1
id: fuzz-body
2

3
info:
4
  name: fuzzing error sqli payloads in http req body
5
  author: pdteam
6
  severity: info
7
  description: |
8
    This template attempts to find SQL injection vulnerabilities by fuzzing http body
9
    It automatically handles and parses json,xml,multipart form and x-www-form-urlencoded data
10
    and performs fuzzing on the value of every key
11

12
http:
13
  - pre-condition:
14
      - type: dsl
15
        dsl:
16
          - method != "GET"
17
          - method != "HEAD"
18
        condition: and
19
    
20
    payloads:
21
      injection:
22
        - "'"
23
        - "\""
24
        - ";"
25
    
26
    fuzzing:
27
      - part: body
28
        type: postfix
29
        mode: single
30
        fuzz:
31
          - '{{injection}}'
32
  
33
    stop-at-first-match: true
34
    matchers:
35
      - type: word
36
        words:
37
          - "unrecognized token:"
38
          - "null"
39

40