id: xml-body-error-sqli

info:
  name: fuzzing error sqli payloads in xml body
  author: pdteam
  severity: info
  description: |
    This template attempts to find SQL injection vulnerabilities by fuzzing http body of xml type.
    This is achieved by performing [ruleType](example: postfix) on value of xml key
    Note: this is example template, and payloads/matchers need to be modified appropriately.

http:
  - pre-condition:
      - type: dsl
        dsl:
          - method != "GET"
          - method != "HEAD"
          - contains(content_type, "application/xml")
          - contains(path, "/user") # for scope of integration test
        condition: and
    
    payloads:
      injection:
        - "'"
        - "\""
        - ";"
    
    fuzzing:
      - part: body
        type: postfix
        mode: single
        fuzz:
          - '{{injection}}'
  
    stop-at-first-match: true
    matchers:
      - type: word
        words:
          - "unrecognized token:"
          - "null"