|
1 | 1 | variables: |
| 2 | + |
2 | 3 | domain: |
3 | 4 | - ru |
4 | 5 | - gov.ru |
5 | 6 |
|
6 | | - sqli_db: |
7 | | - - '"ORA-"' |
8 | | - - '"ODBC"' |
9 | | - - '"SQLite"' |
10 | | - - '"password"' |
11 | | - - '"SQLSTATE"' |
12 | | - - '"Warning:"' |
13 | | - - '"SQL syntax"' |
14 | | - - '"PostgreSQL"' |
15 | | - - '"mysql_fetch"' |
16 | | - - '"DB_PASSWORD"' |
17 | | - - '"Warning: mysqli"' |
18 | | - - '"index of" ".git"' |
19 | | - - '"PostgreSQL ERROR"' |
20 | | - - '"SQLite3::SQLException"' |
21 | | - - '"Unclosed quotation mark"' |
22 | | - - '"api_key"' |
23 | | - - '"BEGIN RSA PRIVATE KEY"' |
24 | | - - '"AWS_SECRET_ACCESS_KEY"' |
25 | | - - '"You have an error in your SQL syntax"' |
26 | | - - '"Microsoft OLE DB Provider for SQL Server"' |
| 7 | + sqli_errors: |
| 8 | + - "SQL syntax" |
| 9 | + - "SQL error" |
| 10 | + - "database error" |
| 11 | + - "mysqli" |
| 12 | + - "ODBC SQL Server Driver" |
| 13 | + - "Unclosed quotation mark" |
| 14 | + - "PostgreSQL ERROR" |
| 15 | + - "SQLite3::SQLException" |
| 16 | + - "You have an error in your SQL syntax" |
27 | 17 |
|
28 | 18 | param: |
29 | | - - ?id |
30 | 19 | - id= |
31 | | - - ?cat |
32 | | - - .php? |
33 | | - - index.php |
| 20 | + - cat= |
| 21 | + - page= |
| 22 | + - php?id= |
| 23 | + - index.php?id= |
34 | 24 | - login.php |
35 | 25 | - admin.php |
36 | 26 |
|
| 27 | + |
37 | 28 | templates: |
38 | 29 |
|
39 | | - sqli: |
40 | | - mode: aggressive |
| 30 | + # SOFT MODE: basic SQL error discovery |
| 31 | + sqli_surface: |
| 32 | + mode: soft |
41 | 33 | dorks: |
42 | 34 | - 'site:{domain} inurl:{param}' |
43 | | - - 'site:{domain} intext:{sqli_db}' |
44 | | - - 'site:{domain} inurl:{param} intext:{sqli_db}' |
| 35 | + - 'site:{domain} "{sqli_errors}"' |
| 36 | + - 'site:{domain} intext:{sqli_errors}' |
| 37 | + |
| 38 | + |
| 39 | + # MEDIUM MODE: typical SQL injection indicators |
| 40 | + sqli_discovery: |
| 41 | + mode: medium |
| 42 | + dorks: |
| 43 | + - 'site:{domain} inurl:{param} "{sqli_errors}"' |
| 44 | + - 'site:{domain} inurl:{param} intext:{sqli_errors}' |
| 45 | + - 'site:{domain} intext:{sqli_errors}' |
| 46 | + - 'site:{domain} inurl:{param}' |
| 47 | + |
| 48 | + |
| 49 | + # AGGRESSIVE MODE: exposed SQL errors and stack traces |
| 50 | + sqli_exposed: |
| 51 | + mode: aggressive |
| 52 | + dorks: |
| 53 | + - 'site:{domain} inurl:{param} "SQL syntax"' |
| 54 | + - 'site:{domain} inurl:{param} "SQL error"' |
| 55 | + - 'site:{domain} inurl:{param} "database error"' |
| 56 | + - 'site:{domain} inurl:{param} "Unclosed quotation mark"' |
| 57 | + - 'site:{domain} inurl:{param} "ODBC SQL Server Driver"' |
| 58 | + - 'site:{domain} inurl:{param} "Microsoft OLE DB Provider for SQL Server"' |
| 59 | + - 'site:{domain} inurl:{param} "Warning: mysqli"' |
| 60 | + - 'site:{domain} inurl:{param} "You have an error in your SQL syntax"' |
| 61 | + - 'site:{domain} "SQLite3::SQLException"' |
0 commit comments