SQL - Error Messages

ID: suspicious-sql-error-messages

Severity: critical

Author: geeknik

Tags: file,logs,sql,error

Description

SQL error messages that indicate probing for an injection attack were detected.

YAML Source

id: suspicious-sql-error-messages

info:
  name: SQL - Error Messages
  author: geeknik
  severity: critical
  description: SQL error messages that indicate probing for an injection attack were detected.
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cwe-id: CWE-89
  tags: file,logs,sql,error
file:
  - extensions:
      - all

    extractors:
      - type: regex
        name: oracle
        part: body
        regex:
          - 'quoted string not properly terminated'

      - type: regex
        name: mysql
        part: body
        regex:
          - 'You have an error in your SQL syntax'

      - type: regex
        name: sql_server
        part: body
        regex:
          - 'Unclosed quotation mark'

      - type: regex
        name: sqlite
        part: body
        regex:
          - 'near \"\*\"\: syntax error'
          - 'SELECTs to the left and right of UNION do not have the same number of result columns'
# digest: 4a0a00473045022100bfb5ecc073310c8f74cac84d8f9073b3208093b6ac943385ed07b3cae4f02c390220382860a04570ec6396de93c738a871330ba21a26bb772da23ba9fd8551682f4e:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

$ nuclei -u "URL" -t "file/logs/suspicious-sql-error-messages.yaml"

View on Github