├── README.md
└── ScanMySQLiErrorBased.yaml


/README.md:
--------------------------------------------------------------------------------
 1 | # ScanMySQLiErrorBased-Nuclei
 2 | 
 3 | This script allows to find MySQLi vulnerabilities Based on Errors with nuclei, taking advantage of this resource in its maximum analysis capacity.
 4 | 
 5 | ## Testing Fuzzing GET
 6 | 
 7 | In the first instance they must collect the urls with the GET parameters.
 8 | 
 9 | ![image](https://user-images.githubusercontent.com/66162160/182507568-cf2c040f-42ea-4aec-b8f9-53b18c4d239a.png)
10 | 
11 | 
12 | ```sh
13 | cat /home/hernan/test.txt | nuclei -t /home/hernan/Web/Vulnerabilidades/DAST/sqli-hernan.yaml
14 | ```
15 | 
16 | ![image](https://user-images.githubusercontent.com/66162160/182507247-3ece8524-e0ed-4988-8daa-01bd6c8e9585.png)
17 | 


--------------------------------------------------------------------------------
/ScanMySQLiErrorBased.yaml:
--------------------------------------------------------------------------------
 1 | id: ScanMySQLiErrorBased 
 2 | 
 3 | info:
 4 |   name:  MySQLInjection Detected
 5 |   author: Hernan Rodriguez
 6 |   severity: High
 7 | 
 8 | requests:
 9 |   - method: GET
10 | 
11 |     path:
12 |     
13 |       - "{{BaseURL}}*"
14 |       - "{{BaseURL}}-"
15 |       - "{{BaseURL}}'"
16 |       - "{{BaseURL}}')"
17 |       - "{{BaseURL}}`))"
18 |       - "{{BaseURL}}``"
19 |       - "{{BaseURL}};"
20 |       - "{{BaseURL}}//"
21 |       - "{{BaseURL}}' AND id IS NULL; --"      
22 |       - "{{BaseURL}}/*…*/"
23 |       - "{{BaseURL}}-x()"
24 |       - "{{BaseURL}}[1]"
25 |       - "{{BaseURL}}/!1111'/"
26 |       - "{{BaseURL}}+"
27 |       - "{{BaseURL}} 1 or 1"
28 | 
29 | 
30 |     extractors:
31 |       - type: regex
32 |         part: body
33 |         regex:
34 |           - "An error occurred | array_merge() | valid MySQL result |MySqlClient.|mysqli_.*| SQL syntax.*MySQL|Warning.*mysql_.*"
35 | 
36 | 


--------------------------------------------------------------------------------