forked from ghsec/ghsec-jaeles-signatures
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsqli-error.yaml
118 lines (91 loc) · 5.68 KB
/
sqli-error.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# info to search signature
id: SQLi-Error
type: fuzz
info:
name: SQLi Error detection
risk: High
# origin: gonna come from Burp
payloads:
- "'"
- '"'
- "`"
requests:
- generators:
# Change exist content type or adding new one
- Query("[[.original]]{{.payload}}")
- Path("[[.original]]{{.payload}}", "*")
- Body("{{.payload}}")
- Cookie("[[.original]]{{.payload}}")
detections:
# Cache
- >-
RegexSearch("resBody", "encountered after end of query|A comparison operator is required here")
# CrateDB
- >-
RegexSearch("resBody", "io\.crate\.client\.jdbc")
# MimerSQL
- >-
RegexSearch("resBody", "com\.mimer\.jdbc|Syntax error,[^\n]+assumed to mean")
# Altibase
- >-
RegexSearch("resBody", "Altibase\.jdbc\.driver")
# Presto
- >-
RegexSearch("resBody", "com\.facebook\.presto\.jdbc|io\.prestosql\.jdbc|com\.simba\.presto\.jdbc|UNION query has different number of fields: [0-9]+, [0-9]+")
# Mckoi
- >-
RegexSearch("resBody", "com\.mckoi\.JDBCDriver|com\.mckoi\.database\.jdbc|<REGEX_LITERAL>")
# Vertica
- >-
RegexSearch("resBody", ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):|/vertica/Parser/scan|com\.vertica\.jdbc|org\.jkiss\.dbeaver\.ext\.vertica|com\.vertica\.dsi\.dataengine")
# Apache Derby
- >-
RegexSearch("resBody", "Syntax error: Encountered|org\.apache\.derby|ERROR 42X01")
# MonetDB
- >-
RegexSearch("resBody", "![0-9]{5}![^\n]+(failed|unexpected|error|syntax|expected|violation|exception)|\[MonetDB\]\[ODBC Driver|nl\.cwi\.monetdb\.jdbc")
# H2
- >-
RegexSearch("resBody", "org\.h2\.jdbc")
# HSQLDB
- >-
RegexSearch("resBody", "Unexpected end of command in statement \[|Unexpected token.*?in statement \[|org\.hsqldb\.jdbc")
# FrontBase
- >-
RegexSearch("resBody", "Exception (condition )?[0-9]+\. Transaction rollback|com\.frontbase\.jdbc|Syntax error 1. Missing|(Semantic|Syntax) error [1-4][0-9]{2}\.")
# Ingres
- >-
RegexSearch("resBody", "Warning.*?\Wingres_|Ingres SQLSTATE|Ingres\W.*?Driver|com\.ingres\.gcf\.jdbc")
# Sybase
- >-
RegexSearch("resBody", "Warning.*?\Wsybase_|Sybase message|Sybase.*?Server message|SybSQLException|Sybase\.Data\.AseClient|com\.sybase\.jdbc")
# SAP MaxDB
- >-
RegexSearch("resBody", "SQL error.*?POS([0-9]+)|Warning.*?\Wmaxdb_|DriverSapDB|-3014.*?Invalid end of SQL statement|com\.sap\.dbtech\.jdbc|\[-3008\].*?: Invalid keyword or missing delimiter")
# SQLite
- >-
RegexSearch("resBody", "SQLite/JDBCDriver|SQLite\.Exception|(Microsoft|System)\.Data\.SQLite\.SQLiteException|Warning.*?\W(sqlite_|SQLite3::)|SQLite error [0-9]{1,}:|sqlite3.OperationalError:|SQLite3::SQLException|org\.sqlite\.JDBC|SQLiteException")
# Firebird
- >-
RegexSearch("resBody", "Dynamic SQL Error|Warning.*?\Wibase_|org\.firebirdsql\.jdbc")
# Informix
- >-
RegexSearch("resBody", "Warning.*?\Wifx_|Exception.*?Informix|Informix ODBC Driver|ODBC Informix driver|com\.informix\.jdbc|weblogic\.jdbc\.informix|IfxException")
# IBM DB2
- >-
RegexSearch("resBody", "CLI Driver.*?DB2|DB2 SQL error|\bdb2_\w+\(|SQLCODE[=:\d, -]+SQLSTATE|com\.ibm\.db2\.jcc|Zend_Db_(Adapter|Statement)_Db2_Exception|DB2Exception|ibm_db_dbi\.ProgrammingError")
# Oracle
- >-
RegexSearch("resBody", "\bORA-\d{5}|Oracle error|Oracle.*?Driver|Warning.*?\W(oci|ora)_|quoted string not properly terminated|SQL command not properly ended|macromedia\.jdbc\.oracle|oracle\.jdbc|Zend_Db_(Adapter|Statement)_Oracle_Exception|OracleException")
# Microsoft Access
- >-
RegexSearch("resBody", "Microsoft Access ([0-9]+ )?Driver|JET Database Engine|Access Database Engine|ODBC Microsoft Access|Syntax error \(missing operator\) in query expression")
# Microsoft SQL Server
- >-
RegexSearch("resBody", "Driver.*? SQL[\-\_\ ]*Server|OLE DB.*? SQL Server|\bSQL Server[^<"]+Driver|Warning.*?\W(mssql|sqlsrv)_|\bSQL Server[^<"]+[0-9a-fA-F]{8}|System\.Data\.SqlClient\.SqlException|(?s)Exception.*?\bRoadhouse\.Cms\.|Microsoft SQL Native Client error '[0-9a-fA-F]{8}|ODBC SQL Server Driver|ODBC Driver \d+ for SQL Server|SQLServer JDBC Driver|com\.jnetdirect\.jsql|macromedia\.jdbc\.sqlserver|Zend_Db_(Adapter|Statement)_Sqlsrv_Exception|com\.microsoft\.sqlserver\.jdbc|SQL(Srv|Server)Exception")
# MySql
- >-
RegexSearch("resBody", "check the manual that (corresponds to|fits) your MySQL server version|SQL syntax.*?MySQL|Warning.*?\Wmysqli?_|MySQLSyntaxErrorException|valid MySQL result|check the manual that (corresponds to|fits) your MariaDB server version\" fork=\"MariaDB|check the manual that (corresponds to|fits) your Drizzle server version\" fork=\"Drizzle|Unknown column '[^ ]+' in 'field list'|MySqlClient\.|com\.mysql\.jdbc|Zend_Db_(Adapter|Statement)_Mysqli_Exception|MySqlException|SQLSTATE\[\d+\]: Syntax error or access violation|MemSQL does not support this type of query\" fork=\"MemSQL|is not supported by MemSQL\" fork=\"MemSQL|unsupported nested scalar subselect\" fork=\"MemSQL")
# PostgreSQL
- >-
RegexSearch("resBody", "PostgreSQL.*?ERROR|Warning.*?\Wpg_|valid PostgreSQL result|Npgsql\.|PG::SyntaxError:|org\.postgresql\.util\.PSQLException|ERROR:\s\ssyntax error at or near|ERROR: parser: parse error at or near|PostgreSQL query failed|org\.postgresql\.jdbc|PSQLException")