Created
December 18, 2023 06:50
-
-
Save emadshanab/f4d0697502707a4248e219eeb62118f5 to your computer and use it in GitHub Desktop.
Error Based SQLi Template
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| id: error-based-sql-injection | |
| info: | |
| name: Error based SQL injection | |
| author: geeknik | |
| severity: high | |
| description: Detects the possibility of SQL injection in 29 database engines. Inspired by https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml. | |
| tags: sqli | |
| requests: | |
| - method: GET | |
| path: | |
| - "{{BaseURL}}/') OR 1 = 1 -- ];" | |
| # Nuclei's use of net/http here will automatically encode the payload, thus sending {{BaseURL}}/%27%29%20OR%201%20=%201%20--%20%5D; as the request | |
| # In order to send an unencoded payload, you'll have to make use of the rawhttp library by crafting a raw HTTP request | |
| matchers-condition: and | |
| matchers: | |
| - type: word | |
| words: | |
| - "Adminer" | |
| # False Positive | |
| part: body | |
| negative: true | |
| - type: regex | |
| regex: | |
| # MySQL | |
| - "SQL syntax.*?MySQL" | |
| - "Warning.*?\\Wmysqli?_" | |
| - "MySQLSyntaxErrorException" | |
| - "valid MySQL result" | |
| - "check the manual that (corresponds to|fits) your MySQL server version" | |
| - "Unknown column '[^ ]+' in 'field list'" | |
| - "MySqlClient\\." | |
| - "com\\.mysql\\.jdbc" | |
| - "Zend_Db_(Adapter|Statement)_Mysqli_Exception" | |
| - "Pdo[./_\\\\]Mysql" | |
| - "MySqlException" | |
| - "SQLSTATE\\[\\d+\\]: Syntax error or access violation" | |
| # MariaDB | |
| - "check the manual that (corresponds to|fits) your MariaDB server version" | |
| # Drizzle | |
| - "check the manual that (corresponds to|fits) your Drizzle server version" | |
| # MemSQL | |
| - "MemSQL does not support this type of query" | |
| - "is not supported by MemSQL" | |
| - "unsupported nested scalar subselect" | |
| # PostgreSQL | |
| - "PostgreSQL.*?ERROR" | |
| - "Warning.*?\\Wpg_" | |
| - "valid PostgreSQL result" | |
| - "Npgsql\\." | |
| - "PG::SyntaxError:" | |
| - "org\\.postgresql\\.util\\.PSQLException" | |
| - "ERROR:\\s\\ssyntax error at or near" | |
| - "ERROR: parser: parse error at or near" | |
| - "PostgreSQL query failed" | |
| - "org\\.postgresql\\.jdbc" | |
| - "Pdo[./_\\\\]Pgsql" | |
| - "PSQLException" | |
| # Microsoft SQL Server | |
| - "Driver.*? SQL[\\-\\_\\ ]*Server" | |
| - "OLE DB.*? SQL Server" | |
| - "\\bSQL Server[^<"]+Driver" | |
| - "Warning.*?\\W(mssql|sqlsrv)_" | |
| - "\\bSQL Server[^<"]+[0-9a-fA-F]{8}" | |
| - "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)" | |
| - "(?s)Exception.*?\\bRoadhouse\\.Cms\\." | |
| - "Microsoft SQL Native Client error '[0-9a-fA-F]{8}" | |
| - "\\[SQL Server\\]" | |
| - "ODBC SQL Server Driver" | |
| - "ODBC Driver \\d+ for SQL Server" | |
| - "SQLServer JDBC Driver" | |
| - "com\\.jnetdirect\\.jsql" | |
| - "macromedia\\.jdbc\\.sqlserver" | |
