2021-03-17 17:30:53 +00:00
id : error-based-sql-injection
info :
name : Error based SQL injection
author : geeknik
2023-03-27 17:46:47 +00:00
severity : critical
description : Detects potential SQL injection via error strings in 29 database engines. Inspired by https://github.com/sqlmapproject/sqlmap/blob/master/data/xml/errors.xml.
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score : 9.8
cwe-id : CWE-89
2022-01-04 19:34:16 +00:00
tags : sqli,generic,error
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2021-03-17 17:30:53 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-04-23 14:12:58 +00:00
- method : GET
path :
- "{{BaseURL}}/'"
2021-03-17 17:30:53 +00:00
matchers-condition : and
matchers :
- type : word
words :
- "Adminer"
# False Positive
part : body
negative : true
- type : regex
regex :
# MySQL
- "SQL syntax.*?MySQL"
- "Warning.*?\\Wmysqli?_"
- "MySQLSyntaxErrorException"
- "valid MySQL result"
- "check the manual that (corresponds to|fits) your MySQL server version"
- "Unknown column '[^ ]+' in 'field list'"
- "MySqlClient\\."
- "com\\.mysql\\.jdbc"
- "Zend_Db_(Adapter|Statement)_Mysqli_Exception"
- "Pdo[./_\\\\]Mysql"
- "MySqlException"
- "SQLSTATE\\[\\d+\\]: Syntax error or access violation"
# MariaDB
- "check the manual that (corresponds to|fits) your MariaDB server version"
# Drizzle
- "check the manual that (corresponds to|fits) your Drizzle server version"
# MemSQL
- "MemSQL does not support this type of query"
- "is not supported by MemSQL"
- "unsupported nested scalar subselect"
# PostgreSQL
- "PostgreSQL.*?ERROR"
- "Warning.*?\\Wpg_"
- "valid PostgreSQL result"
- "Npgsql\\."
- "PG::SyntaxError:"
- "org\\.postgresql\\.util\\.PSQLException"
- "ERROR:\\s\\ssyntax error at or near"
- "ERROR: parser: parse error at or near"
- "PostgreSQL query failed"
- "org\\.postgresql\\.jdbc"
- "Pdo[./_\\\\]Pgsql"
- "PSQLException"
# Microsoft SQL Server
- "Driver.*? SQL[\\-\\_\\ ]*Server"
- "OLE DB.*? SQL Server"
- "\\bSQL Server[^<"]+Driver"
- "Warning.*?\\W(mssql|sqlsrv)_"
- "\\bSQL Server[^<"]+[0-9a-fA-F]{8}"
- "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)"
- "(?s)Exception.*?\\bRoadhouse\\.Cms\\."
- "Microsoft SQL Native Client error '[0-9a-fA-F]{8}"
- "\\[SQL Server\\]"
- "ODBC SQL Server Driver"
- "ODBC Driver \\d+ for SQL Server"
- "SQLServer JDBC Driver"
- "com\\.jnetdirect\\.jsql"
- "macromedia\\.jdbc\\.sqlserver"
- "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"
- "com\\.microsoft\\.sqlserver\\.jdbc"
- "Pdo[./_\\\\](Mssql|SqlSrv)"
- "SQL(Srv|Server)Exception"
- "Unclosed quotation mark after the character string"
# Microsoft Access
- "Microsoft Access (\\d+ )?Driver"
- "JET Database Engine"
- "Access Database Engine"
- "ODBC Microsoft Access"
- "Syntax error \\(missing operator\\) in query expression"
# Oracle
- "\\bORA-\\d{5}"
- "Oracle error"
- "Oracle.*?Driver"
- "Warning.*?\\W(oci|ora)_"
- "quoted string not properly terminated"
- "SQL command not properly ended"
- "macromedia\\.jdbc\\.oracle"
- "oracle\\.jdbc"
- "Zend_Db_(Adapter|Statement)_Oracle_Exception"
- "Pdo[./_\\\\](Oracle|OCI)"
- "OracleException"
# IBM DB2
- "CLI Driver.*?DB2"
