (#) inside element text
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_StandardSql_ElementHashMark.xml
block: single-quote (') inside element text
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_StandardSql_ElementSingleQuote.xml
block: double-dash (--) inside element text
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_StandardSql_ElementDoubleDash.xml
block: hash mark (#) inside CDATA section
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_StandardSql_CdataHashMark.xml
block: single-quote (') inside CDATA section
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_StandardSql_CdataSingleQuote.xml
block: double-dash (--) inside CDATA section
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_StandardSql_CdataDoubleDash.xml

Invasive SQL Injection Attack Protection
See SQLInjection for a detailed description. Also see SQLInjectionKeywordDetection.

block: hash mark (#) anywhere within message (can be outside element text), including #xpointer by its hash mark (#)
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_InvasiveSql_HashMark.xml
block: single-quote (') anywhere within message (can be outside element text)
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_InvasiveSql_SingleQuote.xml
block: double-dash (--) anywhere within message (can be outside element text)
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_InvasiveSql_DoubleDash.xml
block: signed xml (because of hash mark (#) within the request message)
Sample Request Message https://test.example.com:9090/test/sqlattack/SqlAttack_InvasiveSql_Signed.xml

 

Powered by Wolken Software