SQL-Inj-GET-SP_ADDLGN ID: 9766     Protected since: 12/9/2008 12:00:00 AM     File version: 0009_0013_00 Low: Click here to download the complete Signature File that includes this attack Alias   Affected systems Details SQL Injection - GET-SP_ADDLGN Impact Information disclosure Information compromise Denial of Service Attack vector Any protocol that has affect on an SQL Servers. (most common is TCP port 80 - HTTP) Recommended solution SQL-Inj-GET-SP_ADDLGN protects against an SQL injection attack. SQL injections occur due to an application improperly sanitizing user-supplied input. An attacker is able to exploit this vulnerability by providing specially constructed user-supplied input which will alter the SQL statement of the application, executing arbitrary SQL statements on the database server. This may result in sensitive information disclosure, information compromise and database denial of service. Recommended Solutions In order to protect against SQL injections the following steps should be taken: - Update your Radware device with the latest signature file (See the supported products list below). - Ensure that the 'SQL Injection' group exists in the active protection profile. References Radware ID 9766 Radware group SQL_Injection-Advan Applications DBMS - Microsoft SQL,DBMS - MySQL,DBMS - Oracle,DBMS - Others Services HTTP Risk Info Confidence Low Threat type Intrusions Minimum application security version 2.00.00 Hardware requirements SME