0

I have to generate a report that shows eventual SQL injection attempts.

I've seen many threads about this topic and I have a general understanding of the argument, but I've never done an actual report of the possible attempts.

I was thinking to save the queries that my app executes (through forms and other actions on the website) into a table on the DB and then scan this table and look for specific words (like Union, Drop and the likes) to see if there's something suspicious going on.

This way, I can then show the table and the suspicious activities on an admin panel on the app for a quick check of the activities.

Do you guys think this is a viable solution? What would you recommend to do otherwise?

Thanks.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
DoomWZ
  • 53
  • 1
  • 6
  • Why would you need a report for attempted SQL injections? – Script47 Mar 07 '19 at 10:26
  • To blacklist the IP that made the suspicious activity, and also because I've been asked to do it :D @Script47 – DoomWZ Mar 07 '19 at 10:27
  • I think that saving all query's is your only way and then make logs page where you could filter logs by most common injection keywords – Ingus Mar 07 '19 at 10:33
  • Is ModSecurity still something people use? – Jonnix Mar 07 '19 at 10:34
  • If the attacker manages to do that on the first attempt without generating any errors, then he deserves to do it I guess :) – DoomWZ Mar 07 '19 at 10:37
  • Instead of saving the queries, save the POST body. An injection attempt that did not make its way to the query won't be logged otherwise (and do not log it via query or to a table itself as, like I said earlier, the log table itself could be dropped). – Salman A Mar 07 '19 at 10:39
  • @JonStirling Sorry, was replying to someone who probably deleted the comment and tagged you by accident. – DoomWZ Mar 07 '19 at 10:39
  • @DoomWZ That explains that :) – Jonnix Mar 07 '19 at 10:40
  • @SalmanA My main issue with saving it on a log file is that it could get huge and then I'd have issues opening it through a script. Also I'm not quite sure how to log the post request – DoomWZ Mar 07 '19 at 10:44
  • https://stackoverflow.com/questions/989967/best-way-to-log-post-data-in-apache/38352687 – Bill Karwin Mar 07 '19 at 16:48

0 Answers0