SQL Injection
Description
Use the searches in this Analytic Story to help you detect structured query language (SQL) injection attempts characterized by long URLs that contain malicious parameters.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Web
- Last Updated: 2017-09-19
- Author: Bhavin Patel, Splunk
- ID: 4f6632f5-449c-4686-80df-57625f59bab3
Narrative
It is very common for attackers to inject SQL parameters into vulnerable web applications, which then interpret the malicious SQL statements.
This Analytic Story contains a search designed to identify attempts by attackers to leverage this technique to compromise a host and gain a foothold in the target environment.
Detections
| Name | Technique | Type |
|---|---|---|
| SQL Injection with Long URLs | Exploit Public-Facing Application | TTP |
Reference
- https://capec.mitre.org/data/definitions/66.html
- https://www.incapsula.com/web-application-security/sql-injection.html
source | version: 1