Uploaded by sheldon.ramdath

SQL Injection

advertisement
Message : Oct 17 19:24:05 Panorama 1,2023/10/17 19:24:05,007801003795,THREAT,vulnerability,2049,2023/10/17 19:23:44,192.168.62.87,10.60.17.25,0.0.0.0,0.0.0.0,OWE87-to-OAE25,,,oracle-forms,vsys3,Yellow_prod,Prod-Ora_App_Ext,ethernet1/4.3,ethernet1/21.931,Log-Forward-1,2023/10/17 19:23:44,34311741,1,55014,7177,0,0,0x2000,tcp,alert,"frmservlet",HTTP SQL Injection Attempt(33338),not-resolved,medium,client-to-server,87102796,0xa000000000000000,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,,0,,,3,,,,,,,,0,19,0,0,0,Prod,CG_INT_PA-5050,,,,,0,,0,,N/A,sql-injection,AppThreat-8764-8335,0x0,0,4294967295,,,,0,
LogType : PaloAlto DeviceSeverity Level : mediumTime : 2023-10-17 19:24:05Severity : warningFacility : UserCategory : vulnerabilitySource : THREATEvent : -Object : -Description : -Username : -Source IP : 192.168.62.87Destination IP : 10.60.17.25Rule Name : OWE87-to-OAE25Device : splcigpan01DisplayName : Palo Alto PANORAMA
Message : Oct 17 19:23:59 Panorama 1,2023/10/17 19:23:59,007801003791,THREAT,vulnerability,2049,2023/10/17 19:23:45,192.168.62.87,10.60.17.25,0.0.0.0,0.0.0.0,All_goingdown-PRD,,,oracle-forms,vsys2,DMZ62_prod,Yellow_prod,ethernet1/8.62,ethernet1/9.3,Log-Forward-1,2023/10/17 19:23:45,33803012,1,55014,7177,0,0,0x22000,tcp,alert,"frmservlet",HTTP SQL Injection Attempt(33338),not-resolved,medium,client-to-server,1742113300,0xa000000000000000,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,,0,,,3,,,,,,,,0,16,0,0,0,Ext_Fw,GAB_PA5050,,,,,0,,0,,N/A,sql-injection,AppThreat-8756-8298,0x0,0,4294967295,,,,0,
LogType : PaloAlto DeviceSeverity Level : mediumTime : 2023-10-17 19:23:59Severity : warningFacility : UserCategory : vulnerabilitySource : THREATEvent : -Object : -Description : -Username : -Source IP : 192.168.62.87Destination IP : 10.60.17.25Rule Name : All_goingdown-PRDDevice : splcigpan01DisplayName : Palo Alto PANORAMA
Message : Oct 17 19:23:45 GAB_PA5050 1,2023/10/17 19:23:45,007801003791,THREAT,vulnerability,2049,2023/10/17 19:23:45,192.168.62.87,10.60.17.25,0.0.0.0,0.0.0.0,All_goingdown-PRD,,,oracle-forms,vsys2,DMZ62_prod,Yellow_prod,ethernet1/8.62,ethernet1/9.3,Log-Forward-1,2023/10/17 19:23:45,33803012,1,55014,7177,0,0,0x22000,tcp,alert,"frmservlet",HTTP SQL Injection Attempt(33338),not-resolved,medium,client-to-server,1742113300,0xa000000000000000,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,,0,,,3,,,,,,,,0,16,0,0,0,Ext_Fw,GAB_PA5050,,,,,0,,0,,N/A,sql-injection,AppThreat-8756-8298,0x0,0,4294967295,
LogType : PaloAlto DeviceSeverity Level : mediumTime : 2023-10-17 19:23:45Severity : warningFacility : UserCategory : vulnerabilitySource : THREATEvent : -Object : -Description : -Username : -Source IP : 192.168.62.87Destination IP : 10.60.17.25Rule Name : All_goingdown-PRDDevice : 10.255.0.18DisplayName : GAB External Firewall
Message : Oct 17 19:23:45 CG_INT_PA-5050 1,2023/10/17 19:23:44,007801003795,THREAT,vulnerability,2049,2023/10/17 19:23:44,192.168.62.87,10.60.17.25,0.0.0.0,0.0.0.0,OWE87-to-OAE25,,,oracle-forms,vsys3,Yellow_prod,Prod-Ora_App_Ext,ethernet1/4.3,ethernet1/21.931,Log-Forward-1,2023/10/17 19:23:44,34311741,1,55014,7177,0,0,0x2000,tcp,alert,"frmservlet",HTTP SQL Injection Attempt(33338),not-resolved,medium,client-to-server,87102796,0xa000000000000000,192.168.0.0-192.168.255.255,10.0.0.0-10.255.255.255,0,,0,,,3,,,,,,,,0,19,0,0,0,Prod,CG_INT_PA-5050,,,,,0,,0,,N/A,sql-injection,AppThreat-8764-8335,0x0,0,4294967295,
LogType : PaloAlto DeviceSeverity Level : mediumTime : 2023-10-17 19:23:44Severity : warningFacility : UserCategory : vulnerabilitySource : THREATEvent : -Object : -Description : -Username : -Source IP : 192.168.62.87Destination IP : 10.60.17.25Rule Name : OWE87-to-OAE25Device : 10.255.0.29DisplayName : CG Internal Firewall
'nvOpzp; AND 1\=1 OR (<'">iKO)),
2023-10-17 19:23:40 - 2023-10-17 19:24:10
"Prod_Public_Coris_Virtual_Web_Server_Portal_NewSide_HTTPS"
SOURCE_IP = "192.168.73.16"
coris.gov.ky-NAT-WAF
BOT Signature - */forms/frmservlet/* */forms/*
"Prod_Public_Coris_Virtual_Web_Server_Portal_NewSide_HTTPS" AND "74.222.78.68"
192.168.73.16 - - [17/Oct/2023:19:23:39 -0500] 0061zAadJ2w0vlWjLxINOA0002Z900C64T "GET /forms/frmservlet?config=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO)), HTTP/1.1" 200 5350
1
GET /forms/frmservlet?config='nvOpzp; AND 1=1 OR (<'">iKO)) HTTP/1.1
