Skip to content

doc sqli false positive

Jump to bottom Edit New page
Nick Galbreath edited this page Nov 29, 2013 · 1 revision

libinjection SQLi False Positives

Some very benign looking queries are sometimes flagged as SQLi. This can be due to the nature of SQL, and how some databases process it. As an example:

I 'LIKE' YOU

could be considered SQLi and can be used to scan the contents of a table (In this case it is the LIKE operator with two strings).

Fortunately, most false-positives like this are limited to a few fingerprints and can be turned off without affecting detection of other SQLi attacks.

How to do I turn off a particular fingerprint

TK

What are common False Positives

This needs more explanation, but check out https://libinjection.client9.com/cicada/libinjection-samples-negative.txt

How do I report a false positive?

The best way is by filling a bug report on GitHub, or a new message on Google Groups.

Please include:

  • The WebServer and Platform you are using (some platforms alter characters)
  • The full query string
  • Any information you have on the character encoding (is this UTF-8? or something else?)
  • Your Twitter name or other contact details if your want public credit.
Add a custom footer
Add a custom sidebar
Clone this wiki locally