From a4fa2c9ec7e12b7d9e92ce4768018da48a430798 Mon Sep 17 00:00:00 2001 From: arjun Date: Fri, 24 Jan 2025 19:48:37 +0530 Subject: [PATCH] feature eq_obj --- .../AdvancedUnionBasedSQLiGET.yml | 54 +++++++++++++++++- .../AdvancedUnionBasedSQLiLoginEndpoint.yml | 54 +++++++++++++++++- .../AdvancedUnionBasedSQLiPOST.yml | 54 +++++++++++++++++- .../AdvancedUnionBasedSQLiXSS.yml | 54 +++++++++++++++++- .../AdvancedUnionBasedSQLiXSSGET.yml | 53 +++++++++++++++++- .../AdvancedUnionBasedSQLiXSSPOST.yml | 53 +++++++++++++++++- .../AlternateEncodingSQLi.yml | 46 +++++++++++++++- .../AlternateEncodingSQLiGET.yml | 44 ++++++++++++++- .../AlternateEncodingSQLiPOST.yml | 4 +- .../BasicUnionBasedSQLiGET.yml | 50 ++++++++++++++++- .../BasicUnionBasedSQLiLoginEndpoint.yml | 50 ++++++++++++++++- .../BasicUnionBasedSQLiPOST.yml | 4 +- .../BooleanBasedSQLiGET.yml | 8 ++- .../BooleanBasedSQLiLoginEndpoint.yml | 5 +- .../BooleanBasedSQLiPOST.yml | 7 ++- .../BooleanBasedSQLiXSS.yml | 55 +++++++++++++++++-- .../BooleanBasedSQLiXSSGET.yml | 55 +++++++++++++++++-- .../BooleanBasedSQLiXSSPOST.yml | 51 ++++++++++++++++- .../ErrorBasedSQLiXSS.yml | 50 ++++++++++++++++- .../JWTAppendSQLInjectionMySQL.yml | 46 +++++++++++++++- .../JWTAppendSQLInjectionPostgreSQL.yml | 46 +++++++++++++++- .../JWTAppendSQLInjectionSQLite.yml | 49 ++++++++++++++++- .../PaymentGatewaySQLInjectionMySQL.yml | 51 ++++++++++++++++- .../PaymentGatewaySQLInjectionPostgreSQL.yml | 53 +++++++++++++++++- .../PaymentGatewaySQLInjectionSQLite.yml | 53 +++++++++++++++++- .../PaymentGatewaySQLiMySQLDBGET.yml | 51 ++++++++++++++++- .../PaymentGatewaySQLiSQLiteGET.yml | 53 +++++++++++++++++- .../SecondOrderSQLiXSS.yml | 51 ++++++++++++++++- .../SecondOrderSQLiXSSGET.yml | 51 ++++++++++++++++- Broken-User-Authentication/StoredSQLiXSS.yml | 55 ++++++++++++++++++- .../StoredSQLiXSSGET.yml | 55 ++++++++++++++++++- .../UnionBasedMySQLiEnforceCommentPOST.yml | 54 +++++++++++++++++- ...EnforcingCommentPayloadOnLoginEndpoint.yml | 54 +++++++++++++++++- ...yExtractPasswordPayloadOnLoginEndpoint.yml | 50 ++++++++++++++++- ...yExtractUsernamePayloadOnLoginEndpoint.yml | 50 ++++++++++++++++- ...ySQLiSubqueryExtractPasswordPayloadGET.yml | 50 ++++++++++++++++- ...SQLiSubqueryExtractPasswordPayloadPOST.yml | 4 +- ...SQLiSubqueryExtractUsernamePayloadPOST.yml | 4 +- ...QLiWithURLEncodedPayloadsLoginEndpoint.yml | 51 ++++++++++++++++- ...nBasedMySQLiWithURLEncodedPayloadsPOST.yml | 5 +- ...onBasedMySQLiWithUrlEncodedPayloadsGET.yml | 51 ++++++++++++++++- ...SQLiCreditCardDetailsExtractionPayload.yml | 55 ++++++++++++++++++- ...gresSQLiCreditCardDetailsExtractionGET.yml | 55 ++++++++++++++++++- ...resSQLiCreditCardDetailsExtractionPOST.yml | 55 ++++++++++++++++++- .../UnionBasedSQLiXSS.yml | 49 ++++++++++++++++- .../UnionBasedSQLiXSSGET.yml | 49 ++++++++++++++++- .../UnionBasedSQLiXSSPOST.yml | 49 ++++++++++++++++- ...sedSQLiwithXSSandHTTPResponseSplitting.yml | 49 ++++++++++++++++- .../UnionCaseChangeBasedMySQLDBSQLiGET.yml | 49 ++++++++++++++++- ...eChangeBasedMySQLDBSQLiOnLoginEndpoint.yml | 49 ++++++++++++++++- .../UnionCaseChangeBasedMySQLDBSQLiPOST.yml | 50 ++++++++++++++++- .../UnionColumnBasedSQLiGET.yml | 4 +- .../UnionColumnBasedSQLiLoginEndpoint.yml | 50 ++++++++++++++++- .../UnionColumnBasedSQLiPOST.yml | 7 ++- .../UnionDataTypeBasedSQLiLoginEndpoint.yml | 50 ++++++++++++++++- .../UnionDataTypeBasedSQLiPOST.yml | 7 ++- .../UnionInlineCommentBasedMySQLiGET.yml | 52 +++++++++++++++++- .../UnionInlineCommentBasedMySQLiPOST.yml | 4 +- ...nlineCommentBasedMySQLionLoginEndpoint.yml | 52 +++++++++++++++++- .../UserEnumerationAccountLock.yml | 2 +- .../UserEnumerationPasswordReset.yml | 5 +- .../UserEnumerationRegistrationProcess.yml | 5 +- .../UserEnumerationViaResponseContent.yml | 5 +- .../UsernameEnumerationCaptchaEndpoint.yml | 2 +- ...sernameEnumerationRedirectPageAnalysis.yml | 4 +- .../NoSQLiBooleanBasedJSONBodyParamJS.yml | 4 +- .../NoSQLiBooleanBasedQueryParamJS.yml | 4 +- .../NoSQLiBooleanBasedQueryParamRegex.yml | 4 +- .../NoSQLiBooleanBasedReplaceBodyObject.yml | 4 +- ...LiBooleanBasedReplaceBodyRegexFunction.yml | 4 +- 70 files changed, 2411 insertions(+), 105 deletions(-) diff --git a/Broken-User-Authentication/AdvancedUnionBasedSQLiGET.yml b/Broken-User-Authentication/AdvancedUnionBasedSQLiGET.yml index 920b2e77..864d61c5 100644 --- a/Broken-User-Authentication/AdvancedUnionBasedSQLiGET.yml +++ b/Broken-User-Authentication/AdvancedUnionBasedSQLiGET.yml @@ -199,6 +199,58 @@ execute: - "root:" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${userVal}${unionNegativeBasedPayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "table_name" + - "column_name" + - "database" + - "schema_name" + - "root:" + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/AdvancedUnionBasedSQLiLoginEndpoint.yml b/Broken-User-Authentication/AdvancedUnionBasedSQLiLoginEndpoint.yml index 3f4a9d9d..3ed6903e 100644 --- a/Broken-User-Authentication/AdvancedUnionBasedSQLiLoginEndpoint.yml +++ b/Broken-User-Authentication/AdvancedUnionBasedSQLiLoginEndpoint.yml @@ -208,6 +208,58 @@ execute: - "root:" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${unionNegativeBasedPayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "table_name" + - "column_name" + - "database" + - "schema_name" + - "root:" + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/AdvancedUnionBasedSQLiPOST.yml b/Broken-User-Authentication/AdvancedUnionBasedSQLiPOST.yml index fb5440f8..8c7a20cc 100644 --- a/Broken-User-Authentication/AdvancedUnionBasedSQLiPOST.yml +++ b/Broken-User-Authentication/AdvancedUnionBasedSQLiPOST.yml @@ -199,6 +199,58 @@ execute: - "root:" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${unionNegativeBasedPayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "table_name" + - "column_name" + - "database" + - "schema_name" + - "root:" + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/AdvancedUnionBasedSQLiXSS.yml b/Broken-User-Authentication/AdvancedUnionBasedSQLiXSS.yml index 96c4d3c6..6bc2256b 100644 --- a/Broken-User-Authentication/AdvancedUnionBasedSQLiXSS.yml +++ b/Broken-User-Authentication/AdvancedUnionBasedSQLiXSS.yml @@ -152,7 +152,6 @@ execute: - Sorry, you have been blocked - UNION - SELECT - - success: x2 - failure: exit - req: @@ -203,6 +202,57 @@ execute: - "" - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${advUnionXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "" + - "" + - "" + - "" + - "" + - "" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/AdvancedUnionBasedSQLiXSSGET.yml b/Broken-User-Authentication/AdvancedUnionBasedSQLiXSSGET.yml index 573f3ee2..c2753f51 100644 --- a/Broken-User-Authentication/AdvancedUnionBasedSQLiXSSGET.yml +++ b/Broken-User-Authentication/AdvancedUnionBasedSQLiXSSGET.yml @@ -195,6 +195,57 @@ execute: - "" - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${userVal}${advUnionXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "" + - "" + - "" + - "" + - "" + - "" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/AdvancedUnionBasedSQLiXSSPOST.yml b/Broken-User-Authentication/AdvancedUnionBasedSQLiXSSPOST.yml index e595cd28..b8fa4414 100644 --- a/Broken-User-Authentication/AdvancedUnionBasedSQLiXSSPOST.yml +++ b/Broken-User-Authentication/AdvancedUnionBasedSQLiXSSPOST.yml @@ -195,6 +195,57 @@ execute: - "" - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${advUnionXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "" + - "" + - "" + - "" + - "" + - "" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/AlternateEncodingSQLi.yml b/Broken-User-Authentication/AlternateEncodingSQLi.yml index 322321e2..0e7139f8 100644 --- a/Broken-User-Authentication/AlternateEncodingSQLi.yml +++ b/Broken-User-Authentication/AlternateEncodingSQLi.yml @@ -142,6 +142,7 @@ execute: - account is locked - account is blocked - multiple failed attempts + - " OR " - success: x2 - failure: exit - req: @@ -181,5 +182,48 @@ execute: - account is locked - account is blocked - multiple failed attempts - neq: "${x1.response.body}" + - " OR " + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${encodingNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Failed + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - " OR " + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/AlternateEncodingSQLiGET.yml b/Broken-User-Authentication/AlternateEncodingSQLiGET.yml index a1fce003..3d0fcf47 100644 --- a/Broken-User-Authentication/AlternateEncodingSQLiGET.yml +++ b/Broken-User-Authentication/AlternateEncodingSQLiGET.yml @@ -174,5 +174,47 @@ execute: - account is blocked - multiple failed attempts - " OR " - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${userVal}${encodingNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Failed + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - " OR " + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/AlternateEncodingSQLiPOST.yml b/Broken-User-Authentication/AlternateEncodingSQLiPOST.yml index 7f807124..9ea6b1a7 100644 --- a/Broken-User-Authentication/AlternateEncodingSQLiPOST.yml +++ b/Broken-User-Authentication/AlternateEncodingSQLiPOST.yml @@ -174,7 +174,7 @@ execute: - account is blocked - multiple failed attempts - " OR " - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" - success: x3 - failure: exit - req: @@ -215,6 +215,6 @@ execute: - account is blocked - multiple failed attempts - " OR " - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/BasicUnionBasedSQLiGET.yml b/Broken-User-Authentication/BasicUnionBasedSQLiGET.yml index 82330231..138efdc3 100644 --- a/Broken-User-Authentication/BasicUnionBasedSQLiGET.yml +++ b/Broken-User-Authentication/BasicUnionBasedSQLiGET.yml @@ -191,5 +191,53 @@ execute: - SELECT - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${userVal}${unionNegativeBasedPayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - + - + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/BasicUnionBasedSQLiLoginEndpoint.yml b/Broken-User-Authentication/BasicUnionBasedSQLiLoginEndpoint.yml index bc44da9d..018eb5f0 100644 --- a/Broken-User-Authentication/BasicUnionBasedSQLiLoginEndpoint.yml +++ b/Broken-User-Authentication/BasicUnionBasedSQLiLoginEndpoint.yml @@ -199,5 +199,53 @@ execute: - SELECT - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${unionNegativeBasedPayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - + - + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/BasicUnionBasedSQLiPOST.yml b/Broken-User-Authentication/BasicUnionBasedSQLiPOST.yml index 51c7ca00..1f0c33af 100644 --- a/Broken-User-Authentication/BasicUnionBasedSQLiPOST.yml +++ b/Broken-User-Authentication/BasicUnionBasedSQLiPOST.yml @@ -191,7 +191,7 @@ execute: - SELECT - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" - success: x3 - failure: exit - req: @@ -238,6 +238,6 @@ execute: - SELECT - - - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/BooleanBasedSQLiGET.yml b/Broken-User-Authentication/BooleanBasedSQLiGET.yml index cd9c45ec..0c9a114c 100644 --- a/Broken-User-Authentication/BooleanBasedSQLiGET.yml +++ b/Broken-User-Authentication/BooleanBasedSQLiGET.yml @@ -131,6 +131,7 @@ execute: - CloudFlare - Sorry, you have been blocked - " AND " + - " OR " - "=" - "--" - success: x2 @@ -145,7 +146,7 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate limit @@ -157,6 +158,7 @@ execute: - CloudFlare - Sorry, you have been blocked - " OR " + - " AND " - "=" - "--" - "fail" @@ -177,7 +179,7 @@ execute: response_payload: length: gt: 0 - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit @@ -189,6 +191,7 @@ execute: - CloudFlare - Sorry, you have been blocked - " OR " + - " AND " - "=" - "--" - "fail" @@ -196,3 +199,4 @@ execute: - - - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/BooleanBasedSQLiLoginEndpoint.yml b/Broken-User-Authentication/BooleanBasedSQLiLoginEndpoint.yml index dcfc104c..37361767 100644 --- a/Broken-User-Authentication/BooleanBasedSQLiLoginEndpoint.yml +++ b/Broken-User-Authentication/BooleanBasedSQLiLoginEndpoint.yml @@ -154,7 +154,7 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate limit @@ -186,7 +186,7 @@ execute: response_payload: length: gt: 0 - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit @@ -205,3 +205,4 @@ execute: - - - success: vulnerable + - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/BooleanBasedSQLiPOST.yml b/Broken-User-Authentication/BooleanBasedSQLiPOST.yml index f63c0bf6..8142857e 100644 --- a/Broken-User-Authentication/BooleanBasedSQLiPOST.yml +++ b/Broken-User-Authentication/BooleanBasedSQLiPOST.yml @@ -145,7 +145,7 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate limit @@ -157,6 +157,7 @@ execute: - CloudFlare - Sorry, you have been blocked - " OR " + - " AND " - "=" - "--" - "fail" @@ -177,7 +178,7 @@ execute: response_payload: length: gt: 0 - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit @@ -189,6 +190,7 @@ execute: - CloudFlare - Sorry, you have been blocked - " OR " + - " AND " - "=" - "--" - "fail" @@ -196,3 +198,4 @@ execute: - - - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/BooleanBasedSQLiXSS.yml b/Broken-User-Authentication/BooleanBasedSQLiXSS.yml index aeecbed5..478fdb57 100644 --- a/Broken-User-Authentication/BooleanBasedSQLiXSS.yml +++ b/Broken-User-Authentication/BooleanBasedSQLiXSS.yml @@ -198,8 +198,55 @@ execute: - "" - "XSS" - "" - neq: "${x1.response.body}" - - success: vulnerable + neq_obj: "${x1.response.body}" + - success: x3 - failure: exit - - + - req: + - modify_body_param: + userKey: ${userVal}${booleanXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "" + - "" + - "XSS" + - "" + eq_obj: "${x2.response.body}" + - success: vulnerable + - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/BooleanBasedSQLiXSSGET.yml b/Broken-User-Authentication/BooleanBasedSQLiXSSGET.yml index 992cb972..8551ea86 100644 --- a/Broken-User-Authentication/BooleanBasedSQLiXSSGET.yml +++ b/Broken-User-Authentication/BooleanBasedSQLiXSSGET.yml @@ -193,8 +193,55 @@ execute: - "" - "XSS" - "" - neq: "${x1.response.body}" - - success: vulnerable + neq_obj: "${x1.response.body}" + - success: x3 - failure: exit - - + - req: + - modify_query_param: + userKey: ${userVal}${booleanXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "" + - "" + - "XSS" + - "" + eq_obj: "${x2.response.body}" + - success: vulnerable + - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/BooleanBasedSQLiXSSPOST.yml b/Broken-User-Authentication/BooleanBasedSQLiXSSPOST.yml index 2146f99c..0daf3696 100644 --- a/Broken-User-Authentication/BooleanBasedSQLiXSSPOST.yml +++ b/Broken-User-Authentication/BooleanBasedSQLiXSSPOST.yml @@ -193,7 +193,56 @@ execute: - "" - "XSS" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${booleanXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "" + - "" + - "XSS" + - "" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/ErrorBasedSQLiXSS.yml b/Broken-User-Authentication/ErrorBasedSQLiXSS.yml index 0470ce63..8363b0f3 100644 --- a/Broken-User-Authentication/ErrorBasedSQLiXSS.yml +++ b/Broken-User-Authentication/ErrorBasedSQLiXSS.yml @@ -194,6 +194,54 @@ execute: - "" - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${errorXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "" + - "" + - "" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/JWTAppendSQLInjectionMySQL.yml b/Broken-User-Authentication/JWTAppendSQLInjectionMySQL.yml index a5c1cca1..964ce252 100644 --- a/Broken-User-Authentication/JWTAppendSQLInjectionMySQL.yml +++ b/Broken-User-Authentication/JWTAppendSQLInjectionMySQL.yml @@ -143,7 +143,50 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + not_contains: + - rate-limit + - rate limit + - rate_limit + - Error + - Internal Server + - Failed + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - success: x3 + - failure: exit + - req: + - modify_header: + headerKey: "Bearer ${negativeJWTPayloads}" + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit @@ -175,3 +218,4 @@ execute: - account is blocked - multiple failed attempts - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/JWTAppendSQLInjectionPostgreSQL.yml b/Broken-User-Authentication/JWTAppendSQLInjectionPostgreSQL.yml index e8f8f258..c690cd84 100644 --- a/Broken-User-Authentication/JWTAppendSQLInjectionPostgreSQL.yml +++ b/Broken-User-Authentication/JWTAppendSQLInjectionPostgreSQL.yml @@ -144,7 +144,50 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + not_contains: + - rate-limit + - rate limit + - rate_limit + - Error + - Internal Server + - Failed + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - success: x3 + - failure: exit + - req: + - modify_header: + headerKey: "Bearer ${negativeJWTPayloads}" + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit @@ -176,3 +219,4 @@ execute: - account is blocked - multiple failed attempts - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/JWTAppendSQLInjectionSQLite.yml b/Broken-User-Authentication/JWTAppendSQLInjectionSQLite.yml index cff9997a..22c91961 100644 --- a/Broken-User-Authentication/JWTAppendSQLInjectionSQLite.yml +++ b/Broken-User-Authentication/JWTAppendSQLInjectionSQLite.yml @@ -147,7 +147,53 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + not_contains: + - rate-limit + - rate limit + - rate_limit + - Error + - Internal Server + - Failed + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - success: x3 + - failure: exit + - req: + - modify_header: + headerKey: "Bearer ${negativeJWTPayloads}" + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit @@ -182,3 +228,4 @@ execute: - CloudFlare - Sorry, you have been blocked - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/PaymentGatewaySQLInjectionMySQL.yml b/Broken-User-Authentication/PaymentGatewaySQLInjectionMySQL.yml index bf22249f..7f39c114 100644 --- a/Broken-User-Authentication/PaymentGatewaySQLInjectionMySQL.yml +++ b/Broken-User-Authentication/PaymentGatewaySQLInjectionMySQL.yml @@ -221,6 +221,55 @@ execute: - database - syntax - information_schema - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${paymentNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - MySQL + - database + - syntax + - information_schema + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/PaymentGatewaySQLInjectionPostgreSQL.yml b/Broken-User-Authentication/PaymentGatewaySQLInjectionPostgreSQL.yml index 41b516cf..2d439526 100644 --- a/Broken-User-Authentication/PaymentGatewaySQLInjectionPostgreSQL.yml +++ b/Broken-User-Authentication/PaymentGatewaySQLInjectionPostgreSQL.yml @@ -215,6 +215,57 @@ execute: - syntax - query - information_schema - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${paymentNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - PostgreSQL + - current_database + - syntax + - query + - information_schema + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/PaymentGatewaySQLInjectionSQLite.yml b/Broken-User-Authentication/PaymentGatewaySQLInjectionSQLite.yml index 4986af88..cc2a43c9 100644 --- a/Broken-User-Authentication/PaymentGatewaySQLInjectionSQLite.yml +++ b/Broken-User-Authentication/PaymentGatewaySQLInjectionSQLite.yml @@ -216,6 +216,57 @@ execute: - sqlite_version - sqlite_master - table - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${paymentNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - syntax + - query + - SQLite + - sqlite_version + - sqlite_master + - table + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/PaymentGatewaySQLiMySQLDBGET.yml b/Broken-User-Authentication/PaymentGatewaySQLiMySQLDBGET.yml index d92215b1..31998fa9 100644 --- a/Broken-User-Authentication/PaymentGatewaySQLiMySQLDBGET.yml +++ b/Broken-User-Authentication/PaymentGatewaySQLiMySQLDBGET.yml @@ -221,6 +221,55 @@ execute: - database - syntax - information_schema - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${paymentNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - MySQL + - database + - syntax + - information_schema + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/PaymentGatewaySQLiSQLiteGET.yml b/Broken-User-Authentication/PaymentGatewaySQLiSQLiteGET.yml index dda9a905..523bc6e4 100644 --- a/Broken-User-Authentication/PaymentGatewaySQLiSQLiteGET.yml +++ b/Broken-User-Authentication/PaymentGatewaySQLiSQLiteGET.yml @@ -216,6 +216,57 @@ execute: - sqlite_version - sqlite_master - table - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${paymentNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - syntax + - query + - SQLite + - sqlite_version + - sqlite_master + - table + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/SecondOrderSQLiXSS.yml b/Broken-User-Authentication/SecondOrderSQLiXSS.yml index 59109b3f..34bbf731 100644 --- a/Broken-User-Authentication/SecondOrderSQLiXSS.yml +++ b/Broken-User-Authentication/SecondOrderSQLiXSS.yml @@ -185,6 +185,55 @@ execute: - "" - "XSS" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${secondOrderXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "" + - "" + - "XSS" + - "" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/SecondOrderSQLiXSSGET.yml b/Broken-User-Authentication/SecondOrderSQLiXSSGET.yml index df7312c6..6606bf1c 100644 --- a/Broken-User-Authentication/SecondOrderSQLiXSSGET.yml +++ b/Broken-User-Authentication/SecondOrderSQLiXSSGET.yml @@ -185,6 +185,55 @@ execute: - "" - "XSS" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${secondOrderXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - "" + - "" + - "XSS" + - "" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/StoredSQLiXSS.yml b/Broken-User-Authentication/StoredSQLiXSS.yml index f7c957dc..0f25c16a 100644 --- a/Broken-User-Authentication/StoredSQLiXSS.yml +++ b/Broken-User-Authentication/StoredSQLiXSS.yml @@ -185,6 +185,7 @@ execute: - CloudFlare - Sorry, you have been blocked - " INSERT INTO " + - "INSERT" - "" - "" - "" @@ -192,6 +193,58 @@ execute: - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${storedXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Failed + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " INSERT INTO " + - "INSERT" + - "" + - "" + - "" + - "" + - "" + - "" + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/StoredSQLiXSSGET.yml b/Broken-User-Authentication/StoredSQLiXSSGET.yml index e09d175e..725a08e9 100644 --- a/Broken-User-Authentication/StoredSQLiXSSGET.yml +++ b/Broken-User-Authentication/StoredSQLiXSSGET.yml @@ -185,6 +185,7 @@ execute: - CloudFlare - Sorry, you have been blocked - " INSERT INTO " + - "INSERT" - "" - "" - "" @@ -192,6 +193,58 @@ execute: - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${storedXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Failed + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid token + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " INSERT INTO " + - "INSERT" + - "" + - "" + - "" + - "" + - "" + - "" + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedMySQLiEnforceCommentPOST.yml b/Broken-User-Authentication/UnionBasedMySQLiEnforceCommentPOST.yml index 422144a9..9f776c8b 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiEnforceCommentPOST.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiEnforceCommentPOST.yml @@ -201,6 +201,58 @@ execute: - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - database + - schema + - host + - mysql + - linux + - + - + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedMySQLiEnforcingCommentPayloadOnLoginEndpoint.yml b/Broken-User-Authentication/UnionBasedMySQLiEnforcingCommentPayloadOnLoginEndpoint.yml index febcc922..82fc1658 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiEnforcingCommentPayloadOnLoginEndpoint.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiEnforcingCommentPayloadOnLoginEndpoint.yml @@ -209,6 +209,58 @@ execute: - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - database + - schema + - host + - mysql + - linux + - + - + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedMySQLiSubQueryExtractPasswordPayloadOnLoginEndpoint.yml b/Broken-User-Authentication/UnionBasedMySQLiSubQueryExtractPasswordPayloadOnLoginEndpoint.yml index 3e335a52..add94b53 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiSubQueryExtractPasswordPayloadOnLoginEndpoint.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiSubQueryExtractPasswordPayloadOnLoginEndpoint.yml @@ -200,8 +200,56 @@ execute: - "GROUP_CONCAT" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION" + - "GROUP_CONCAT" + - + - + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/UnionBasedMySQLiSubQueryExtractUsernamePayloadOnLoginEndpoint.yml b/Broken-User-Authentication/UnionBasedMySQLiSubQueryExtractUsernamePayloadOnLoginEndpoint.yml index eb8e36b9..acb95a0a 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiSubQueryExtractUsernamePayloadOnLoginEndpoint.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiSubQueryExtractUsernamePayloadOnLoginEndpoint.yml @@ -200,8 +200,56 @@ execute: - "GROUP_CONCAT" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION" + - "GROUP_CONCAT" + - + - + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadGET.yml b/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadGET.yml index ba809e3d..4764cb9e 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadGET.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadGET.yml @@ -192,8 +192,56 @@ execute: - "GROUP_CONCAT" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${userVal}${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION" + - "GROUP_CONCAT" + - + - + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadPOST.yml b/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadPOST.yml index 871b9a7e..fe68acbf 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadPOST.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadPOST.yml @@ -192,7 +192,7 @@ execute: - "GROUP_CONCAT" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" - success: x3 - failure: exit - req: @@ -239,6 +239,6 @@ execute: - "GROUP_CONCAT" - - - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractUsernamePayloadPOST.yml b/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractUsernamePayloadPOST.yml index e01d0618..852593fb 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractUsernamePayloadPOST.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractUsernamePayloadPOST.yml @@ -191,7 +191,7 @@ execute: - "GROUP_CONCAT" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" - success: x3 - failure: exit - req: @@ -238,6 +238,6 @@ execute: - "GROUP_CONCAT" - - - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedMySQLiWithURLEncodedPayloadsLoginEndpoint.yml b/Broken-User-Authentication/UnionBasedMySQLiWithURLEncodedPayloadsLoginEndpoint.yml index d00ce2bf..a9890fd5 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiWithURLEncodedPayloadsLoginEndpoint.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiWithURLEncodedPayloadsLoginEndpoint.yml @@ -202,8 +202,57 @@ execute: - WHERE - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - WHERE + - + - + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/UnionBasedMySQLiWithURLEncodedPayloadsPOST.yml b/Broken-User-Authentication/UnionBasedMySQLiWithURLEncodedPayloadsPOST.yml index ffeaff3b..ea896825 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiWithURLEncodedPayloadsPOST.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiWithURLEncodedPayloadsPOST.yml @@ -191,7 +191,7 @@ execute: - WHERE - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" - success: x3 - failure: exit - req: @@ -239,5 +239,6 @@ execute: - WHERE - - - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/UnionBasedMySQLiWithUrlEncodedPayloadsGET.yml b/Broken-User-Authentication/UnionBasedMySQLiWithUrlEncodedPayloadsGET.yml index 5447ded1..1997fe23 100644 --- a/Broken-User-Authentication/UnionBasedMySQLiWithUrlEncodedPayloadsGET.yml +++ b/Broken-User-Authentication/UnionBasedMySQLiWithUrlEncodedPayloadsGET.yml @@ -193,8 +193,57 @@ execute: - WHERE - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${userVal}${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - WHERE + - + - + eq_obj: "${x2.response.body}" - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/UnionBasedPostgreSQLiCreditCardDetailsExtractionPayload.yml b/Broken-User-Authentication/UnionBasedPostgreSQLiCreditCardDetailsExtractionPayload.yml index 8a47f706..45b49c02 100644 --- a/Broken-User-Authentication/UnionBasedPostgreSQLiCreditCardDetailsExtractionPayload.yml +++ b/Broken-User-Authentication/UnionBasedPostgreSQLiCreditCardDetailsExtractionPayload.yml @@ -209,6 +209,59 @@ execute: - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - credit + - card + - cardholder + - cvv + - expiry + - card_number + - + - + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedPostgresSQLiCreditCardDetailsExtractionGET.yml b/Broken-User-Authentication/UnionBasedPostgresSQLiCreditCardDetailsExtractionGET.yml index 2fb339dc..2c48749b 100644 --- a/Broken-User-Authentication/UnionBasedPostgresSQLiCreditCardDetailsExtractionGET.yml +++ b/Broken-User-Authentication/UnionBasedPostgresSQLiCreditCardDetailsExtractionGET.yml @@ -201,6 +201,59 @@ execute: - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - credit + - card + - cardholder + - cvv + - expiry + - card_number + - + - + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedPostgresSQLiCreditCardDetailsExtractionPOST.yml b/Broken-User-Authentication/UnionBasedPostgresSQLiCreditCardDetailsExtractionPOST.yml index 0255b612..833e3d27 100644 --- a/Broken-User-Authentication/UnionBasedPostgresSQLiCreditCardDetailsExtractionPOST.yml +++ b/Broken-User-Authentication/UnionBasedPostgresSQLiCreditCardDetailsExtractionPOST.yml @@ -201,6 +201,59 @@ execute: - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - credit + - card + - cardholder + - cvv + - expiry + - card_number + - + - + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedSQLiXSS.yml b/Broken-User-Authentication/UnionBasedSQLiXSS.yml index 441d0613..d462a4c7 100644 --- a/Broken-User-Authentication/UnionBasedSQLiXSS.yml +++ b/Broken-User-Authentication/UnionBasedSQLiXSS.yml @@ -195,6 +195,53 @@ execute: - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${unionXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - "" + - "" + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedSQLiXSSGET.yml b/Broken-User-Authentication/UnionBasedSQLiXSSGET.yml index e3877c84..50f55e7c 100644 --- a/Broken-User-Authentication/UnionBasedSQLiXSSGET.yml +++ b/Broken-User-Authentication/UnionBasedSQLiXSSGET.yml @@ -187,6 +187,53 @@ execute: - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${unionXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - "" + - "" + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedSQLiXSSPOST.yml b/Broken-User-Authentication/UnionBasedSQLiXSSPOST.yml index dea6f2a4..988fabf9 100644 --- a/Broken-User-Authentication/UnionBasedSQLiXSSPOST.yml +++ b/Broken-User-Authentication/UnionBasedSQLiXSSPOST.yml @@ -187,6 +187,53 @@ execute: - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${unionXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - "" + - "" + + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionBasedSQLiwithXSSandHTTPResponseSplitting.yml b/Broken-User-Authentication/UnionBasedSQLiwithXSSandHTTPResponseSplitting.yml index 126c4252..24bee708 100644 --- a/Broken-User-Authentication/UnionBasedSQLiwithXSSandHTTPResponseSplitting.yml +++ b/Broken-User-Authentication/UnionBasedSQLiwithXSSandHTTPResponseSplitting.yml @@ -180,6 +180,53 @@ execute: - "" - "" - "" - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${advUnionXSSNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - "" + - "" + - "" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiGET.yml b/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiGET.yml index 885c4489..9c48ee1d 100644 --- a/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiGET.yml +++ b/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiGET.yml @@ -192,7 +192,54 @@ execute: - "version" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - "version" + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiOnLoginEndpoint.yml b/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiOnLoginEndpoint.yml index 96b12df9..f68521d8 100644 --- a/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiOnLoginEndpoint.yml +++ b/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiOnLoginEndpoint.yml @@ -200,7 +200,54 @@ execute: - "version" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - "version" + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit diff --git a/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiPOST.yml b/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiPOST.yml index f2f9deec..ab5b3a60 100644 --- a/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiPOST.yml +++ b/Broken-User-Authentication/UnionCaseChangeBasedMySQLDBSQLiPOST.yml @@ -192,8 +192,54 @@ execute: - "version" - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - "version" + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit - diff --git a/Broken-User-Authentication/UnionColumnBasedSQLiGET.yml b/Broken-User-Authentication/UnionColumnBasedSQLiGET.yml index 33c26db7..e2e202d2 100644 --- a/Broken-User-Authentication/UnionColumnBasedSQLiGET.yml +++ b/Broken-User-Authentication/UnionColumnBasedSQLiGET.yml @@ -196,7 +196,7 @@ execute: - " UNION SELECT " - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" - success: x3 - failure: exit - req: @@ -242,6 +242,6 @@ execute: - " UNION SELECT " - - - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/UnionColumnBasedSQLiLoginEndpoint.yml b/Broken-User-Authentication/UnionColumnBasedSQLiLoginEndpoint.yml index e09014c3..1e06aa58 100644 --- a/Broken-User-Authentication/UnionColumnBasedSQLiLoginEndpoint.yml +++ b/Broken-User-Authentication/UnionColumnBasedSQLiLoginEndpoint.yml @@ -204,7 +204,53 @@ execute: - " UNION SELECT " - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - + - failure: exit diff --git a/Broken-User-Authentication/UnionColumnBasedSQLiPOST.yml b/Broken-User-Authentication/UnionColumnBasedSQLiPOST.yml index 8eebae55..245dfae0 100644 --- a/Broken-User-Authentication/UnionColumnBasedSQLiPOST.yml +++ b/Broken-User-Authentication/UnionColumnBasedSQLiPOST.yml @@ -196,7 +196,7 @@ execute: - " UNION SELECT " - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" - success: x3 - failure: exit - req: @@ -242,5 +242,6 @@ execute: - " UNION SELECT " - - - eq: "${x2.response.body}" - - success: vulnerable \ No newline at end of file + eq_obj: "${x2.response.body}" + - success: vulnerable + - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/UnionDataTypeBasedSQLiLoginEndpoint.yml b/Broken-User-Authentication/UnionDataTypeBasedSQLiLoginEndpoint.yml index 6321e0eb..f7c4dd45 100644 --- a/Broken-User-Authentication/UnionDataTypeBasedSQLiLoginEndpoint.yml +++ b/Broken-User-Authentication/UnionDataTypeBasedSQLiLoginEndpoint.yml @@ -205,8 +205,54 @@ execute: - " UNION SELECT " - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - " UNION SELECT " + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - + - failure: exit diff --git a/Broken-User-Authentication/UnionDataTypeBasedSQLiPOST.yml b/Broken-User-Authentication/UnionDataTypeBasedSQLiPOST.yml index df690a45..75ca68df 100644 --- a/Broken-User-Authentication/UnionDataTypeBasedSQLiPOST.yml +++ b/Broken-User-Authentication/UnionDataTypeBasedSQLiPOST.yml @@ -197,7 +197,7 @@ execute: - " UNION SELECT " - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" - success: x3 - failure: exit - req: @@ -243,5 +243,6 @@ execute: - " UNION SELECT " - - - eq: "${x2.response.body}" - - success: vulnerable \ No newline at end of file + eq_obj: "${x2.response.body}" + - success: vulnerable + - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/UnionInlineCommentBasedMySQLiGET.yml b/Broken-User-Authentication/UnionInlineCommentBasedMySQLiGET.yml index fc79fd72..e14d2c30 100644 --- a/Broken-User-Authentication/UnionInlineCommentBasedMySQLiGET.yml +++ b/Broken-User-Authentication/UnionInlineCommentBasedMySQLiGET.yml @@ -192,6 +192,54 @@ execute: - " WHERE " - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_query_param: + userKey: ${userVal}${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - " WHERE " + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - + - failure: exit diff --git a/Broken-User-Authentication/UnionInlineCommentBasedMySQLiPOST.yml b/Broken-User-Authentication/UnionInlineCommentBasedMySQLiPOST.yml index ca2a0f39..0cf6980a 100644 --- a/Broken-User-Authentication/UnionInlineCommentBasedMySQLiPOST.yml +++ b/Broken-User-Authentication/UnionInlineCommentBasedMySQLiPOST.yml @@ -192,7 +192,7 @@ execute: - " WHERE " - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" - success: x3 - failure: exit - req: @@ -240,6 +240,6 @@ execute: - " WHERE " - - - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" - success: vulnerable - failure: exit \ No newline at end of file diff --git a/Broken-User-Authentication/UnionInlineCommentBasedMySQLionLoginEndpoint.yml b/Broken-User-Authentication/UnionInlineCommentBasedMySQLionLoginEndpoint.yml index e5044b92..d6e09d1e 100644 --- a/Broken-User-Authentication/UnionInlineCommentBasedMySQLionLoginEndpoint.yml +++ b/Broken-User-Authentication/UnionInlineCommentBasedMySQLionLoginEndpoint.yml @@ -200,6 +200,54 @@ execute: - " WHERE " - - - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" + - success: x3 + - failure: exit + - req: + - modify_body_param: + userKey: ${userVal}${unionBasedNegativePayloads} + - validate: + response_code: + gte: 200 + lt: 300 + response_payload: + length: + gt: 0 + not_contains: + - Error + - Internal Server + - Fail + - Unauthorized + - access denied + - Forbidden + - Method Not allowed + - Gateway timeout + - request timeout + - server error + - server busy + - authentication error + - authorization error + - validation error + - Permission Denied + - invalid + - token expired + - session expired + - session timeout + - unexpected error + - unable to process request + - bad request + - service unavailable + - account is locked + - account is blocked + - multiple failed attempts + - Attention Required! + - CloudFlare + - Sorry, you have been blocked + - UNION + - SELECT + - " WHERE " + - + - + eq_obj: "${x2.response.body}" - success: vulnerable - + - failure: exit diff --git a/Broken-User-Authentication/UserEnumerationAccountLock.yml b/Broken-User-Authentication/UserEnumerationAccountLock.yml index fc85e9ad..99f4515c 100644 --- a/Broken-User-Authentication/UserEnumerationAccountLock.yml +++ b/Broken-User-Authentication/UserEnumerationAccountLock.yml @@ -105,7 +105,7 @@ execute: ${roles_access_context.LOCKED_ACCOUNT_SYSTEM_ROLE}: 1 - validate: response_payload: - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate_limit diff --git a/Broken-User-Authentication/UserEnumerationPasswordReset.yml b/Broken-User-Authentication/UserEnumerationPasswordReset.yml index d330187b..e4090a02 100644 --- a/Broken-User-Authentication/UserEnumerationPasswordReset.yml +++ b/Broken-User-Authentication/UserEnumerationPasswordReset.yml @@ -125,7 +125,7 @@ execute: - response_code: neq: "${x1.response.status_code}" - response_payload: - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate_limit - rate limit @@ -142,7 +142,7 @@ execute: - validate: or: - response_payload: - neq: "${x2.response.body}" + neq_obj: "${x2.response.body}" not_contains: - rate_limit - rate limit @@ -150,3 +150,4 @@ execute: - account is blocked - multiple failed attempts - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/UserEnumerationRegistrationProcess.yml b/Broken-User-Authentication/UserEnumerationRegistrationProcess.yml index 6811791f..81533fe6 100644 --- a/Broken-User-Authentication/UserEnumerationRegistrationProcess.yml +++ b/Broken-User-Authentication/UserEnumerationRegistrationProcess.yml @@ -119,7 +119,7 @@ execute: - validate: or: - response_payload: - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate limit - rate_limit @@ -139,7 +139,7 @@ execute: - validate: or: - response_payload: - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - rate limit - rate_limit @@ -149,3 +149,4 @@ execute: - multiple failed attempt - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/UserEnumerationViaResponseContent.yml b/Broken-User-Authentication/UserEnumerationViaResponseContent.yml index a21bc025..7947a082 100644 --- a/Broken-User-Authentication/UserEnumerationViaResponseContent.yml +++ b/Broken-User-Authentication/UserEnumerationViaResponseContent.yml @@ -122,7 +122,7 @@ execute: passKey: Default1! - validate: response_payload: - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate limit @@ -139,7 +139,7 @@ execute: passKey: Default2! - validate: response_payload: - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit @@ -148,3 +148,4 @@ execute: - account is blocked - multiple failed attempt - success: vulnerable + - failure: exit diff --git a/Broken-User-Authentication/UsernameEnumerationCaptchaEndpoint.yml b/Broken-User-Authentication/UsernameEnumerationCaptchaEndpoint.yml index 71627a70..01baed8a 100644 --- a/Broken-User-Authentication/UsernameEnumerationCaptchaEndpoint.yml +++ b/Broken-User-Authentication/UsernameEnumerationCaptchaEndpoint.yml @@ -116,7 +116,7 @@ execute: captchaKey: "0000" - validate: response_payload: - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - account is locked - account is blocked diff --git a/Broken-User-Authentication/UsernameEnumerationRedirectPageAnalysis.yml b/Broken-User-Authentication/UsernameEnumerationRedirectPageAnalysis.yml index ab748ebe..455f6889 100644 --- a/Broken-User-Authentication/UsernameEnumerationRedirectPageAnalysis.yml +++ b/Broken-User-Authentication/UsernameEnumerationRedirectPageAnalysis.yml @@ -126,7 +126,7 @@ execute: - follow_redirect: true - validate: response_payload: - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - account is locked - account is blocked @@ -148,7 +148,7 @@ execute: - follow_redirect: true - validate: response_payload: - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - account is locked - account is blocked diff --git a/Injection-Attacks/NoSQLiBooleanBasedJSONBodyParamJS.yml b/Injection-Attacks/NoSQLiBooleanBasedJSONBodyParamJS.yml index a1b36431..36c387e3 100644 --- a/Injection-Attacks/NoSQLiBooleanBasedJSONBodyParamJS.yml +++ b/Injection-Attacks/NoSQLiBooleanBasedJSONBodyParamJS.yml @@ -125,7 +125,7 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate limit @@ -151,7 +151,7 @@ execute: changed_body_key: !!str ${changed_body_value} || 'a' == 'a' || 'a - validate: response_payload: - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" length: gt: 0 not_contains: diff --git a/Injection-Attacks/NoSQLiBooleanBasedQueryParamJS.yml b/Injection-Attacks/NoSQLiBooleanBasedQueryParamJS.yml index dd4aa899..5af38674 100644 --- a/Injection-Attacks/NoSQLiBooleanBasedQueryParamJS.yml +++ b/Injection-Attacks/NoSQLiBooleanBasedQueryParamJS.yml @@ -128,7 +128,7 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate limit @@ -161,7 +161,7 @@ execute: response_payload: length: gt: 0 - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit diff --git a/Injection-Attacks/NoSQLiBooleanBasedQueryParamRegex.yml b/Injection-Attacks/NoSQLiBooleanBasedQueryParamRegex.yml index 85865b2d..f8b1465f 100644 --- a/Injection-Attacks/NoSQLiBooleanBasedQueryParamRegex.yml +++ b/Injection-Attacks/NoSQLiBooleanBasedQueryParamRegex.yml @@ -121,7 +121,7 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate limit @@ -149,7 +149,7 @@ execute: response_payload: length: gt: 0 - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit diff --git a/Injection-Attacks/NoSQLiBooleanBasedReplaceBodyObject.yml b/Injection-Attacks/NoSQLiBooleanBasedReplaceBodyObject.yml index a49207a7..b55adb19 100644 --- a/Injection-Attacks/NoSQLiBooleanBasedReplaceBodyObject.yml +++ b/Injection-Attacks/NoSQLiBooleanBasedReplaceBodyObject.yml @@ -112,7 +112,7 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate limit @@ -135,7 +135,7 @@ execute: response_payload: length: gt: 0 - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit diff --git a/Injection-Attacks/NoSQLiBooleanBasedReplaceBodyRegexFunction.yml b/Injection-Attacks/NoSQLiBooleanBasedReplaceBodyRegexFunction.yml index 7a68f099..9256c9d4 100644 --- a/Injection-Attacks/NoSQLiBooleanBasedReplaceBodyRegexFunction.yml +++ b/Injection-Attacks/NoSQLiBooleanBasedReplaceBodyRegexFunction.yml @@ -112,7 +112,7 @@ execute: response_payload: length: gt: 0 - neq: "${x1.response.body}" + neq_obj: "${x1.response.body}" not_contains: - rate-limit - rate limit @@ -138,7 +138,7 @@ execute: response_payload: length: gt: 0 - eq: "${x2.response.body}" + eq_obj: "${x2.response.body}" not_contains: - rate-limit - rate limit