Types of SQL injections (4.1)

Upgrade to Airlock 4.2 or newer

The "default SQL injection rule" of Airlock 4.1 cannot prevent this type of attack yet.  You must therefore configure a custom deny rule as outlined below. We will soon update the default rule set in order to protect web applications from this attack out-of-the-box.

Since the command EXEC()is the most dangerous part, prevent this attack by configuring the following filters on airlock:

Deny rule for paramter name:

Name: bot attack name rule
Comment: Rule to prevent from special bot attack in parameter name
Path: (default) No Restriction
HTTP Method: (default) No Restriction
Content Type: (default) No Restriction
IP: (default) No Restriction
Parameter Name: bot attack name
ParameterValue: (default) No Restriction Parameter name pattern:

Name: bot attack name
Comment: Detects special bot attack in parameter name
Pattern: [;[:space:][:cntrl:]]EXEC[[:space:][:cntrl:](]
Ignore Case: On
Invert: OffDeny rule for parameter value:

Name: bot attack value rule
Comment: Rule to prevent from special bot attack in parameter value
Path: (default) No Restriction
HTTP Method: (default) No Restriction
Content Type: (default) No Restriction
IP: (default) No Restriction
Parameter Name: (default) No Restriction
Parameter Value: bot attack value

Parameter value pattern:

Name: bot attack value
Comment: Detects special bot attack in parameter value
Pattern: [;[:space:][:cntrl:]]EXEC[[:space:][:cntrl:](]
Ignore Case: On
Invert: Off
Enable those two rules in the corresponding mappings and activate the configuration.