Forum
SQL operators in session.c in v10.2
Akash Talole
27 May 2016, 18:48
How these patterns works in SQLI detection
sql_operators[] = {
{"="}, {":="}, {"&"}, {"~"}, {"|"}, {"^"}, {"/"}, {"<"}, {"="}, {">"},
{"-"}, {"%"}, {"!"}, {"+"}, {"*"}, {"and"}, {"between"}, {"binary"},
{"case"}, {"div"}, {"in"}, {"is"}, {"like"}, {"mod"}, {"not"}, {"or"},
{"order"}, {"regexp"}, {"rlike"}, {"sounds"}, {"xor"},
{NULL}
sql_operators[] = {
{"="}, {":="}, {"&"}, {"~"}, {"|"}, {"^"}, {"/"}, {"<"}, {"="}, {">"},
{"-"}, {"%"}, {"!"}, {"+"}, {"*"}, {"and"}, {"between"}, {"binary"},
{"case"}, {"div"}, {"in"}, {"is"}, {"like"}, {"mod"}, {"not"}, {"or"},
{"order"}, {"regexp"}, {"rlike"}, {"sounds"}, {"xor"},
{NULL}
Hugo Leisink
27 May 2016, 20:44
Hiawatha checks for these operators after a single quote. When found, it is seen as an SQL injection attempt.
This topic has been closed.
Copyright © by Hugo Leisink. All rights reserved.
Built upon the Banshee PHP framework.
Built upon the Banshee PHP framework.
