fixed sqli tests

arjun-akto · arjun-akto · commit 0f72967ed02d · 2025-01-23T15:20:03.000+05:30
diff --git a/Broken-User-Authentication/AlternateEncodingSQLiPOST.yml b/Broken-User-Authentication/AlternateEncodingSQLiPOST.yml
@@ -175,4 +175,46 @@ execute:
                 - multiple failed attempts
                 - " OR "
               neq: "${x1.response.body}"
+        - success: x3
+        - failure: exit
+    - req:
+        - modify_body_param:
+            userKey: ${userVal}${encodingNegativePayloads}
+        - validate:
+            response_code:
+              gte: 200
+              lt: 300
+            response_payload:
+              length:
+                gt: 0
+              not_contains:
+                - Error
+                - Internal Server
+                - Failed
+                - Unauthorized
+                - access denied
+                - Forbidden
+                - Method Not allowed
+                - Gateway timeout
+                - request timeout
+                - server error
+                - server busy
+                - authentication error
+                - authorization error
+                - validation error
+                - Permission Denied
+                - invalid token
+                - token expired
+                - session expired
+                - session timeout
+                - unexpected error
+                - unable to process request
+                - bad request
+                - service unavailable
+                - account is locked
+                - account is blocked
+                - multiple failed attempts
+                - " OR "
+              eq: "${x2.response.body}"
         - success: vulnerable
+        - failure: exit
diff --git a/Broken-User-Authentication/BasicUnionBasedSQLiPOST.yml b/Broken-User-Authentication/BasicUnionBasedSQLiPOST.yml
@@ -192,4 +192,52 @@ execute:
                 - <html>
                 - </html>
               neq: "${x1.response.body}"
+        - success: x3
+        - failure: exit
+    - req:
+        - modify_body_param:
+            userKey: ${userVal}${unionNegativeBasedPayloads}
+        - validate:
+            response_code:
+              gte: 200
+              lt: 300
+            response_payload:
+              length:
+                gt: 0
+              not_contains:
+                - Error
+                - Internal Server
+                - Fail
+                - Unauthorized
+                - access denied
+                - Forbidden
+                - Method Not allowed
+                - Gateway timeout
+                - request timeout
+                - server error
+                - server busy
+                - authentication error
+                - authorization error
+                - validation error
+                - Permission Denied
+                - invalid
+                - token expired
+                - session expired
+                - session timeout
+                - unexpected error
+                - unable to process request
+                - bad request
+                - service unavailable
+                - account is locked
+                - account is blocked
+                - multiple failed attempts
+                - Attention Required!
+                - CloudFlare
+                - Sorry, you have been blocked
+                - UNION
+                - SELECT
+                - <html>
+                - </html>
+              eq: "${x2.response.body}"
         - success: vulnerable
+        - failure: exit
diff --git a/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadPOST.yml b/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractPasswordPayloadPOST.yml
@@ -193,7 +193,52 @@ execute:
                 - <html>
                 - </html>
               neq: "${x1.response.body}"
+        - success: x3
+        - failure: exit
+    - req:
+        - modify_body_param:
+            userKey: ${userVal}${unionBasedNegativePayloads}
+        - validate:
+            response_code:
+              gte: 200
+              lt: 300
+            response_payload:
+              length:
+                gt: 0
+              not_contains:
+                - Error
+                - Internal Server
+                - Fail
+                - Unauthorized
+                - access denied
+                - Forbidden
+                - Method Not allowed
+                - Gateway timeout
+                - request timeout
+                - server error
+                - server busy
+                - authentication error
+                - authorization error
+                - validation error
+                - Permission Denied
+                - invalid
+                - token expired
+                - session expired
+                - session timeout
+                - unexpected error
+                - unable to process request
+                - bad request
+                - service unavailable
+                - account is locked
+                - account is blocked
+                - multiple failed attempts
+                - Attention Required!
+                - CloudFlare
+                - Sorry, you have been blocked
+                - " UNION"
+                - "GROUP_CONCAT"
+                - <html>
+                - </html>
+              eq: "${x2.response.body}"
         - success: vulnerable
-
-
-
+        - failure: exit
diff --git a/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractUsernamePayloadPOST.yml b/Broken-User-Authentication/UnionBasedMySQLiSubqueryExtractUsernamePayloadPOST.yml
@@ -192,7 +192,52 @@ execute:
                 - <html>
                 - </html>
               neq: "${x1.response.body}"
+        - success: x3
+        - failure: exit
+    - req:
+        - modify_body_param:
+            userKey: ${userVal}${unionBasedNegativePayloads}
+        - validate:
+            response_code:
+              gte: 200
+              lt: 300
+            response_payload:
+              length:
+                gt: 0
+              not_contains:
+                - Error
+                - Internal Server
+                - Fail
+                - Unauthorized
+                - access denied
+                - Forbidden
+                - Method Not allowed
+                - Gateway timeout
+                - request timeout
+                - server error
+                - server busy
+                - authentication error
+                - authorization error
+                - validation error
+                - Permission Denied
+                - invalid
+                - token expired
+                - session expired
+                - session timeout
+                - unexpected error
+                - unable to process request
+                - bad request
+                - service unavailable
+                - account is locked
+                - account is blocked
+                - multiple failed attempts
+                - Attention Required!
+                - CloudFlare
+                - Sorry, you have been blocked
+                - " UNION"
+                - "GROUP_CONCAT"
+                - <html>
+                - </html>
+              eq: "${x2.response.body}"
         - success: vulnerable
-
-
-
+        - failure: exit
diff --git a/Broken-User-Authentication/UnionInlineCommentBasedMySQLiPOST.yml b/Broken-User-Authentication/UnionInlineCommentBasedMySQLiPOST.yml
@@ -193,5 +193,53 @@ execute:
                 - <html>
                 - </html>
               neq: "${x1.response.body}"
+        - success: x3
+        - failure: exit
+    - req:
+        - modify_body_param:
+            userKey: ${userVal}${unionBasedNegativePayloads}
+        - validate:
+            response_code:
+              gte: 200
+              lt: 300
+            response_payload:
+              length:
+                gt: 0
+              not_contains:
+                - Error
+                - Internal Server
+                - Fail
+                - Unauthorized
+                - access denied
+                - Forbidden
+                - Method Not allowed
+                - Gateway timeout
+                - request timeout
+                - server error
+                - server busy
+                - authentication error
+                - authorization error
+                - validation error
+                - Permission Denied
+                - invalid
+                - token expired
+                - session expired
+                - session timeout
+                - unexpected error
+                - unable to process request
+                - bad request
+                - service unavailable
+                - account is locked
+                - account is blocked
+                - multiple failed attempts
+                - Attention Required!
+                - CloudFlare
+                - Sorry, you have been blocked
+                - UNION
+                - SELECT
+                - " WHERE "
+                - <html>
+                - </html>
+              eq: "${x2.response.body}"
         - success: vulnerable
-
+        - failure: exit