Message : 1 2023-10-17T19:23:39.891094-05:00 F5WAFPrimary.admin.gov.ky tmm 19246 - [F5@12276] BOTDEFENSE: clientip 108.45.95.5 localip 192.168.72.16 remoteip 108.45.95.5 virtserv /Common/Prod_Public_Coris_Virtual_Web_Server_Portal_NewSide_HTTPS method GET host www.coris.gov.ky uri /forms/frmservlet?config=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO)), cspossible 1 csallowed 1 csattribute(device_id) 0 cookiestatus not_received cookieage -1 deviceid 0 clientclass unknown clienttype uncategorized cookieage -1 cookiestatus not_received supportid 10626238106777282234 previousaction allow previoussupportid 0 previousrequestage 0 botname Undefined intent botcategories botsignature botsignaturecategory botanomalies captchastatus not_received captchaage -1 defaultaction alarm reason "Undetermined"
Rule Name : -Product Name : -Virus Name : -Intelligence : -Location : -Signature Name : -Signature ID : -Original Client IP : -Status Code : -Request Type : -Application Name : -Class Name : -Attack Information : -URI Query : -Method : -Request : -LogType : F5 DeviceCommon Report Name : -Up Time : -Down Time : -Type : -Event : -Intrusion Name : -Attack ID : -Attack : -Policy ID : -Id : -Port : -Source IP : -Destination Port : -Destination IP : -Destination Name : -Virtual Server : -Pool Member Name : -Pool Name : -Node Name : -Monitor Name : -Server IP Address : -New Status : -Old Status : -Description : -Module : -Folder : -Object Name : -Command : -Action : -Transaction : -Client : -Error : -Status : -Interface : -End Time : -Start time : -Occurrences : -Access Right : -Message ID : -Log Subtype : -Destination Zone : -Source Zone : -Vlan : -Sourceuser : -Source Port : -Source Location : -Source Device : -Transmission Protocol : -Reason : -Version : -Vendor Name : -Device Type : -Destination Location : -Destination Device : -Context Type : -Context Name : -RuleId : -Policy Name : -Username : -Event Name : -Facility : Local0Source : Local0Severity : informationDevice : f5wafprimaryTime : 2023-10-17 19:23:39DisplayName : f5wafprimary_ALL_Logs
Message : "N/A","0000000000000000000000000000000","N/A","not_received","Unknown","2023-10-17 19:23:39","192.168.72.16","443","N/A","","US","/Common/CIG_MAIN_APPLICATION_SECURITY_POLICY","N/A","108.45.95.5","108.45.95.5%0","","N/A","10.255.0.244","N/A","GET","N/A","N/A","N/A","6e491f59ec66b81e8eda2fe9","2023-07-19 10:39:57","/Common/CIG_MAIN_APPLICATION_SECURITY_POLICY","HTTPS","config=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO)),","GET /forms/frmservlet?config=%27nvOpzp;%20AND%201=1%20OR%20(%3C%27%22%3EiKO)), HTTP/1.1\r\naccept: */*\r\naccept-encoding: gzip, br, deflate\r\nhost: www.coris.gov.ky\r\n\r\n","passed","Response logging disabled","200","0","21005","3e083208a75062ea","Informational","N/A","N/A","N/A","0","57605","","","","N/A","N/A","10626238106777282234","N/A","F5WAFPrimary.admin.gov.ky","/forms/frmservlet","N/A","N/A","0","N/A","N/A","/Common/Prod_Public_Coris_Virtual_Web_Server_Portal_NewSide_HTTPS","N/A","N/A","N/A","none","N/A","asm-policy"
Rule Name : -Product Name : Application SecurityVirus Name : -Intelligence : -Location : -Signature Name : -Signature ID : -Original Client IP : -Status Code : -Request Type : -Application Name : -Class Name : -Attack Information : -URI Query : -Method : -Request : -LogType : F5 DeviceCommon Report Name : -Up Time : -Down Time : -Type : -Event : -Intrusion Name : -Attack ID : -Attack : -Policy ID : -Id : -Port : -Source IP : -Destination Port : -Destination IP : -Destination Name : -Virtual Server : -Pool Member Name : -Pool Name : -Node Name : -Monitor Name : -Server IP Address : -New Status : -Old Status : -Description : -Module : -Folder : -Object Name : -Command : -Action : -Transaction : -Client : -Error : -Status : -Interface : -End Time : -Start time : -Occurrences : -Access Right : -Message ID : -Log Subtype : EVENTLOGSDestination Zone : -Source Zone : -Vlan : -Sourceuser : -Source Port : -Source Location : -Source Device : -Transmission Protocol : -Reason : -Version : -Vendor Name : -Device Type : -Destination Location : -Destination Device : -Context Type : -Context Name : -RuleId : -Policy Name : -Username : -Event Name : -Facility : Local0Source : ASMSeverity : informationDevice : f5wafprimaryTime : 2023-10-17 19:23:39DisplayName : f5wafprimary_ALL_Logs
Download