id: suspicious-sql-error-messages info: name: SQL - Error Messages author: geeknik severity: high description: SQL error messages that indicate probing for an injection attack were detected. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.8 cwe-id: CWE-89 tags: file,logs,sql,error file: - extensions: - all extractors: - type: regex name: oracle part: body regex: - 'quoted string not properly terminated' - type: regex name: mysql part: body regex: - 'You have an error in your SQL syntax' - type: regex name: sql_server part: body regex: - 'Unclosed quotation mark' - type: regex name: sqlite part: body regex: - 'near \"\*\"\: syntax error' - 'SELECTs to the left and right of UNION do not have the same number of result columns' # Enhanced by mp on 2022/10/12