Sergio_Magra
Feb 19, 2013Nimbostratus
Filename is seeing as parameter and applied a SQL Injection signature
Hi, the ASM (9.4.4) have a false positive by detecting the filenames as parameter and applying the following SQL injection signature:
False Positive: SQL-INJ "--" (SQL comment) (Parameter)
Please see the example below:
POST /app/send.asp?X=6066919 HTTP/1.1
Content-Length: 7374
Accept: */*
User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
Host: www.site.com.ar
Connection: Keep-Alive
Cookie: ASPSESSIONIDCSDQQDSB=BEDCIDEDOJKBLNGBAIIOAFNA; TSea8a3d=7c60168503bfcf24ce0c31dd15b7ce389035dffc2e4c5e3850feedb0226eee961c71a653
X-Forwarded-For: 16.19.1.21
-----------------------------7d117c2c490276
Content-Disposition: form-data; name="file1"; filename="C:\sending\TEMP\b00007_20130122.rta"
Content-Type: text/plain
22/01/2013@00007@0000000001@0001637111@03@00253400816631@1099,00@22/01/2013@S@80@20930251098@@@@
22/01/2013@00007@0000000001@0002605873@03@00225400140366@0,02@22/01/2013@S@80@20100373964@@@@
22/01/2013@00007@0000000001@0002938678@03@00064400561979@26,91@22/01/2013@S@80@27201659596@@@@
22/01/2013@00007@0000000001@0003028006@03@00250400918981@919,60@22/01/2013@S@80@20214789176@@@@
How to avoid this?
Thanks and Best regards