joined:Apr 11, 2006
i have installed owasp ruleset last week in to our vps. one of my friend tested a website we have hosted and told that our server is still valnarable. He issued the following sql statement and simply it worked.
a' union sElEcT 1,2,table_nAme fRom informAtion_schemA.tAbles WhErE tablE_scHemA=dAtabase()-- -
OWASP rule was in action and shown 406.
rule failed. sql statment successfully executed.
Any body can help me with this?