-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
75cde67
commit a7bb820
Showing
3 changed files
with
215 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,59 @@ | ||
SQLI_ERRORS = read(string.format("%s/txt/sqli_errs.txt",SCRIPT_PATH)) | ||
|
||
PAYLOADS = { | ||
"'123", | ||
"''123", | ||
"`123", | ||
"\")123", | ||
"\"))123", | ||
"`)123", | ||
"`))123", | ||
"'))123", | ||
"')123\"123", | ||
"[]123", | ||
"\"\"123", | ||
"'\"123", | ||
"\"'123", | ||
"\123", | ||
} | ||
|
||
local function send_report(url,parameter,payload,matching_error) | ||
NewReport:setName("SQL Injection") | ||
NewReport:setDescription("https://owasp.org/www-community/attacks/SQL_Injection") | ||
NewReport:setRisk("high") | ||
NewReport:setUrl(url) | ||
NewReport:setParam(parameter) | ||
NewReport:setAttack(payload) | ||
NewReport:setEvidence(matching_error) | ||
end | ||
|
||
function main(url) | ||
local resp = http:send("GET",HttpMessage:getUrl()) | ||
if resp.errors:GetErrorOrNil() then | ||
local log_msg = string.format("[SQLI_ERRORS] Connection Error: %s",new_url) | ||
log_error(log_msg) | ||
return | ||
end | ||
for param_index, param_name in pairs(HttpMessage:getParams()) do | ||
STOP_PARAM = false | ||
for payload_index, payload in pairs(PAYLOADS) do | ||
local new_url = HttpMessage:setParam(param_name,payload) | ||
local resp = http:send("GET",new_url) | ||
local body = resp.body:GetStrOrNil() | ||
if STOP_PARAM == true then | ||
break | ||
end | ||
for sqlerror_match in SQLI_ERRORS:gmatch("[^\n]+") do | ||
local match = is_match(sqlerror_match,body) | ||
if ( match == false or match == nil) then | ||
-- NOTHING | ||
else | ||
send_report(resp.url:GetStrOrNil(),param_name,payload,sqlerror_match) | ||
Reports:addReport(NewReport) | ||
STOP_PARAM = true | ||
break | ||
end | ||
end | ||
end | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,155 @@ | ||
unsupported nested scalar subselect | ||
ibm_db_dbi\.ProgrammingError | ||
(?s)Exception.*?Roadhouse\.Cms\. | ||
Warning.*?\Wmaxdb_ | ||
![0-9]{5}![^] | ||
nl\.cwi\.monetdb\.jdbc | ||
SQLServer JDBC Driver | ||
Pdo[./_\](Oracle|OCI) | ||
SQL Server[^<"]+[0-9a-fA-F]{8} | ||
DB-Error.* | ||
quoted string not properly terminated | ||
check the manual that (corresponds to|fits) your MySQL server version | ||
valid MySQL result | ||
org\.jkiss\.dbeaver\.ext\.vertica | ||
/vertica/Parser/scan | ||
Altibase\.jdbc\.driver | ||
ODBC SQL Server Driver | ||
ORA-\d{5} | ||
is not supported by MemSQL | ||
SQL Server[^<"]+Driver | ||
Warning.*?\Wsybase_ | ||
Syntax error \(missing operator\) in query expression | ||
macromedia\.jdbc\.oracle | ||
\[-3008\].*?: Invalid keyword or missing delimiter | ||
org\.sqlite\.JDBC | ||
com\.mckoi\.database\.jdbc | ||
Sybase.*?Server message | ||
Unexpected end of command in statement \[ | ||
macromedia\.jdbc\.sqlserver | ||
Oracle.*?Driver | ||
Warning.*?\W(oci|ora)_ | ||
OLE DB.*? SQL Server | ||
Virtuoso S0002 Error | ||
Pdo[./_\]Mysql | ||
SybSQLException | ||
Oracle error | ||
Warning.*?\W(sqlite_|SQLite3::) | ||
SQLite/JDBCDriver | ||
Zend_Db_(Adapter|Statement)_Db2_Exception | ||
Pdo[./_\]Pgsql | ||
ERROR:\s\ssyntax error at or near | ||
Warning.*?\Wifx_ | ||
SQ074: Line \d+: | ||
Syntax error 1. Missing | ||
<REGEX_LITERAL> | ||
MySQLSyntaxErrorException | ||
\[42000-192\] | ||
org\.h2\.jdbc | ||
Driver.*? SQL[\-\_\ ]*Server | ||
com\.mysql\.jdbc | ||
DriverSapDB | ||
