Forced invalid SQL errors

["Steven M. Christey" <coley () mitre org>]

All,

I am noticing a significant number of diagnosis errors by beginner
researchers who try to exploit SQL injection holes using simple
manipulations such as:

  victim.php?action=create&param='[SQL]

The researcher causes the script to generate an error but doesn't dig
any deeper, labeling it "SQL injection".

In some number of cases - I can't guess at a percentage - it's clear
that they're just causing invalid SQL to be generated, and there's no
real ability to modify an SQL statement.

This often seems to happen when the wrong type of data is provided,
e.g. when the ' gets inserted as a value in a field that is expected
to be numeric.

I think of this as SQL "modification" and insufficient data cleansing
at worst, not SQL injection.

A term "forced invalid SQL" comes to mind, but I was wondering what
terminology others use, if any, and if there are other examples
besides using a non-numeric value in a numeric field.

- Steve