- "DB2 SQL error"
- "\\bdb2_\\w+\\("
- "SQLCODE[=:\\d, -]+SQLSTATE"
- "com\\.ibm\\.db2\\.jcc"
- "Zend_Db_(Adapter|Statement)_Db2_Exception"
- "Pdo[./_\\\\]Ibm"
- "DB2Exception"
- "ibm_db_dbi\\.ProgrammingError"
# Informix
- "Warning.*?\\Wifx_"
- "Exception.*?Informix"
- "Informix ODBC Driver"
- "ODBC Informix driver"
- "com\\.informix\\.jdbc"
- "weblogic\\.jdbc\\.informix"
- "Pdo[./_\\\\]Informix"
- "IfxException"
# Firebird
- "Dynamic SQL Error"
- "Warning.*?\\Wibase_"
- "org\\.firebirdsql\\.jdbc"
- "Pdo[./_\\\\]Firebird"
# SQLite
- "SQLite/JDBCDriver"
- "SQLite\\.Exception"
- "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException"
- "Warning.*?\\W(sqlite_|SQLite3::)"
- "\\[SQLITE_ERROR\\]"
- "SQLite error \\d+:"
- "sqlite3.OperationalError:"
- "SQLite3::SQLException"
- "org\\.sqlite\\.JDBC"
- "Pdo[./_\\\\]Sqlite"
- "SQLiteException"
# SAP MaxDB
- "SQL error.*?POS([0-9]+)"
- "Warning.*?\\Wmaxdb_"
- "DriverSapDB"
- "-3014.*?Invalid end of SQL statement"
- "com\\.sap\\.dbtech\\.jdbc"
- "\\[-3008\\].*?: Invalid keyword or missing delimiter"
# Sybase
- "Warning.*?\\Wsybase_"
- "Sybase message"
- "Sybase.*?Server message"
- "SybSQLException"
- "Sybase\\.Data\\.AseClient"
- "com\\.sybase\\.jdbc"
# Ingres
- "Warning.*?\\Wingres_"
- "Ingres SQLSTATE"
- "Ingres\\W.*?Driver"
- "com\\.ingres\\.gcf\\.jdbc"
# FrontBase
- "Exception (condition )?\\d+\\. Transaction rollback"
- "com\\.frontbase\\.jdbc"
- "Syntax error 1. Missing"
- "(Semantic|Syntax) error [1-4]\\d{2}\\."
# HSQLDB
- "Unexpected end of command in statement \\["
- "Unexpected token.*?in statement \\["
- "org\\.hsqldb\\.jdbc"
# H2
- "org\\.h2\\.jdbc"
- "\\[42000-192\\]"
# MonetDB
- "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)"
- "\\[MonetDB\\]\\[ODBC Driver"
- "nl\\.cwi\\.monetdb\\.jdbc"
# Apache Derby
- "Syntax error: Encountered"
- "org\\.apache\\.derby"
- "ERROR 42X01"
# Vertica
- ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"
- "/vertica/Parser/scan"
- "com\\.vertica\\.jdbc"
- "org\\.jkiss\\.dbeaver\\.ext\\.vertica"
- "com\\.vertica\\.dsi\\.dataengine"
# Mckoi
- "com\\.mckoi\\.JDBCDriver"
- "com\\.mckoi\\.database\\.jdbc"
- "<REGEX_LITERAL>"
# Presto
- "com\\.facebook\\.presto\\.jdbc"
- "io\\.prestosql\\.jdbc"
- "com\\.simba\\.presto\\.jdbc"
- "UNION query has different number of fields: \\d+, \\d+"
# Altibase
- "Altibase\\.jdbc\\.driver"
# MimerSQL
- "com\\.mimer\\.jdbc"
- "Syntax error,[^\\n]+assumed to mean"
# CrateDB
- "io\\.crate\\.client\\.jdbc"
# Cache
- "encountered after end of query"
- "A comparison operator is required here"
# Raima Database Manager
- "-10048: Syntax error"
- "rdmStmtPrepare\\(.+?\\) returned"
# Virtuoso
- "SQ074: Line \\d+:"
- "SR185: Undefined procedure"
- "SQ200: No table "
- "Virtuoso S0002 Error"
- "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]"
condition : or
extractors :
- type : regex
name : MySQL
regex :
- "SQL syntax.*?MySQL"
- "Warning.*?\\Wmysqli?_"
- "MySQLSyntaxErrorException"
- "valid MySQL result"
- "check the manual that (corresponds to|fits) your MySQL server version"
- "Unknown column '[^ ]+' in 'field list'"
- "MySqlClient\\."
