nuclei-templates/file/logs/suspicious-sql-error-messag...

45 lines
993 B
YAML

id: suspicious-sql-error-messages
info:
name: SQL - Error Messages
author: geeknik
severity: critical
description: SQL error messages that indicate probing for an injection attack were detected.
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cwe-id: CWE-89
tags: file,logs,sql,error
file:
- extensions:
- all
extractors:
- type: regex
name: oracle
part: body
regex:
- 'quoted string not properly terminated'
- type: regex
name: mysql
part: body
regex:
- 'You have an error in your SQL syntax'
- type: regex
name: sql_server
part: body
regex:
- 'Unclosed quotation mark'
- type: regex
name: sqlite
part: body
regex:
- 'near \"\*\"\: syntax error'
- 'SELECTs to the left and right of UNION do not have the same number of result columns'