SQL injection problem!

Question

We have an application VIP with an ASM profile. The application runs on Windows, IIS, ASP.net and SQL server.&nbsp;
Our BIGIP runs TMOS11.5.4HF4.&nbsp;
The application requires a login. When we fill in: 1'or'1'= '1'in te username field, ASM blocks the request. When we fill in: 1'or'1'= '1'-- ASM does not block the request.&nbsp;
What is the problem? &nbsp;

nathe · Answer

Henk, do you have the following Attack Sigs associated to your ASM Security policy and not in Staging? 200002430, 200002419, 200002444?&nbsp;

henk_oostland · Answer

Yes, that was the problem, the attack sigs were in staging.&nbsp;
Thanks!&nbsp;

nathe · Answer

Glad u sorted&nbsp;

Forum Discussion

SQL injection problem!

3 Replies

Recent Discussions

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Pricing when used with aws waf

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Joomla! SQL Injection Vulnerability

Mitigating OWASP API Security Risk: Injection flaws using F5 XC Platform

Serverside SNI injection iRule

Automation of OWASP Injection mitigation using F5 Distributed Cloud Platform