Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix for Hint Message in Error Based SQL Injection and union Based SQL Injections #326

Merged
merged 3 commits into from
Sep 30, 2021
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 13 additions & 13 deletions src/main/resources/i18n/messages.properties
Original file line number Diff line number Diff line change
Expand Up @@ -11,12 +11,12 @@ SYSTEM_ERROR=System Error Occurred. please check logs.
# XSS based Injections
XSS_VULNERABILITY=Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into \
otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code,\
generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed\
generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed \
are quite widespread and occur anywhere a web application uses input from a user within the output \
it generates without validating or encoding it. <br/> <br/> An attacker can use XSS to send a malicious script to an unsuspecting user.\
The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script.\
Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens,\
or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content\
The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script. \
Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, \
or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content \
of the HTML page. <br/><br/> For more information on XSS: <ol><li><a href="https://owasp.org/www-community/attacks/xss/" target="_blank">Owasp XSS</a> \
<li><a href="https://www.google.com/about/appsecurity/learning/xss/" target="_blank">Google Application Security</a></ol>

Expand Down Expand Up @@ -64,7 +64,7 @@ data into the target of a redirection in an unsafe way.<br/> An attacker can con
causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application.<br/> \
The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to \
the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain. \
<br/><br/> <a href="https://www.w3.org/Protocols/rfc2616/rfc2616.html" target="_blank">RFC 2616 - "Hypertext Transfer Protocol - HTTP/1.1"</a> defines a variety\
<br/><br/> <a href="https://www.w3.org/Protocols/rfc2616/rfc2616.html" target="_blank">RFC 2616 - "Hypertext Transfer Protocol - HTTP/1.1"</a> defines a variety \
of 3xx status codes that will cause a browser to redirect to a specified location and this implementation is based on 3xx status codes <br/><br/>\
Important Links:<ol>\
<li><a href="http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse" target="_blank">WASC-38</a><br/></li>\
Expand Down Expand Up @@ -154,7 +154,7 @@ XXE_DISABLE_GENERAL_ENTITY=Parser is disabled from processing general external e
XXE_DISABLE_GENERAL_AND_PARAMETER_ENTITY=Parser is disabled from processing general and parameter entities.

# Path Traversal Attack
PATH_TRAVERSAL_VULNERABILITY=A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names,\
PATH_TRAVERSAL_VULNERABILITY=A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names, \
such that characters representing "traverse to parent directory" are passed through to the file APIs.\
<br/><br/>\
The goal of this attack is to use an affected application to gain unauthorized access to the file system. <br/><br/>\
Expand Down Expand Up @@ -268,21 +268,21 @@ Important Links on SQLInjection : \
URL_CONTAINING_CAR_ID_PARAMETER=Car Id is passed as a URL Query Parameter named \"id\"

#### AttackVector description
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the SQL Query causing exception in certain scenarios\
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the SQL Query causing exception in certain scenarios \
and hence exposes the application data.
ERROR_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query causing exception in certain scenarios\
ERROR_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query causing exception in certain scenarios \
and hence exposes the application data.
ERROR_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping\
ERROR_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping \
with "'".
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_TO_PARAMETERIZED_QUERY=Query param is appended directly to the SQL Query and then a parameterized query is formed. This is to depict that\
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_TO_PARAMETERIZED_QUERY=Query param is appended directly to the SQL Query and then a parameterized query is formed. This is to depict that \
proper usage of PreparedStatement is important.

UNION_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query and hence \"Union\" keyword can be used to club the results and\
UNION_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query and hence \"Union\" keyword can be used to club the results and \
extract the application data.
UNION_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the Query and hence \"Union\" keyword can be used to club the results and\
UNION_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the Query and hence \"Union\" keyword can be used to club the results and \
extract the application data.
UNION_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping around "'"\
hence \"Union\" keyword can be used to club the results and extract the application data.

BLIND_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query hence Query can be manipulated.
BLIND_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query hence query can be manipulated.
BLIND_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query hence query can be manipulated.
32 changes: 16 additions & 16 deletions src/main/resources/i18n/messages_en_US.properties
Original file line number Diff line number Diff line change
Expand Up @@ -10,13 +10,13 @@ SYSTEM_ERROR=System Error Occurred. please check logs.