| - "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception" | |
| - "com\\.microsoft\\.sqlserver\\.jdbc" | |
| - "Pdo[./_\\\\](Mssql|SqlSrv)" | |
| - "SQL(Srv|Server)Exception" | |
| - "Unclosed quotation mark after the character string" | |
| # Microsoft Access | |
| - "Microsoft Access (\\d+ )?Driver" | |
| - "JET Database Engine" | |
| - "Access Database Engine" | |
| - "ODBC Microsoft Access" | |
| - "Syntax error \\(missing operator\\) in query expression" | |
| # Oracle | |
| - "\\bORA-\\d{5}" | |
| - "Oracle error" | |
| - "Oracle.*?Driver" | |
| - "Warning.*?\\W(oci|ora)_" | |
| - "quoted string not properly terminated" | |
| - "SQL command not properly ended" | |
| - "macromedia\\.jdbc\\.oracle" | |
| - "oracle\\.jdbc" | |
| - "Zend_Db_(Adapter|Statement)_Oracle_Exception" | |
| - "Pdo[./_\\\\](Oracle|OCI)" | |
| - "OracleException" | |
| # IBM DB2 | |
| - "CLI Driver.*?DB2" | |
| - "DB2 SQL error" | |
| - "\\bdb2_\\w+\\(" | |
| - "SQLCODE[=:\\d, -]+SQLSTATE" | |
| - "com\\.ibm\\.db2\\.jcc" | |
| - "Zend_Db_(Adapter|Statement)_Db2_Exception" | |
| - "Pdo[./_\\\\]Ibm" | |
| - "DB2Exception" | |
| - "ibm_db_dbi\\.ProgrammingError" | |
| # Informix | |
| - "Warning.*?\\Wifx_" | |
| - "Exception.*?Informix" | |
| - "Informix ODBC Driver" | |
| - "ODBC Informix driver" | |
| - "com\\.informix\\.jdbc" | |
| - "weblogic\\.jdbc\\.informix" | |
| - "Pdo[./_\\\\]Informix" | |
| - "IfxException" | |
| # Firebird | |
| - "Dynamic SQL Error" | |
| - "Warning.*?\\Wibase_" | |
| - "org\\.firebirdsql\\.jdbc" | |
| - "Pdo[./_\\\\]Firebird" | |
| # SQLite | |
| - "SQLite/JDBCDriver" | |
| - "SQLite\\.Exception" | |
| - "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException" | |
| - "Warning.*?\\W(sqlite_|SQLite3::)" | |
| - "\\[SQLITE_ERROR\\]" | |
| - "SQLite error \\d+:" | |
| - "sqlite3.OperationalError:" | |
| - "SQLite3::SQLException" | |
| - "org\\.sqlite\\.JDBC" | |
| - "Pdo[./_\\\\]Sqlite" | |
| - "SQLiteException" | |
| # SAP MaxDB | |
| - "SQL error.*?POS([0-9]+)" | |
| - "Warning.*?\\Wmaxdb_" | |
| - "DriverSapDB" | |
| - "-3014.*?Invalid end of SQL statement" | |
| - "com\\.sap\\.dbtech\\.jdbc" | |
| - "\\[-3008\\].*?: Invalid keyword or missing delimiter" | |
| # Sybase | |
| - "Warning.*?\\Wsybase_" | |
| - "Sybase message" | |
| - "Sybase.*?Server message" | |
| - "SybSQLException" | |
| - "Sybase\\.Data\\.AseClient" | |
| - "com\\.sybase\\.jdbc" | |
| # Ingres | |
| - "Warning.*?\\Wingres_" | |
| - "Ingres SQLSTATE" | |
| - "Ingres\\W.*?Driver" | |
| - "com\\.ingres\\.gcf\\.jdbc" | |
| # FrontBase | |
| - "Exception (condition )?\\d+\\. Transaction rollback" | |
| - "com\\.frontbase\\.jdbc" | |
| - "Syntax error 1. Missing" | |
| - "(Semantic|Syntax) error [1-4]\\d{2}\\." | |
| # HSQLDB | |
| - "Unexpected end of command in statement \\[" | |
| - "Unexpected token.*?in statement \\[" | |
| - "org\\.hsqldb\\.jdbc" | |
| # H2 | |
| - "org\\.h2\\.jdbc" | |
