Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1333
Views
0
Helpful
1
Replies

SourceFIRE Alerts SQL generic convert injection attempt

zakameeri
Level 1
Level 1

‎05-08-2016 11:57 AM - edited ‎03-10-2019 06:36 AM

Hello Guys,

I'm new in SourceFire IPS and I use to receive alerts as follow "[1:26925:1] "SQL generic convert injection attempt - GET parameter" [Impact: Potentially Vulnerable] From "DC IP Address" at Data & Time [Classification: Web Application Attack] [Priority: 1] {tcp} Staff PC IP Address:49813 (unknown)->Server IP Address:5000 (unknown)"

it is not clear for mean can someone clarify it more and advice me.

Labels:
0 Helpful
1 Reply 1

Jetsy Mathew
Cisco Employee
Cisco Employee

‎05-09-2016 12:50 AM

Hello Zakameeri,

Looks like you are receiving the intrusion events for this signature.

As a pre-requisite make sure that the device SRU version is anyways updated to the latest.

If you are receiving this Intrusion events , please contact the Sourcefire TAC team for the further investigation. Provide the packet download respective to this Intrusion Event and provide a troubleshoot for the further investigation.

Regards

Jetsy 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card