MS.SQL.Server.Injection.Attempt
Description
Indicates an attempt at an SQL Injection attack against Microsoft SQL Server. These types of attack attempt to convince the application to run malicious SQL code.
Affected Products
This attack's SQL injection exploits an unchecked parameter with a value enclosed by single quotation marks in any Web application using Microsoft SQL Server. Attacker can inject any SQL sentence into it to get any information in background database.
It's a common problem about SQL injection on Web application, not for a specific vulnerability.
Impact
Any Web application with SQL injection vulnerability using Microsoft SQL Server.
Recommended Actions
Use SQL injection scanner to find out if your web site is vulnerable to SQL injection attacks.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |