You may want to look at implementing this ASAP. We had a couple of individuals inject code into our database by using the string arguments that are …
Tag: Combinatorics
Checkmarx SQL injection high severity issue
I am getting a high severity issue in this method: public void recordBadLogin(final String uid, final String reason, final String ip) throws …
Related:
Is this method sufficient for escaping strings for use in SQL to prevent SQL injection attacks?
private static string Quote(string value) { return “‘” + value.Replace(“‘”, “””) + “‘”; }. It looks really simple and I can’t think of a way to exploit it but I could …
Related:
SMG: Is there any idle or initial processing time?
I need a solution
Hi Guys,
Is there any known idle time for SMG?
I mean in the event of no email coming, we can see that the first email that being process would have larger delay than the subsequence email…
Is this normal and expected? If yes, how many seconds or miliseconds is fine standard?
0
Related:
SQL Injection Attack questions?
Anytime you have an “unsanitized” user input string substituted into an SQL string, you have a potential problem. So, 11.2 is a “yes, there is a problem” …
Related:
Custom Log Format String
I need a solution
Hi there,
I see an interesting problem: when I create a new Access Log Format using Custom format string, SGOS 6.7.4.3 starts logging that very string in the logs, instead of actual field data. So, in the log i see the custom string for every Access event over and over again.
The standard ELFF format strings work fine: logs look as they should.
All I’m trying to do is to add couple of additional fields to log, which are not included in ELFF format hence the need for Custom format string.
Anyone observed anything like this? Am I missing a tickbox somewhere?
thanks!
0
Related:
Symantec does not detect EICAR on big partition
I need a solution
Hello,
we have a Windows fileserver with SEP 14RU1MP2 installed on it. The fileserver has 6 partitions with different sizes. On 5 partitions SEP works great. But on the biggest partition it does not detect EICAR files which is really strange. The partition is 11 TB large.
I already repaired SEP together with the Symantec support and after that SEP works again good for a few days. The exeptions are also ok. But now we have that issue again.
Does anyone have an idea how to solve that issue?
Thank you!
0
Related:
Re: ASL to extract IP from Cisco BGP4 ObjectID
Hi Mark,
I was able to separate the oid and ip address with the below example code using the substring function:
test.asl file
START {
a:rep(word) eol
}
do {
print(“Value”.a);
oid=substring(a,5,30);
ip=substring(a,36,50);
print(“OID “.oid);
print(“IP “.ip);
}
DEFAULT {
..eol
}
fs_match.txt
OID2=.1.3.6.1.4.1.9.9.187.1.2.5.1.3.10.236.48.23
run output:
./sm_adapter –file=fs_match.txt test.asl
ValueOID2=.1.3.6.1.4.1.9.9.187.1.2.5.1.3.10.236.48.23
OID .1.3.6.1.4.1.9.9.187.1.2.5.1.3
IP 10.236.48.23
Reference to the use of the substring function can be found in the 9.2 ASL Reference guide on page 85
Ron Miller
Advisor, Enterprise Technical Services
Related:
Is it possible to fully defend SQL injection with filter
add an array with space or comma as a segmenter; replace ‘);*– in the string with a space; call the database. Example 1: Parameter: Name=test.
Related:
What does an SQL Injection query such as below means? What will be the answer of this
I am working on bee box machine and practicing blind SQL injection. I know what the ascii and substring does, I also know what concat does, but why …