CoCalc -- fuzz-body-multipart-form-sqli.yaml

GitHub Repository: projectdiscovery/nuclei
Path: blob/dev/integration_tests/fuzz/fuzz-body-multipart-form-sqli.yaml
²⁰⁷⁰ views

1
id: body-multipart-error-sqli
2

3
info:
4
  name: fuzzing error sqli payloads in body of multipart form data
5
  author: pdteam
6
  severity: info
7
  description: |
8
    This template attempts to find SQL injection vulnerabilities by fuzzing http body of multipart form data (file upload, etc.)
9
    This is achieved by performing [ruleType](example: postfix) on value of body form key
10
    Note: this is example template, and payloads/matchers need to be modified appropriately.
11

12
http:
13
  - pre-condition:
14
      - type: dsl
15
        dsl:
16
          - method != "GET"
17
          - method != "HEAD"
18
          - contains(content_type, "multipart/form-data")
19
          - contains(path, "/user") # for scope of integration test
20
        condition: and
21
    
22
    payloads:
23
      injection:
24
        - "'"
25
        - "\""
26
        - ";"
27
    
28
    fuzzing:
29
      - part: body
30
        type: postfix
31
        mode: single
32
        fuzz:
33
          - '{{injection}}'
34
  
35
    stop-at-first-match: true
36
    matchers:
37
      - type: word
38
        words:
39
          - "unrecognized token:"
40
          - "null"
41
          - "SELECTs to the left and right of UNION do not have the same number of result columns"
42

43

Product

Resources

Company