<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi all</p>
<p>I'm wondering what the best practice is in terms of detection and
dropping attempted SQL injection attacks?</p>
<p>Is something like the following adequate or can this be enhanced:</p>
<pre>if ( $fU != $(fU{s.escape.common}) || $tU != $(tU{s.escape.common}) ) {
drop();
}
</pre>
<div class="moz-signature">Obviously this does not remove the need
to escape anything passed to avp_db_query(), however, what I want
to do is identify these sorts of attacks at the top of the script
and avoid processing.</div>
<div class="moz-signature"><br>
</div>
<div class="moz-signature">To date all the attacks I've seen focus
on the contact and from user, e.g.:</div>
<div class="moz-signature">
<pre>INVITE <a class="moz-txt-link-freetext" href="sip:00111390237920793@x.x.x.x:5060;transport=UDP">sip:00111390237920793@x.x.x.x:5060;transport=UDP</a> SIP/2.0
Contact: <a class="moz-txt-link-rfc2396E" href="sip:a'or'3=3--@x.x.x.x:5060;transport=UDP"><sip:a'or'3=3--@x.x.x.x:5060;transport=UDP></a>
To: <a class="moz-txt-link-rfc2396E" href="sip:00111390237920793@x.x.x.x;transport=UDP"><sip:00111390237920793@x.x.x.x;transport=UDP></a>
From: <a class="moz-txt-link-rfc2396E" href="sip:a'or'3=3--@x.x.x.x;transport=UDP"><sip:a'or'3=3--@x.x.x.x;transport=UDP></a>;tag=v2pjtxqb</pre>
</div>
<div class="moz-signature">I'm not quite sure how to match the
Contact user. Would the following work?</div>
<div class="moz-signature">
<pre>if ( $(ct.fields(uri){uri.user}) != $(ct.fields(uri){uri.user}{s.escape.common}) ) {
drop();
}
</pre>
</div>
<div class="moz-signature">-- <br>
<span style="font-size:11.0pt;font-family:Assistant;color:black">Regards<br>
</span> <span
style="font-size:11pt;font-family:Assistant;color:#44546A"> <b>Gregory
Massel</b></span><span
style="font-size:11.0pt;font-family:Assistant;color:#32444B"><br>
</span></div>
</body>
</html>