Closed huangchen007 closed 9 years ago
client9
commented
9 years ago if the query is like this, then those will be "SQLi".
select * from table where id=($INPUT)
Feel free to remove the 'Ef(o)', 'Eoknk' fingerprints .
JIRA for instance allows "sql-like" inputs. I would white list these fields.
good luck
huangchen007
commented
9 years ago I 'm sorry to bother you again. What can I do with the source code if I want to remove the 'Ef(o)', 'Eoknk' fingerprints.
huangchen007
commented
9 years ago It's done with modifying fingerprints.txt. Is that right?
client9
commented
9 years ago YES,
But better you can check the fingerprint that comes out of IsSQLI and compare to your whitelist.
On Wed, Jul 22, 2015 at 1:07 AM, C.Wong notifications@github.com wrote:
It's done with modifying fingerprints.txt. Is that right?
— Reply to this email directly or view it on GitHub https://github.com/client9/libinjection/issues/91#issuecomment-123609351 .
Nick Galbreath | Founder / CTO | @ngalbreath | Signal Sciences | www.signalsciences.com | @signalsciences |
huangchen007
commented
9 years ago One more question. I couldn't find any code that manipulate fingerprint.txt. How do I control whitelist or blacklist?
huangchen007
commented
9 years ago oh, I understand. I read Makefile carefully and then know your design completely
Nick, any idea why strings (below) is flagged as SQLi?
"Select count() from Monitor" detected with fingerprint of 'Ef(o)' "Select \ from Monitor where ID = 182517" detected with fingerprint of 'Eoknk'