Libinjection is a SQL / SQLI tokenizer parser analyzer. For
Simple example
#include
#include
#include
#include “libinjection.h”
#include “libinjection_sqli.h”
int main(int argc, const char* argv[])
{
struct libinjection_sqli_state state;
int issqli;
const char* input = argv[1];
size_t slen = strlen(input);
/* in real-world, you would url-decode the input, etc */
libinjection_sqli_init(&state, input, slen, FLAG_NONE);
issqli = libinjection_is_sqli(&state);
if (issqli) {
fprintf(stderr, “sqli detected with fingerprint of ‘%s’\n”, state.fingerprint);
}
return issqli;
}
$ gcc -Wall -Wextra examples.c libinjection_sqli.c
$ ./a.out “-1′ and 1=1 union/* foo */select load_file(‘/etc/passwd’)–“
sqli detected with fingerprint of ‘s&1UE’
More advanced samples:
VERSION INFORMATION
Versions are listed as “major.minor.point”
Major are significant changes to the API and/or fingerprint format. Applications will need recompiling and/or refactoring.
Minor are C code changes. These may include
Point releases are purely data changes. These may be safely applied.
QUALITY AND DIAGNOSITICS
The continuous integration results at https://travis-ci.org/client9/libinjection tests the following:
Introduction When it comes to cybersecurity and ethical hacking, one of the most effective ways…
Introduction In the world of cybersecurity, knowledge is power. One of the most powerful skillsets…
Introduction In the vast ocean of the internet, the most powerful tool you already have…
Pystinger is a Python-based tool that enables SOCKS4 proxying and port mapping through webshells. It…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…
Introduction When it comes to cybersecurity, speed and privacy are critical. Public vulnerability databases like…