<< PREVIOUS  NEXT >> 

WEB ATTACKS

SQL INJECTION

1. Code: 2

2. Brief Description: SQL Injection

3. Sample log message:

   1. CEF format

       

      Jul  6 12:14:45 10.16.6.4 CEF: 1|Virsec Security Platform|Virsec|1.3.0|2|SQLi|10|EventId=VS-SQLI-070620-A14281|Application_Name=Win_Webgoat_10_job 1 Server_Name=win_webgoat_10 Incident_Level=ATTACK Incident_Category=WEB_ATTACK Incident_Type=SQLi Incident_Timestamp=06 Jul 2020 04:15:49 PM UTC Threat Level=ATTACK Malicious Input=[{"account_name": "-1' OR 2+845-845-1=0+0+0+1 --"}] Attacker=10.16.3.114:61272 Event Source Name=CVE SQL=SELECT * FROM user_data WHERE last_name = '-1' OR 2+845-845-1=0+0+0+1 -- ' Session token id=ED23B1EE5081D44C2DF5AFA23E542E58 UUID=621efb32-9f86-4b HTTP Request=POST /webgoat/attack pid=3064 description=SQLi category=Web Attack eventTime=2020-07-06 16:14:54 tid=33

   2. CEF - Fixed Key Definition format 

       

      Sep  8 03:36:06 10.16.6.4 CEF: 1|Virsec Security Platform|Virsec|1.4.0|2|SQLi|10|EventId=VS-SQLI-090820-A00004|cs1Label=Application_Name cs1=RHEL_webgoat_17 8 cs2Label=Server_Name cs2=rhelwebgoat_17 cs3Label=Incident_Level cs3=ATTACK cs4Label=Incident_Category cs4=WEB_ATTACK cs5Label=Incident_Type cs5=SQLi cs6Label=Incident_Timestamp cs6=08 Sep 2020 07:37:33 AM UTC cs7Label=Threat Level cs7=ATTACK cs8Label=Malicious Input cs8=[{"account_name": "-1' OR 2+825-825-1=0+0+0+1 or 'HOGhgtZF'='"} cs9Label=Attacker cs9=10.16.3.114:61530 cs10Label=Event Source Name cs10=CVE cs11Label=SQL cs11=SELECT * FROM user_data WHERE last_name = '-1' OR 2+825-825-1=0+0+0+1 or 'HOGhgtZF'='' cs12Label=Session token id cs12=C28A27CEE515223A7D98C6955C1A31EA cs13Label=UUID cs13=50ef87b7-97e2-4c cs14Label=HTTP Request cs14=POST /webgoat/attack cs15Label=pid cs15=31392 cs16Label=description cs16=SQLi cs17Label=category cs17=Web Attack cs18Label=eventTime cs18=2020-09-08T07:37:15.015-04:00 cs19Label=tid cs19=34

<< PREVIOUS   NEXT >>