44 lines
1.2 KiB
YAML
44 lines
1.2 KiB
YAML
id: suspicious-sql-error-messages
|
|
|
|
info:
|
|
name: SQL - Error Messages
|
|
author: geeknik
|
|
severity: critical
|
|
description: SQL error messages that indicate probing for an injection attack were detected.
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
|
cvss-score: 9.8
|
|
cwe-id: CWE-89
|
|
tags: file,logs,sql,error
|
|
file:
|
|
- extensions:
|
|
- all
|
|
|
|
extractors:
|
|
- type: regex
|
|
name: oracle
|
|
part: body
|
|
regex:
|
|
- 'quoted string not properly terminated'
|
|
|
|
- type: regex
|
|
name: mysql
|
|
part: body
|
|
regex:
|
|
- 'You have an error in your SQL syntax'
|
|
|
|
- type: regex
|
|
name: sql_server
|
|
part: body
|
|
regex:
|
|
- 'Unclosed quotation mark'
|
|
|
|
- type: regex
|
|
name: sqlite
|
|
part: body
|
|
regex:
|
|
- 'near \"\*\"\: syntax error'
|
|
- 'SELECTs to the left and right of UNION do not have the same number of result columns'
|
|
|
|
# digest: 490a0046304402201d5d530c0efe89b2780c5a407266a640c4f3ddc7ccf1c39f27855bb9675b456e022031ffc06367293118a8f9c8e3ce0c116256961abbea5b0761b4954f7070fa6349:922c64590222798bb761d5b6d8e72950
|