Rust bindings for libinjection

Add libinjection to dependencies of Cargo

libinjection-rs

Rust bindings for libinjection.

How to use

  • Add libinjection to dependencies of Cargo.toml:
libinjection = "0.2"
  • Import crate:
extern crate libinjection;

use libinjection::{sqli, xss};

Examples

  • SQLi Detection:
let (is_sqli, fingerprint) = sqli("' OR '1'='1' --").unwrap();
assert!(is_sqli);
assert_eq!("s&sos", fingerprint);

Fingerprints: Please refer to fingerprints.txt.

  • XSS Detection:
let is_xss = xss("<script type='text/javascript'>alert('xss');</script>").unwrap();
assert!(is_xss);
Issues

Collection of the latest Issues

jspeis

jspeis

0

When I try to build on my machine (macOS 10.14.6, rustc 1.40.0-nightly).

I get an unable to clone libinjection error. I've included a trace below, but wondering if there are any special steps I need to take to get it to build locally? Thanks!

raminfp

raminfp

1

Hi,

Methods for bypass libinjection-rs of DOM base XSS

1- javascript:alert(eval("2*3"));

Senario

PoC : http://example.com/?returnURL=javascript:alert(1);

2- a tag when user click button and trigger alert :).

3- title value

     `<img id="testz" title="javascript:alert(1)">`

Real example :

DOM XSS

source image : https://twitter.com/Milad_Bahari/status/990539191544156160

Source

Thanks, Ramin - kernel security engineering Best regards,

raminfp

raminfp

1

Hi,

libinection-rs unable to detect time base sql inection,

1 - Payload 1'=sleep(10)='1

2- Payloads used to determine database version '=IF(MID(VERSION(),1,1)=1,SLEEP(10),0)='1

Thanks, Ramin - kernel security engineering Best regards,

Facebook Instagram Twitter GitHub Dribbble
Privacy