forked from wallarm/fast-detects
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sqli-error-based.yaml
129 lines (129 loc) · 4.6 KB
/
sqli-error-based.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
generate:
- payload:
- '''"\' # '"\ payload to cause any SQL-related crash
- "'\\\""
- '''"'
- "wlrm'),\");\\'(%c0%67--"
- method:
- postfix
detect:
- response:
- body: 'ERROR:.*LINE [0-9]+'
- body: 'syntax error at'
- body: 'sql error'
- body: 'invalid input syntax for '
- body: 'unterminated quoted string at'
- body: 'SQL syntax.*?MySQL'
- body: 'Warning.*?mysql_'
- body: 'valid MySQL result'
- body: 'MySqlClient\.'
- body: 'PostgreSQL.*?ERROR'
- body: 'Warning.*?(pg|PG)_/'
- body: 'valid PostgreSQL result'
- body: 'Npgsql\.'
- body: 'Driver.*?SQL.*?Server'
- body: 'OLE DB.*?SQL Server'
- body: 'SQL Server.*?Driver'
- body: 'Warning.*?mssql_'
- body: 'SQL Server.*?[0-9a-fA-F]{8}'
- body: 'Exception.*?System\.Data\.SqlClient\.'
- body: 'Exception.*?Roadhouse\.Cms\.'
- body: 'Microsoft Access Driver'
- body: 'JET Database Engine'
- body: 'Access Database Engine'
- body: 'ORA-[0-9]{4}'
- body: 'Oracle error'
- body: 'Oracle.*?Driver'
- body: 'Warning.*?(oci|OCI)_'
- body: 'Warning.*?(ora|ORA)_'
- body: 'CLI Driver.*?DB2'
- body: 'DB2 SQL error'
- body: 'SQLite\/JDBCDriver'
- body: 'SQLite.*?Exception'
- body: 'System.*?Data.*?SQLite.*?SQLiteException'
- body: 'Warning.*?sqlite'
- body: 'Warning.*?SQLite3::'
- body: 'SQLITE_ERROR'
- body: 'Warning.*?sybase'
- body: 'Sybase message'
- body: 'Sybase.*?Server message'
- body: 'SybSQLException'
- body: 'com\.sybase\.jdbc'
- body: 'Warning.*?ingres_\.jdbc'
- body: 'Ingres SQLSTATE'
- body: 'Ingres.*?Driver'
- body: 'Exception.*?Transaction rollback'
- body: 'org\.hsqldb\.jdbc'
- body: 'Unexpected end of command in statement'
- body: 'Unexpected token.*?in statement'
- body: 'Query failed: ERROR:'
- body: 'System\.Data\.OleDb\.OleDbException'
- body: 'SQL Server'
- body: '\[Microsoft\]\[ODBC SQL Server Driver\]'
- body: 'SQLServer JDBC Driver'
- body: 'SqlException'
- body: 'System\.Data\.SqlClient\.SqlException'
- body: 'Unclosed quotation mark after the character string'
- body: '''80040e14'''
- body: 'mssql_query\(\)'
- body: 'odbc_exec\(\)'
- body: 'Microsoft OLE DB Provider for ODBC Drivers'
- body: 'Microsoft OLE DB Provider for SQL Server'
- body: 'Incorrect syntax near'
- body: 'Sintaxis incorrecta cerca de'
- body: 'Syntax error in string in query expression'
- body: 'ADODB\.Field \(0x800A0BCD\)<br>'
- body: 'Procedure.*?requires parameter.*?'
- body: 'ADODB\.Recordset'
- body: 'Unclosed quotation mark before the character string'
- body: '''80040e07'''
- body: 'Microsoft SQL Native Client error'
- body: 'SQLCODE'
- body: 'DB2 SQL error:'
- body: 'SQLSTATE'
- body: 'CLI Driver'
- body: '\[DB2\/6000\]'
- body: 'Sybase message:'
- body: 'Sybase Driver'
- body: 'SYBASE'
- body: 'Syntax error in query expression'
- body: 'Data type mismatch in criteria expression'
- body: 'Microsoft JET Database Engine'
- body: '\[Microsoft\]\[ODBC Microsoft Access Driver\]'
- body: '(PLS|ORA)-[0-9][0-9][0-9][0-9]'
- body: 'PostgreSQL query failed:'
- body: 'supplied argument is not a valid PostgreSQL result'
- body: 'pg_query\(\) \[:'
- body: 'pg_exec\(\) \[:'
- body: 'supplied argument is not a valid MySQL'
- body: 'Column count doesn''t match value count at row'
- body: 'mysql_fetch_array\(\)'
- body: 'mysql_'
- body: 'on MySQL result index'
- body: 'You have an error in your SQL syntax;'
- body: 'You have an error in your SQL syntax near'
- body: 'MySQL server version for the right syntax to use'
- body: '\[MySQL\]\[ODBC'
- body: 'Column count doesn''t match'
- body: 'the used select statements have different number of columns'
- body: 'Table.*?doesn''t exist'
- body: 'DBD::mysql::st execute failed'
- body: 'DBD::mysql::db do failed'
- body: 'com\.informix\.jdbc'
- body: 'Dynamic Page Generation Error'
- body: 'An illegal character has been found in the statement'
- body: 'Informix'
- body: 'DM_QUERY_E_SYNTAX'
- body: 'has occurred in the vicinity of'
- body: 'A Parser Error \(syntax error\)'
- body: 'java\.sql\.SQLException'
- body: 'Unexpected end of command in statement'
- body: '\[Macromedia\]\[SQLServer JDBC Driver\]'
- body: 'UPDATE .*? SET .*?'
- body: 'INSERT INTO .*?'
- body: 'Unknown column'
- body: 'ERROR:\s*operator is not unique'
- body: 'no such function'
meta-info:
- type: sqli
- threat: 90