| - "\\[42000-192\\]" | |
| # MonetDB | |
| - "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)" | |
| - "\\[MonetDB\\]\\[ODBC Driver" | |
| - "nl\\.cwi\\.monetdb\\.jdbc" | |
| # Apache Derby | |
| - "Syntax error: Encountered" | |
| - "org\\.apache\\.derby" | |
| - "ERROR 42X01" | |
| # Vertica | |
| - ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):" | |
| - "/vertica/Parser/scan" | |
| - "com\\.vertica\\.jdbc" | |
| - "org\\.jkiss\\.dbeaver\\.ext\\.vertica" | |
| - "com\\.vertica\\.dsi\\.dataengine" | |
| # Mckoi | |
| - "com\\.mckoi\\.JDBCDriver" | |
| - "com\\.mckoi\\.database\\.jdbc" | |
| - "<REGEX_LITERAL>" | |
| # Presto | |
| - "com\\.facebook\\.presto\\.jdbc" | |
| - "io\\.prestosql\\.jdbc" | |
| - "com\\.simba\\.presto\\.jdbc" | |
| - "UNION query has different number of fields: \\d+, \\d+" | |
| # Altibase | |
| - "Altibase\\.jdbc\\.driver" | |
| # MimerSQL | |
| - "com\\.mimer\\.jdbc" | |
| - "Syntax error,[^\\n]+assumed to mean" | |
| # CrateDB | |
| - "io\\.crate\\.client\\.jdbc" | |
| # Cache | |
| - "encountered after end of query" | |
| - "A comparison operator is required here" | |
| # Raima Database Manager | |
| - "-10048: Syntax error" | |
| - "rdmStmtPrepare\\(.+?\\) returned" | |
| # Virtuoso | |
| - "SQ074: Line \\d+:" | |
| - "SR185: Undefined procedure" | |
| - "SQ200: No table " | |
| - "Virtuoso S0002 Error" | |
| - "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]" | |
| condition: or | |
| extractors: | |
| - type: regex | |
| name: MySQL | |
| regex: | |
| - "SQL syntax.*?MySQL" | |
| - "Warning.*?\\Wmysqli?_" | |
| - "MySQLSyntaxErrorException" | |
| - "valid MySQL result" | |
| - "check the manual that (corresponds to|fits) your MySQL server version" | |
| - "Unknown column '[^ ]+' in 'field list'" | |
| - "MySqlClient\\." | |
| - "com\\.mysql\\.jdbc" | |
| - "Zend_Db_(Adapter|Statement)_Mysqli_Exception" | |
| - "Pdo[./_\\\\]Mysql" | |
| - "MySqlException" | |
| - "SQLSTATE[\\d+]: Syntax error or access violation" | |
| - type: regex | |
| name: MariaDB | |
| regex: | |
| - "check the manual that (corresponds to|fits) your MariaDB server version" | |
| - type: regex | |
| name: Drizzel | |
| regex: | |
| - "check the manual that (corresponds to|fits) your Drizzle server version" | |
| - type: regex | |
| name: MemSQL | |
| regex: | |
| - "MemSQL does not support this type of query" | |
| - "is not supported by MemSQL" | |
| - "unsupported nested scalar subselect" | |
| - type: regex | |
| name: PostgreSQL | |
| regex: | |
| - "PostgreSQL.*?ERROR" | |
| - "Warning.*?\\Wpg_" | |
| - "valid PostgreSQL result" | |
| - "Npgsql\\." | |
| - "PG::SyntaxError:" | |
| - "org\\.postgresql\\.util\\.PSQLException" | |
| - "ERROR:\\s\\ssyntax error at or near" | |
| - "ERROR: parser: parse error at or near" | |
| - "PostgreSQL query failed" | |
| - "org\\.postgresql\\.jdbc" | |
| - "Pdo[./_\\\\]Pgsql" | |
| - "PSQLException" | |