# XSS based Injections
XSS_VULNERABILITY=Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into \
otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code,\
generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed\
otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, \
generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed \
are quite widespread and occur anywhere a web application uses input from a user within the output \
it generates without validating or encoding it. <br/> <br/> An attacker can use XSS to send a malicious script to an unsuspecting user.\
The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script.\
Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens,\
or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content\
it generates without validating or encoding it. <br/> <br/> An attacker can use XSS to send a malicious script to an unsuspecting user. \
The end user\u2019s browser has no way to know that the script should not be trusted, and will execute the script. \
Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, \
or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content \
of the HTML page. <br/><br/> For more information on XSS: <ol><li><a href="https://owasp.org/www-community/attacks/xss/" target="_blank">Owasp XSS</a> \
<li><a href="https://www.google.com/about/appsecurity/learning/xss/" target="_blank">Google Application Security</a></ol>

Expand Down Expand Up @@ -64,7 +64,7 @@ data into the target of a redirection in an unsafe way.<br/> An attacker can con
causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application.<br/> \
The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to \
the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain. \
<br/><br/> <a href="https://www.w3.org/Protocols/rfc2616/rfc2616.html">RFC 2616 - "Hypertext Transfer Protocol - HTTP/1.1" target="_blank"</a> defines a variety\
<br/><br/> <a href="https://www.w3.org/Protocols/rfc2616/rfc2616.html">RFC 2616 - "Hypertext Transfer Protocol - HTTP/1.1" target="_blank"</a> defines a variety \
of 3xx status codes that will cause a browser to redirect to a specified location and this implementation is based on 3xx status codes <br/><br/>\
Important Links:<ol>\
<li><a href="http://projects.webappsec.org/w/page/13246981/URL%20Redirector%20Abuse" target="_blank">WASC-38</a><br/></li>\
Expand Down Expand Up @@ -154,8 +154,8 @@ XXE_DISABLE_GENERAL_ENTITY=Parser is disabled from processing general external e
XXE_DISABLE_GENERAL_AND_PARAMETER_ENTITY=Parser is disabled from processing general and parameter entities.

# Path Traversal Attack
PATH_TRAVERSAL_VULNERABILITY=A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names,\
such that characters representing "traverse to parent directory" are passed through to the file APIs.\
PATH_TRAVERSAL_VULNERABILITY=A directory traversal (or path traversal) consists in exploiting insufficient security validation/sanitization of user-supplied input file names, \
such that characters representing "traverse to parent directory" are passed through to the file APIs. \
<br/><br/>\
The goal of this attack is to use an affected application to gain unauthorized access to the file system. <br/><br/>\
Important Links:<br/>\
Expand Down Expand Up @@ -268,21 +268,21 @@ Important Links on SQLInjection : \
URL_CONTAINING_CAR_ID_PARAMETER=Car Id is passed as a URL Query Parameter named \"id\"

#### AttackVector description
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the SQL Query causing exception in certain scenarios\
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the SQL Query causing exception in certain scenarios \
and hence exposes the application data.
ERROR_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query causing exception in certain scenarios\
ERROR_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query causing exception in certain scenarios \
and hence exposes the application data.
ERROR_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping\
ERROR_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping \
with "'".
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_TO_PARAMETERIZED_QUERY=Query param is appended directly to the SQL Query and then a parameterized query is formed. This is to depict that\
ERROR_SQL_INJECTION_URL_PARAM_APPENDED_TO_PARAMETERIZED_QUERY=Query param is appended directly to the SQL Query and then a parameterized query is formed. This is to depict that \
proper usage of PreparedStatement is important.

UNION_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query and hence \"Union\" keyword can be used to club the results and\
UNION_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query and hence \"Union\" keyword can be used to club the results and \
extract the application data.
UNION_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the Query and hence \"Union\" keyword can be used to club the results and\
UNION_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the Query and hence \"Union\" keyword can be used to club the results and \
extract the application data.
UNION_SQL_INJECTION_URL_PARAM_REMOVES_SINGLE_QUOTE_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Single Quote is removed from Query param and then appended to SQL Query by wrapping around "'"\
hence \"Union\" keyword can be used to club the results and extract the application data.

BLIND_SQL_INJECTION_URL_PARAM_APPENDED_DIRECTLY_TO_QUERY=Query param is directly appended to the Query hence Query can be manipulated.
BLIND_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query hence query can be manipulated.
BLIND_SQL_INJECTION_URL_PARAM_WRAPPED_WITH_SINGLE_QUOTE_APPENDED_TO_QUERY=Query param is wrapped around "'" and then appended to the SQL Query hence query can be manipulated.