libinjection
libinjection copied to clipboard
client9
SQL / SQLI tokenizer parser analyzer
libinjection_xss() returns an int to indicate evidence of XSS (1) or absence (0). If the parser's state machine wound up in a bad state (e.g. string cursor position greater than...
[-:error] ModSecurity: Warning. detected SQLi using libinjection with fingerprint 'f(n)' [file "/../.. /coreruleset-3.4-dev/rules/REQUEST-942-APPLICATION-ATTACK-SQLI.conf"] [line "65"] [id "942100"] [msg "SQL Injection Attack Detected via libinjection"] [data "Matched Data: f(n) found within...
@client9 Hey Nick! Can we add a some documentation so the community knows there is a new fork (from https://github.com/client9/libinjection/issues/150#issuecomment-668179739)? Also archiving this repo might make sense, so people won't...
Almost any kind of injection, when surrounded by square brackets, can bypass the check. For example: ``` 1337 INTO OUTFILE ‘xxx’-- vs [1337 INTO OUTFILE ‘xxx’--] ``` makes its fingerprint...
**Description** If you use the following Json in the playload, the rule 94110 is triggered. The problem is the string "filter={AnyChar}" "query":"filter=in(labels.name,"test")" **Error message:** "message":"XSS Attack Detected via libinjection","action":"Matched","site":"Global","details":{"message":"Warning. detected...
1. chinese: 增加对报错注入的优化和对case的优化 English: Add keywords for error reporting injection and case injection 2. 增加对 - 结尾的优化 Increase the optimization of - ending As follows: `static size_t parse_dash(struct libinjection_sqli_state *...
It is safer to use a list of event handlers than just matching strings > 5 chars
Directly adapted from Rainer Canavan code from #151 Still needs further code review
Mid-June, I discovered and privately reported out of bounds read issues in the XSS detection to @client9, but so far have not received a reply. The out of bounds reads...
The matches for JavaScript on.* generate a few false positives, e.g. with cookies that contain base64-encoded md5sums, e.g. `Cookie: foo=...ZQ/ONSQg==`. The vast majority of those false positives could be prevented...