| - type: regex | |
| name: MicrosoftSQLServer | |
| regex: | |
| - "Driver.*? SQL[\\-\\_\\ ]*Server" | |
| - "OLE DB.*? SQL Server" | |
| - "\\bSQL Server[^<"]+Driver" | |
| - "Warning.*?\\W(mssql|sqlsrv)_" | |
| - "\\bSQL Server[^<"]+[0-9a-fA-F]{8}" | |
| - "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)" | |
| - "(?s)Exception.*?\\bRoadhouse\\.Cms\\." | |
| - "Microsoft SQL Native Client error '[0-9a-fA-F]{8}" | |
| - "\\[SQL Server\\]" | |
| - "ODBC SQL Server Driver" | |
| - "ODBC Driver \\d+ for SQL Server" | |
| - "SQLServer JDBC Driver" | |
| - "com\\.jnetdirect\\.jsql" | |
| - "macromedia\\.jdbc\\.sqlserver" | |
| - "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception" | |
| - "com\\.microsoft\\.sqlserver\\.jdbc" | |
| - "Pdo[./_\\\\](Mssql|SqlSrv)" | |
| - "SQL(Srv|Server)Exception" | |
| - "Unclosed quotation mark after the character string" | |
| - type: regex | |
| name: MicrosoftAccess | |
| regex: | |
| - "Microsoft Access (\\d+ )?Driver" | |
| - "JET Database Engine" | |
| - "Access Database Engine" | |
| - "ODBC Microsoft Access" | |
| - "Syntax error \\(missing operator\\) in query expression" | |
| - type: regex | |
| name: Oracle | |
| regex: | |
| - "\\bORA-\\d{5}" | |
| - "Oracle error" | |
| - "Oracle.*?Driver" | |
| - "Warning.*?\\W(oci|ora)_" | |
| - "quoted string not properly terminated" | |
| - "SQL command not properly ended" | |
| - "macromedia\\.jdbc\\.oracle" | |
| - "oracle\\.jdbc" | |
| - "Zend_Db_(Adapter|Statement)_Oracle_Exception" | |
| - "Pdo[./_\\\\](Oracle|OCI)" | |
| - "OracleException" | |
| - type: regex | |
| name: IBMDB2 | |
| regex: | |
| - "CLI Driver.*?DB2" | |
| - "DB2 SQL error" | |
| - "\\bdb2_\\w+\\(" | |
| - "SQLCODE[=:\\d, -]+SQLSTATE" | |
| - "com\\.ibm\\.db2\\.jcc" | |
| - "Zend_Db_(Adapter|Statement)_Db2_Exception" | |
| - "Pdo[./_\\\\]Ibm" | |
| - "DB2Exception" | |
| - "ibm_db_dbi\\.ProgrammingError" | |
| - type: regex | |
| name: Informix | |
| regex: | |
| - "Warning.*?\\Wifx_" | |
| - "Exception.*?Informix" | |
| - "Informix ODBC Driver" | |
| - "ODBC Informix driver" | |
| - "com\\.informix\\.jdbc" | |
| - "weblogic\\.jdbc\\.informix" | |
| - "Pdo[./_\\\\]Informix" | |
| - "IfxException" | |
| - type: regex | |
| name: Firebird | |
| regex: | |
| - "Dynamic SQL Error" | |
| - "Warning.*?\\Wibase_" | |
| - "org\\.firebirdsql\\.jdbc" | |
| - "Pdo[./_\\\\]Firebird" | |
| - type: regex | |
| name: SQLite | |
| regex: | |
| - "SQLite/JDBCDriver" | |
| - "SQLite\\.Exception" | |
| - "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException" | |
| - "Warning.*?\\W(sqlite_|SQLite3::)" | |
| - "\\[SQLITE_ERROR\\]" | |
| - "SQLite error \\d+:" | |
| - "sqlite3.OperationalError:" | |
| - "SQLite3::SQLException" | |
| - "org\\.sqlite\\.JDBC" | |
| - "Pdo[./_\\\\]Sqlite" | |
| - "SQLiteException" | |
| - type: regex | |
| name: SAPMaxDB | |
| regex: | |
| - "SQL error.*?POS([0-9]+)" | |