com\.sap\.dbtech\.jdbc | ||
CLI Driver.*?DB2 | ||
io\.prestosql\.jdbc | ||
com\.mckoi\.JDBCDriver | ||
org\.firebirdsql\.jdbc | ||
Sybase message | ||
Zend_Db_(Adapter|Statement)_Oracle_Exception | ||
-10048: Syntax error | ||
MemSQL does not support this type of query | ||
Warning.*?\Wibase_ | ||
org\.hsqldb\.jdbc | ||
com\.sybase\.jdbc | ||
PSQLException | ||
com\.facebook\.presto\.jdbc | ||
Pdo[./_\]Firebird | ||
SQLCODE[=:\d, -]+SQLSTATE | ||
Dynamic SQL Error | ||
org\.postgresql\.util\.PSQLException | ||
ODBC Informix driver | ||
SQL syntax.*?MySQL | ||
check the manual that (corresponds to|fits) your MariaDB server version | ||
Unclosed quotation mark after the character string | ||
Pdo[./_\]Ibm | ||
-3014.*?Invalid end of SQL statement | ||
Microsoft SQL Native Client error '[0-9a-fA-F]{8} | ||
SQ200: No table | ||
com\.ibm\.db2\.jcc | ||
Microsoft Access (\d+ )?Driver | ||
PostgreSQL query failed | ||
Access Database Engine | ||
Pdo[./_\]Sqlite | ||
ODBC Driver \d+ for SQL Server | ||
SR185: Undefined procedure | ||
sqlite3.OperationalError: | ||
Syntax error,[^ | ||
JET Database Engine | ||
Exception.*?Informix | ||
Warning.*?\Wmysqli?_ | ||
Zend_Db_(Adapter|Statement)_Mysqli_Exception | ||
valid PostgreSQL result | ||
com\.jnetdirect\.jsql | ||
DB2Exception | ||
Informix ODBC Driver | ||
]+assumed to mean | ||
\[SQL Server\] | ||
oracle\.jdbc | ||
Warning.*?\Wpg_ | ||
SQL error.*?POS([0-9]+) | ||
Syntax error: Encountered | ||
Npgsql\. | ||
SQLite error \d+: | ||
SQL(Srv|Server)Exception | ||
Ingres SQLSTATE | ||
com\.vertica\.dsi\.dataengine | ||
org\.apache\.derby | ||
UNION query has different number of fields: \d+, \d+ | ||
IfxException | ||
weblogic\.jdbc\.informix | ||
Unknown column '[^ ]+' in 'field list' | ||
]+(failed|unexpected|error|syntax|expected|violation|exception) | ||
SQL command not properly ended | ||
com\.simba\.presto\.jdbc | ||
io\.crate\.client\.jdbc | ||
Sybase\.Data\.AseClient | ||
DB2 SQL error | ||
\[SQLITE_ERROR\] | ||
PostgreSQL.*?ERROR | ||
com\.informix\.jdbc | ||
Unexpected token.*?in statement \[ | ||
Exception (condition )?\d+\. Transaction rollback | ||
A comparison operator is required here | ||
db2_\w+\( | ||
com\.ingres\.gcf\.jdbc | ||
ERROR 42X01 | ||
OracleException | ||
(Semantic|Syntax) error [1-4]\d{2}\. | ||
Zend_Db_(Adapter|Statement)_Sqlsrv_Exception | ||
System\.Data\.SqlClient\.SqlException\.(SqlException|SqlConnection\.OnError) | ||
com\.mimer\.jdbc | ||
SQLiteException | ||
(Microsoft|System)\.Data\.SQLite\.SQLiteException | ||
check the manual that (corresponds to|fits) your Drizzle server version | ||
\[(Virtuoso Driver|Virtuoso iODBC Driver)\]\[Virtuoso Server\] | ||
Warning.*?\W(mssql|sqlsrv)_ | ||
SQLSTATE\[\d+\]: Syntax error or access violation | ||
ODBC Microsoft Access | ||
MySqlException | ||
org\.postgresql\.jdbc | ||
Pdo[./_\]Informix | ||
Warning.*?\Wingres_ | ||
com\.vertica\.jdbc | ||
encountered after end of query | ||
PG::SyntaxError: | ||
\[MonetDB\]\[ODBC Driver | ||
com\.microsoft\.sqlserver\.jdbc | ||
Ingres\W.*?Driver | ||
, Sqlstate: (3F|42).{3}, (Routine|Hint|Position): | ||
Pdo[./_\](Mssql|SqlSrv) | ||
ERROR: parser: parse error at or near | ||
MySqlClient\. | ||
com\.frontbase\.jdbc | ||
SQLite3::SQLException | ||
rdmStmtPrepare\(.+?\) returned | ||
SQLite\.Exception |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
"><img src=x onerror=alert()> |