Use the searches in this Analytic Story to help you detect structured query language (SQL) injection attempts characterized by long URLs that contain malicious parameters.
- Product: Splunk Enterprise, Splunk Enterprise Security, Splunk Cloud
- Datamodel: Web
- Last Updated: 2017-09-19
- Author: Bhavin Patel, Splunk
- ID: 4f6632f5-449c-4686-80df-57625f59bab3
It is very common for attackers to inject SQL parameters into vulnerable web applications, which then interpret the malicious SQL statements.
This Analytic Story contains a search designed to identify attempts by attackers to leverage this technique to compromise a host and gain a foothold in the target environment.
|SQL Injection with Long URLs||Exploit Public-Facing Application||TTP|
source | version: 1