-
Notifications
You must be signed in to change notification settings - Fork 25
/
sqli-error-based.bb
1 lines (1 loc) · 5.01 KB
/
sqli-error-based.bb
1
[{"Name":"sqli-error-based","Enabled":false,"Scanner":1,"Author":"@GochaOqradze","Payloads":["\u0027\"\\","wlrm\u0027),\");\u0027(%c0%67--"],"Encoder":[],"UrlEncode":false,"CharsToUrlEncode":"","Grep":["true,Or,ERROR:.*LINE [0-9]+","true,Or,syntax error at","true,Or,sql error","true,Or,invalid input syntax for ","true,Or,unterminated quoted string at","true,Or,SQL syntax.*?MySQL","true,Or,Warning.*?mysql_","true,Or,valid MySQL result","true,Or,MySqlClient\\.","true,Or,PostgreSQL.*?ERROR","true,Or,Warning.*?(pg|PG)_/","true,Or,valid PostgreSQL result","true,Or,Npgsql\\.","true,Or,Driver.*?SQL.*?Server","true,Or,OLE DB.*?SQL Server","true,Or,SQL Server.*?Driver","true,Or,Warning.*?mssql_","true,Or,SQL Server.*?[0-9a-fA-F]{8}","true,Or,Exception.*?System\\.Data\\.SqlClient\\.","true,Or,Exception.*?Roadhouse\\.Cms\\.","true,Or,Microsoft Access Driver","true,Or,JET Database Engine","true,Or,Access Database Engine","true,Or,ORA-[0-9]{4}","true,Or,Oracle error","true,Or,Oracle.*?Driver","true,Or,Warning.*?(oci|OCI)_","true,Or,Warning.*?(ora|ORA)_","true,Or,CLI Driver.*?DB2","true,Or,DB2 SQL error","true,Or,SQLite\\/JDBCDriver","true,Or,SQLite.*?Exception","true,Or,System.*?Data.*?SQLite.*?SQLiteException","true,Or,Warning.*?sqlite","true,Or,Warning.*?SQLite3::","true,Or,SQLITE_ERROR","true,Or,Warning.*?sybase","true,Or,Sybase message","true,Or,Sybase.*?Server message","true,Or,SybSQLException","true,Or,com\\.sybase\\.jdbc","true,Or,Warning.*?ingres_\\.jdbc","true,Or,Ingres SQLSTATE","true,Or,Ingres.*?Driver","true,Or,Exception.*?Transaction rollback","true,Or,org\\.hsqldb\\.jdbc","true,Or,Unexpected end of command in statement","true,Or,Unexpected token.*?in statement","true,Or,Query failed: ERROR:","true,Or,System\\.Data\\.OleDb\\.OleDbException","true,Or,SQL Server","true,Or,\\[Microsoft\\]\\[ODBC SQL Server Driver\\]","true,Or,SQLServer JDBC Driver","true,Or,SqlException","true,Or,System\\.Data\\.SqlClient\\.SqlException","true,Or,Unclosed quotation mark after the character string","true,Or,\u0027\u002780040e14\u0027\u0027","true,Or,mssql_query\\(\\)","true,Or,odbc_exec\\(\\)","true,Or,Microsoft OLE DB Provider for ODBC Drivers","true,Or,Microsoft OLE DB Provider for SQL Server","true,Or,Incorrect syntax near","true,Or,Sintaxis incorrecta cerca de","true,Or,Syntax error in string in query expression","true,Or,ADODB\\.Field \\(0x800A0BCD\\)\u003cbr\u003e","true,Or,Procedure.*?requires parameter.*?","true,Or,ADODB\\.Recordset","true,Or,Unclosed quotation mark before the character string","true,Or,\u0027\u002780040e07\u0027\u0027","true,Or,Microsoft SQL Native Client error","true,Or,SQLCODE","true,Or,DB2 SQL error:","true,Or,SQLSTATE","true,Or,CLI Driver","true,Or,\\[DB2\\/6000\\]","true,Or,Sybase message:","true,Or,Sybase Driver","true,Or,SYBASE","true,Or,Syntax error in query expression","true,Or,Data type mismatch in criteria expression","true,Or,Microsoft JET Database Engine","true,Or,\\[Microsoft\\]\\[ODBC Microsoft Access Driver\\]","true,Or,(PLS|ORA)-[0-9][0-9][0-9][0-9]","true,Or,PostgreSQL query failed:","true,Or,supplied argument is not a valid PostgreSQL result","true,Or,pg_query\\(\\) \\[:","true,Or,pg_exec\\(\\) \\[:","true,Or,supplied argument is not a valid MySQL","true,Or,Column count doesn\u0027\u0027t match value count at row","true,Or,mysql_fetch_array\\(\\)","true,Or,mysql_","true,Or,on MySQL result index","true,Or,You have an error in your SQL syntax;","true,Or,You have an error in your SQL syntax near","true,Or,MySQL server version for the right syntax to use","true,Or,\\[MySQL\\]\\[ODBC","true,Or,Column count doesn\u0027\u0027t match","true,Or,the used select statements have different number of columns","true,Or,Table.*?doesn\u0027\u0027t exist","true,Or,DBD::mysql::st execute failed","true,Or,DBD::mysql::db do failed","true,Or,com\\.informix\\.jdbc","true,Or,Dynamic Page Generation Error","true,Or,An illegal character has been found in the statement","true,Or,Informix","true,Or,DM_QUERY_E_SYNTAX","true,Or,has occurred in the vicinity of","true,Or,A Parser Error \\(syntax error\\)","true,Or,java\\.sql\\.SQLException","true,Or,Unexpected end of command in statement","true,Or,\\[Macromedia\\]\\[SQLServer JDBC Driver\\]","true,Or,UPDATE .*? SET .*?","true,Or,INSERT INTO .*?","true,Or,Unknown column","true,Or,ERROR:\\s*operator is not unique","true,Or,no such function"],"Tags":["sqli","All"],"PayloadResponse":false,"NotResponse":false,"TimeOut":"","isTime":false,"contentLength":"","iscontentLength":false,"CaseSensitive":false,"ExcludeHTTP":false,"OnlyHTTP":false,"IsContentType":false,"ContentType":"","NegativeCT":false,"IsResponseCode":false,"ResponseCode":"","NegativeRC":false,"isurlextension":false,"NegativeUrlExtension":false,"MatchType":2,"RedirType":0,"MaxRedir":0,"payloadPosition":1,"payloadsFile":"","grepsFile":"","IssueName":"sqli-error-based","IssueSeverity":"High","IssueConfidence":"Firm","IssueDetail":"sqli-error-based","RemediationDetail":"","IssueBackground":"","RemediationBackground":"","Header":[],"VariationAttributes":[],"InsertionPointType":[65,32,1,2,6,33,64,0,3,37,127],"Scantype":0,"pathDiscovery":false}]