Intrusion Prevention

MS.SQL.Server.Injection.Attempt

Description

Indicates an attempt at an SQL Injection attack against Microsoft SQL Server. These types of attack attempt to convince the application to run malicious SQL code.

Affected Products

This attack's SQL injection exploits an unchecked parameter with a value enclosed by single quotation marks in any Web application using Microsoft SQL Server. Attacker can inject any SQL sentence into it to get any information in background database.
It's a common problem about SQL injection on Web application, not for a specific vulnerability.

Impact

Any Web application with SQL injection vulnerability using Microsoft SQL Server.

Recommended Actions

Use SQL injection scanner to find out if your web site is vulnerable to SQL injection attacks.