SQL injection vulnerability triggered

이 페이지는 아직 한국어로 제공되지 않으며 번역 작업 중입니다. 번역에 관한 질문이나 의견이 있으시면 언제든지 저희에게 연락해 주십시오.

Goal

Detect successful exploits of the SQL injection vulnerability.

Strategy

Monitor SQL injection patterns and SQL queries executed.
When a match is detected (that is, when the malicious pattern is found in a query as functional tokens: @appsec.security_activity:vulnerability_trigger.sql_injection), those specific requests are highlighted.

The signal severity is determined based on whether the application threw an error when processing the SQL queries.

  • CRITICAL An SQL injection vulnerability was exploited and has impacts on the system. The attackers might have exfiltrated data, tampered with your databases, or taken over the server.
  • HIGH An SQL injection vulnerability has been triggered. However, the application threw a SQL exception during execution indicating they might not have succeeded at impacting the system.

Triage and response

  1. Consider blocking the attacking IPs temporarily to slow down the further exploitation of your infrastructure.
  2. Leverage traces to determine the vulnerable queries, and fix the code.
  3. Consider switching the WAF rule rasp-942-100 to blocking mode to prevent exploitation.
  4. Investigate your database servers’ logs to figure out the extent of the exploit.
PREVIEWING: brett0000FF/node-compatibility