| - "Warning.*?\\Wmaxdb_" | |
| - "DriverSapDB" | |
| - "-3014.*?Invalid end of SQL statement" | |
| - "com\\.sap\\.dbtech\\.jdbc" | |
| - "\\[-3008\\].*?: Invalid keyword or missing delimiter" | |
| - type: regex | |
| name: Sybase | |
| regex: | |
| - "Warning.*?\\Wsybase_" | |
| - "Sybase message" | |
| - "Sybase.*?Server message" | |
| - "SybSQLException" | |
| - "Sybase\\.Data\\.AseClient" | |
| - "com\\.sybase\\.jdbc" | |
| - type: regex | |
| name: Ingres | |
| regex: | |
| - "Warning.*?\\Wingres_" | |
| - "Ingres SQLSTATE" | |
| - "Ingres\\W.*?Driver" | |
| - "com\\.ingres\\.gcf\\.jdbc" | |
| - type: regex | |
| name: FrontBase | |
| regex: | |
| - "Exception (condition )?\\d+\\. Transaction rollback" | |
| - "com\\.frontbase\\.jdbc" | |
| - "Syntax error 1. Missing" | |
| - "(Semantic|Syntax) error \\[1-4\\]\\d{2}\\." | |
| - type: regex | |
| name: HSQLDB | |
| regex: | |
| - "Unexpected end of command in statement \\[" | |
| - "Unexpected token.*?in statement \\[" | |
| - "org\\.hsqldb\\.jdbc" | |
| - type: regex | |
| name: H2 | |
| regex: | |
| - "org\\.h2\\.jdbc" | |
| - "\\[42000-192\\]" | |
| - type: regex | |
| name: MonetDB | |
| regex: | |
| - "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)" | |
| - "\\[MonetDB\\]\\[ODBC Driver" | |
| - "nl\\.cwi\\.monetdb\\.jdbc" | |
| - type: regex | |
| name: ApacheDerby | |
| regex: | |
| - "Syntax error: Encountered" | |
| - "org\\.apache\\.derby" | |
| - "ERROR 42X01" | |
| - type: regex | |
| name: Vertica | |
| regex: | |
| - ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):" | |
| - "/vertica/Parser/scan" | |
| - "com\\.vertica\\.jdbc" | |
| - "org\\.jkiss\\.dbeaver\\.ext\\.vertica" | |
| - "com\\.vertica\\.dsi\\.dataengine" | |
| - type: regex | |
| name: Mckoi | |
| regex: | |
| - "com\\.mckoi\\.JDBCDriver" | |
| - "com\\.mckoi\\.database\\.jdbc" | |
| - "<REGEX_LITERAL>" | |
| - type: regex | |
| name: Presto | |
| regex: | |
| - "com\\.facebook\\.presto\\.jdbc" | |
| - "io\\.prestosql\\.jdbc" | |
| - "com\\.simba\\.presto\\.jdbc" | |
| - "UNION query has different number of fields: \\d+, \\d+" | |
| - type: regex | |
| name: Altibase | |
| regex: | |
| - "Altibase\\.jdbc\\.driver" | |
| - type: regex | |
| name: MimerSQL | |
| regex: | |
| - "com\\.mimer\\.jdbc" | |
| - "Syntax error,[^\\n]+assumed to mean" | |
| - type: regex | |
| name: CrateDB | |
| regex: | |
| - "io\\.crate\\.client\\.jdbc" | |
| - type: regex | |
| name: Cache | |
| regex: | |
| - "encountered after end of query" | |
| - "A comparison operator is required here" | |
| - type: regex | |
| name: RaimaDatabaseManager | |
| regex: | |
| - "-10048: Syntax error" | |
| - "rdmStmtPrepare\\(.+?\\) returned" | |
| - type: regex | |
| name: Virtuoso | |
| regex: | |
| - "SQ074: Line \\d+:" | |
| - "SR185: Undefined procedure" | |
| - "SQ200: No table " | |
| - "Virtuoso S0002 Error" | |
| - "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment