-
Notifications
You must be signed in to change notification settings - Fork 24
Expand file tree
/
Copy pathVulnerabilityErrors.json
More file actions
83 lines (83 loc) · 5.27 KB
/
Copy pathVulnerabilityErrors.json
File metadata and controls
83 lines (83 loc) · 5.27 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
{
"SQL": [
"SQL syntax.*MySQL", "Warning.*mysql_.*", "MySQLSyntaxErrorException", "valid MySQL result",
"ODBC SQL Server Driver", "SQLServer JDBC Driver", "SqlException", "SqlClient",
"ERROR:\\s*syntax error", "syntax error at or near", "PostgreSQL.*ERROR", "Warning.*pg_.*",
"pg_query\\(\\)", "pg_exec\\(\\)", "Oracle error", "ORA-\\d{5}", "Oracle.*Driver",
"SQLite.*error", "sqlite3\\.OperationalError", "SQLite3::", "SQLITE_ERROR",
"Microsoft OLE DB Provider for SQL Server", "Unclosed quotation mark", "\\[SQL Server\\]",
"SQLSTATE\\[\\w+\\]", "quoted string not properly terminated", "You have an error in your SQL syntax",
"mysql_fetch", "mysql_num_rows", "mysql_result", "mysql_connect",
"DB2 SQL error", "DB2 Driver", "SQLCODE", "\\[IBM\\]\\[CLI Driver\\]",
"Sybase message", "Adaptive Server", "com\\.sybase\\.", "SQL Server.*Driver",
"Incorrect syntax near", "Invalid column name", "Column.*does not exist",
"Table.*doesn't exist", "Unknown column", "Operand should contain 1 column",
"The used SELECT statements have a different number of columns", "Division by zero",
"supplied argument is not a valid MySQL", "on MySQL result index",
"mysqli?_", "Warning.*SQL", "valid PostgreSQL result", "Npgsql\\.",
"PG::", "org\\.postgresql", "JDBCException", "java\\.sql\\.SQLException",
"SQLServerException", "System\\.Data\\.SqlClient", "SQLDataException",
"DriverManager\\.getConnection", "Connection refused.*database", "Access denied for user",
"sql", "mysql", "postgresql", "database", "fatal error"
],
"NoSQL": [
"MongoError", "MongoDB.*error", "CouchDB.*error", "\\$where", "undefined.*\\$",
"ReferenceError.*\\$", "SyntaxError.*JSON", "Invalid JSON", "bson", "BSON",
"redis.*error", "RedisError", "not well-formed", "MongoClient",
"mongodb://", "mongo::.*Exception", "com\\.mongodb\\.", "org\\.bson\\.",
"CouchbaseException", "CassandraException", "Neo4jException",
"DocumentDB.*error", "DynamoDB.*error", "Firebase.*error",
"MongoServerError", "MongoNetworkError", "MongoTimeoutError",
"Query.*failed", "Aggregate.*failed", "Invalid.*query"
],
"XSS": [
"<script>alert\\(['\\\"]?XSS['\\\"]?\\)</script>", "<script>alert\\(['\\\"]?1['\\\"]?\\)</script>",
"alert\\(['\\\"]?XSS['\\\"]?\\)", "alert\\(['\\\"]?1['\\\"]?\\)", "alert\\(document",
"onerror=alert\\(['\\\"]?XSS['\\\"]?\\)", "onerror=alert\\(['\\\"]?1['\\\"]?\\)",
"onload=alert\\(['\\\"]?XSS['\\\"]?\\)", "onload=alert\\(['\\\"]?1['\\\"]?\\)",
"onfocus=alert\\(['\\\"]?XSS['\\\"]?\\)", "onfocus=alert\\(['\\\"]?1['\\\"]?\\)",
"javascript:alert", "<svg.*onload", "<img.*onerror", "<iframe.*src",
"<body.*onload", "<input.*onfocus", "<script>", "</script>",
"eval\\(", "String\\.fromCharCode", "document\\.cookie", "document\\.domain",
"prompt\\(", "confirm\\(", "<script", "alert\\(", "onerror"
],
"SSTI": [
"49\\b", "7777777\\b", "\\$\\{.*\\}", "TemplateError",
"Jinja2.*Error", "UndefinedError", "TemplateSyntaxError", "Template.*Error",
"Twig_Error", "Smarty.*error", "Velocity.*error", "FreeMarker.*error",
"Thymeleaf.*error", "Pebble.*error", "Handlebars.*error",
"freemarker\\.", "velocity\\.", "thymeleaf\\.", "org\\.springframework\\.expression",
"Expression.*Error", "EL.*Error", "OGNL.*Error", "MVEL.*Error",
"root:.*:0:0:", "uid=\\d+.*gid=\\d+", "Linux.*GNU",
"<class.*object", "<module.*builtins", "TemplateNotFound",
"jinja", "twig", "smarty", "velocity"
],
"XXE": [
"root:.*:0:0:", "root:x:0:0", "daemon:.*:", "bin:.*:", "sys:.*:",
"\\[boot loader\\]", "\\[fonts\\]", "\\[extensions\\]", "\\[mci extensions\\]",
"win\\.ini", "SYSTEM\\\\CurrentControlSet", "SYSTEM\\\\ControlSet",
"<!ENTITY", "ENTITY.*SYSTEM", "DOCTYPE.*SYSTEM",
"Java\\.io\\.FileNotFoundException", "FileNotFoundException", "system error",
"No such file", "Permission denied", "ParseError", "XML.*error",
"SAXParseException", "XMLSyntaxError", "DOMException", "libxml",
"simplexml.*error", "xml\\.etree\\.", "org\\.xml\\.sax", "javax\\.xml\\.",
"Cannot read file", "Failed to load external entity"
],
"LDAP": [
"LDAP.*error", "javax\\.naming\\.", "LdapException", "com\\.sun\\.jndi\\.ldap",
"Invalid DN syntax", "Invalid search filter", "LDAP injection", "Bad search filter",
"LDAPException", "NamingException", "NameNotFoundException",
"ldap_", "LDAP.*Operation", "ldap://", "LDAPv\\d",
"Directory.*error", "ActiveDirectory.*error", "OpenLDAP.*error",
"Schema.*violation", "Object.*class.*violation",
"Size limit exceeded", "Time limit exceeded"
],
"XPath": [
"XPath.*error", "XPathException", "XPath syntax error", "xmlXPathEval",
"XPathEvalError", "Invalid XPath", "xpath\\.py", "XPath expression",
"XPath.*context", "libxml2.*XPath", "org\\.apache\\.xpath",
"javax\\.xml\\.xpath", "XPathExpressionException", "TransformerException",
"XSLTException", "XPATH_INVALID_PREDICATE_ERROR",
"compilation of XPath expression failed", "Invalid predicate"
]
}