- "com\\.mysql\\.jdbc"
- "Zend_Db_(Adapter|Statement)_Mysqli_Exception"
- "Pdo[./_\\\\]Mysql"
- "MySqlException"
- "SQLSTATE[\\d+]: Syntax error or access violation"
- type : regex
name : MariaDB
regex :
- "check the manual that (corresponds to|fits) your MariaDB server version"
- type : regex
name : Drizzel
regex :
- "check the manual that (corresponds to|fits) your Drizzle server version"
- type : regex
name : MemSQL
regex :
- "MemSQL does not support this type of query"
- "is not supported by MemSQL"
- "unsupported nested scalar subselect"
- type : regex
name : PostgreSQL
regex :
- "PostgreSQL.*?ERROR"
- "Warning.*?\\Wpg_"
- "valid PostgreSQL result"
- "Npgsql\\."
- "PG::SyntaxError:"
- "org\\.postgresql\\.util\\.PSQLException"
- "ERROR:\\s\\ssyntax error at or near"
- "ERROR: parser: parse error at or near"
- "PostgreSQL query failed"
- "org\\.postgresql\\.jdbc"
- "Pdo[./_\\\\]Pgsql"
- "PSQLException"
- type : regex
name : MicrosoftSQLServer
regex :
- "Driver.*? SQL[\\-\\_\\ ]*Server"
- "OLE DB.*? SQL Server"
- "\\bSQL Server[^<"]+Driver"
- "Warning.*?\\W(mssql|sqlsrv)_"
- "\\bSQL Server[^<"]+[0-9a-fA-F]{8}"
- "System\\.Data\\.SqlClient\\.SqlException\\.(SqlException|SqlConnection\\.OnError)"
- "(?s)Exception.*?\\bRoadhouse\\.Cms\\."
- "Microsoft SQL Native Client error '[0-9a-fA-F]{8}"
- "\\[SQL Server\\]"
- "ODBC SQL Server Driver"
- "ODBC Driver \\d+ for SQL Server"
- "SQLServer JDBC Driver"
- "com\\.jnetdirect\\.jsql"
- "macromedia\\.jdbc\\.sqlserver"
- "Zend_Db_(Adapter|Statement)_Sqlsrv_Exception"
- "com\\.microsoft\\.sqlserver\\.jdbc"
- "Pdo[./_\\\\](Mssql|SqlSrv)"
- "SQL(Srv|Server)Exception"
- "Unclosed quotation mark after the character string"
- type : regex
name : MicrosoftAccess
regex :
- "Microsoft Access (\\d+ )?Driver"
- "JET Database Engine"
- "Access Database Engine"
- "ODBC Microsoft Access"
- "Syntax error \\(missing operator\\) in query expression"
- type : regex
name : Oracle
regex :
- "\\bORA-\\d{5}"
- "Oracle error"
- "Oracle.*?Driver"
- "Warning.*?\\W(oci|ora)_"
- "quoted string not properly terminated"
- "SQL command not properly ended"
- "macromedia\\.jdbc\\.oracle"
- "oracle\\.jdbc"
- "Zend_Db_(Adapter|Statement)_Oracle_Exception"
- "Pdo[./_\\\\](Oracle|OCI)"
- "OracleException"
- type : regex
name : IBMDB2
regex :
- "CLI Driver.*?DB2"
- "DB2 SQL error"
- "\\bdb2_\\w+\\("
- "SQLCODE[=:\\d, -]+SQLSTATE"
- "com\\.ibm\\.db2\\.jcc"
- "Zend_Db_(Adapter|Statement)_Db2_Exception"
- "Pdo[./_\\\\]Ibm"
- "DB2Exception"
- "ibm_db_dbi\\.ProgrammingError"
- type : regex
name : Informix
regex :
- "Warning.*?\\Wifx_"
- "Exception.*?Informix"
- "Informix ODBC Driver"
- "ODBC Informix driver"
- "com\\.informix\\.jdbc"
- "weblogic\\.jdbc\\.informix"
- "Pdo[./_\\\\]Informix"
- "IfxException"
- type : regex
name : Firebird
regex :
- "Dynamic SQL Error"
- "Warning.*?\\Wibase_"
- "org\\.firebirdsql\\.jdbc"
- "Pdo[./_\\\\]Firebird"
- type : regex
name : SQLite
regex :
- "SQLite/JDBCDriver"
- "SQLite\\.Exception"
- "(Microsoft|System)\\.Data\\.SQLite\\.SQLiteException"
- "Warning.*?\\W(sqlite_|SQLite3::)"
- "\\[SQLITE_ERROR\\]"
- "SQLite error \\d+:"
- "sqlite3.OperationalError:"
- "SQLite3::SQLException"
- "org\\.sqlite\\.JDBC"
- "Pdo[./_\\\\]Sqlite"
- "SQLiteException"
- type : regex
name : SAPMaxDB
regex :
- "SQL error.*?POS([0-9]+)"
- "Warning.*?\\Wmaxdb_"
- "DriverSapDB"
- "-3014.*?Invalid end of SQL statement"
- "com\\.sap\\.dbtech\\.jdbc"
- "\\[-3008\\].*?: Invalid keyword or missing delimiter"
- type : regex
name : Sybase
regex :
- "Warning.*?\\Wsybase_"
- "Sybase message"
- "Sybase.*?Server message"
- "SybSQLException"
- "Sybase\\.Data\\.AseClient"
- "com\\.sybase\\.jdbc"
- type : regex
name : Ingres
regex :
- "Warning.*?\\Wingres_"
- "Ingres SQLSTATE"
- "Ingres\\W.*?Driver"
- "com\\.ingres\\.gcf\\.jdbc"
- type : regex
name : FrontBase
regex :
- "Exception (condition )?\\d+\\. Transaction rollback"
- "com\\.frontbase\\.jdbc"
- "Syntax error 1. Missing"
- "(Semantic|Syntax) error \\[1-4\\]\\d{2}\\."
- type : regex
name : HSQLDB
regex :
- "Unexpected end of command in statement \\["
- "Unexpected token.*?in statement \\["
- "org\\.hsqldb\\.jdbc"
- type : regex
name : H2
regex :
- "org\\.h2\\.jdbc"
- "\\[42000-192\\]"
- type : regex
name : MonetDB
regex :
- "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)"
- "\\[MonetDB\\]\\[ODBC Driver"
- "nl\\.cwi\\.monetdb\\.jdbc"
- type : regex
name : ApacheDerby
regex :
- "Syntax error: Encountered"
- "org\\.apache\\.derby"
- "ERROR 42X01"
- type : regex
name : Vertica
regex :
- ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):"
- "/vertica/Parser/scan"
- "com\\.vertica\\.jdbc"
- "org\\.jkiss\\.dbeaver\\.ext\\.vertica"
- "com\\.vertica\\.dsi\\.dataengine"
- type : regex
name : Mckoi
regex :
- "com\\.mckoi\\.JDBCDriver"
- "com\\.mckoi\\.database\\.jdbc"
- "<REGEX_LITERAL>"
- type : regex
name : Presto
regex :
- "com\\.facebook\\.presto\\.jdbc"
- "io\\.prestosql\\.jdbc"
- "com\\.simba\\.presto\\.jdbc"
- "UNION query has different number of fields: \\d+, \\d+"
- type : regex
name : Altibase
regex :
- "Altibase\\.jdbc\\.driver"
- type : regex
name : MimerSQL
regex :
- "com\\.mimer\\.jdbc"
- "Syntax error,[^\\n]+assumed to mean"
- type : regex
name : CrateDB
regex :
- "io\\.crate\\.client\\.jdbc"
- type : regex
name : Cache
regex :
- "encountered after end of query"
- "A comparison operator is required here"
- type : regex
name : RaimaDatabaseManager
regex :
- "-10048: Syntax error"
- "rdmStmtPrepare\\(.+?\\) returned"
- type : regex
name : Virtuoso
regex :
- "SQ074: Line \\d+:"
- "SR185: Undefined procedure"
- "SQ200: No table "
- "Virtuoso S0002 Error"
- "\\[(Virtuoso Driver|Virtuoso iODBC Driver)\\]\\[Virtuoso Server\\]"