Rust-Libinjection rs: libinjection-rs — Rust bindings for libinjection

libinjection-rs

crates.io Documentation Build Status Crates.io

Rust bindings for libinjection.

How to use

  • Add libinjection to dependencies of Cargo.toml:
libinjection = "0.2"
  • Import crate:
extern crate libinjection;

use libinjection::{sqli, xss};

Examples

  • SQLi Detection:
let (is_sqli, fingerprint) = sqli("' OR '1'='1' --").unwrap();
assert!(is_sqli);
assert_eq!("s&sos", fingerprint);

Fingerprints: Please refer to fingerprints.txt.

  • XSS Detection:
let is_xss = xss("<script type='text/javascript'>alert('xss');</script>").unwrap();
assert!(is_xss);

Comments

  • [SECURITY] Undetectable Time-Base Injection
    [SECURITY] Undetectable Time-Base Injection

    Jan 15, 2019

    Hi,

    libinection-rs unable to detect time base sql inection,

    1 - Payload 1'=sleep(10)='1

    let (is_sqli, fingerprint) = sqli("1'=sleep(10)='1").unwrap();
    assert!(is_sqli); // false
    assert_eq!("s&sos", fingerprint);
    

    2- Payloads used to determine database version '=IF(MID(VERSION(),1,1)=1,SLEEP(10),0)='1

    let (is_sqli, fingerprint) = sqli("'=IF(MID(VERSION(),1,1)=1,SLEEP(10),0)='1").unwrap();
    assert!(is_sqli); // false
    assert_eq!("s&sos", fingerprint);
    

    Thanks, Ramin - kernel security engineering Best regards,

    Reply
  • [SECURITY] Possible DOM Base XSS
    [SECURITY] Possible DOM Base XSS

    Jan 15, 2019

    Hi,

    Methods for bypass libinjection-rs of DOM base XSS

    1- javascript:alert(eval("2*3"));

    Senario

    PoC : http://example.com/?returnURL=javascript:alert(1);

              var redirectUrl = getUrlParameter('returnURL');
              window.parent.location.href = redirectUrl;
    

    2- a tag when user click button and trigger alert :).

    	 <a href="javascript:alert(1);"> click me </a>
    

    3- title value

         `<img id="testz" title="javascript:alert(1)">`
    
            <script>
             document.location.href=window.testz.title;
            </script>
    

    Real example :

    DOM XSS

    source image : https://twitter.com/Milad_Bahari/status/990539191544156160

    Source

    [dependencies]
    json = "0.11.13"
    libinjection = "0.1"
    
    #[macro_use]
    extern crate json;
    extern crate libinjection;
    
    use libinjection::{xss};
    
    
    fn main() {
        let data = object!{
            "foo" => "javascript:alert(1);",
        };
    
        let is_xss = xss("javascript:alert(1);").unwrap();
        let is_xss_2 = xss(&data.dump()).unwrap();
        let is_xss_3 = xss("<img id='testz' title='javascript:alert(1)'>").unwrap();
        
        println!("{}", data); 
        println!("{}", is_xss); // false
        println!("{}", is_xss_2); // false
        println!("{}", is_xss_3); // false
    
    }
    
    

    Thanks, Ramin - kernel security engineering Best regards,

    Reply
  • build error on mac os
    build error on mac os

    Dec 11, 2019

    When I try to build on my machine (macOS 10.14.6, rustc 1.40.0-nightly).

    I get an unable to clone libinjection error. I've included a trace below, but wondering if there are any special steps I need to take to get it to build locally? Thanks!

     ✘  ~/code/libinjection-rs   master  cargo build
       Compiling libinjection v0.1.1 (/Users/me/code/libinjection-rs)
    error: failed to run custom build command for `libinjection v0.1.1 (/Users/me/code/libinjection-rs)`
    
    Caused by:
      process didn't exit successfully: `/Users/me/code/libinjection-rs/target/debug/build/libinjection-e6642227de8a378d/build-script-build` (exit code: 101)
    --- stderr
    thread 'main' panicked at 'unable to clone libinjection', build.rs:54:9
    stack backtrace:
       0: backtrace::backtrace::libunwind::trace
                 at /Users/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.40/src/backtrace/libunwind.rs:88
       1: backtrace::backtrace::trace_unsynchronized
                 at /Users/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.40/src/backtrace/mod.rs:66
       2: std::sys_common::backtrace::_print_fmt
                 at src/libstd/sys_common/backtrace.rs:77
       3: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
                 at src/libstd/sys_common/backtrace.rs:61
       4: core::fmt::write
                 at src/libcore/fmt/mod.rs:1028
       5: std::io::Write::write_fmt
                 at src/libstd/io/mod.rs:1412
       6: std::sys_common::backtrace::_print
                 at src/libstd/sys_common/backtrace.rs:65
       7: std::sys_common::backtrace::print
                 at src/libstd/sys_common/backtrace.rs:50
       8: std::panicking::default_hook::{{closure}}
                 at src/libstd/panicking.rs:188
       9: std::panicking::default_hook
                 at src/libstd/panicking.rs:205
      10: std::panicking::rust_panic_with_hook
                 at src/libstd/panicking.rs:464
      11: std::panicking::begin_panic
                 at /rustc/38048763e885a3ee139abf39d59a530b16484150/src/libstd/panicking.rs:400
      12: build_script_build::main
                 at ./build.rs:54
    
    Reply
  • Replace sed use with perl to fix macOS builds
    Replace sed use with perl to fix macOS builds

    Aug 5, 2020

                                                                                                                                                                                                           
    Reply
  • Change bindings to build from newer libinjection fork
    Change bindings to build from newer libinjection fork

    Oct 29, 2020

    The current version of libinjection is built from client9/libinjection which was last updated on Mar 12, 2018.

    There is a newer fork libinjection/libinjection which, at the time of writing, has a few changes and bug fixes, with the latest commit being 14 days ago.

    Reply