Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 317 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

large number of calls to ascii function - possible sql injection

TESTO
Hi There,

We have a home made web application managing projects that has rich text fileds and when we try to save a specific project Astaro blocks it with the following Message:

 Message........: INDICATOR-OBFUSCATION large number of calls to ascii function - possible sql injection obfuscation
Details........: Snort :: 
Time...........: 2013:06:26-09:12:37
Packet dropped.: yes
Priority.......: high
Classification.: Web Application Attack
IP protocol....: 6 (TCP)
Source port: 52939
Destination port: 8080 (http-alt)

We tried to see what caused the issue by looking at the web live log but we could not see anything.

Do you have any idea on how we can compare the number of ascii calls from a project to another from Astaro ? and how to avoid it to be detected as possible sql injection?
Thank you in advance,
Best,
Testo


This thread was automatically locked due to age.
Parents
  • 0
    Hi,

    1. you need to run a sniffer to see the actual http requests

    2. you can create an IPS exception to disable that rule; use the SID # (13998)

    3. using https/SSL would bypass this detection, unless you're using the WAF or HTTP Proxy in transparent SSL mode.

    Barry
Reply
  • 0
    Hi,

    1. you need to run a sniffer to see the actual http requests

    2. you can create an IPS exception to disable that rule; use the SID # (13998)

    3. using https/SSL would bypass this detection, unless you're using the WAF or HTTP Proxy in transparent SSL mode.

    Barry
Children
No Data