LoFP / a syntax error in mysql also occurs in non-dynamic (safe) queries if there is an empty in() clause, that may often be the case.

Techniques

t1190

Sample rules

Suspicious SQL Error Messages

source: sigma
technicques:
- t1190

Description

Detects SQL error messages that indicate probing for an injection attack

Detection logic

condition: keywords
keywords:
- quoted string not properly terminated
- You have an error in your SQL syntax
- Unclosed quotation mark
- 'near "*": syntax error'
- SELECTs to the left and right of UNION do not have the same number of result columns