ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-15 19:38:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

initial simple injection detection support

Browse Source
This commit is contained in:
vanhauser-thc
2023-12-27 13:53:11 +01:00
parent b01ef97569
commit 1fc1b32db2
6 changed files with 86 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
instrumentation/afl-compiler-rt.o.c
View File

@ -92,6 +92,8 @@ extern ssize_t _kern_write(int fd, off_t pos, const void *buffer,
size_t bufferSize);
#endif // HAIKU
char *strcasestr(const char *haystack, const char *needle);
static u8 __afl_area_initial[MAP_INITIAL_SIZE];
static u8 *__afl_area_ptr_dummy = __afl_area_initial;
static u8 *__afl_area_ptr_backup = __afl_area_initial;
@ -2670,5 +2672,51 @@ void __afl_set_persistent_mode(u8 mode) {
}
void __afl_injection_sql(u8 *buf) {
if (likely(buf)) {
if (unlikely(strcasestr((char *)buf, "1'\" OR \"1\"=\"1") ||
strcasestr((char *)buf, "1\"' OR '1'='1"))) {
fprintf(stderr, "ALERT: Detected SQL injection in query: %s\n", buf);
abort();
}
}
}
void __afl_injection_ldap(u8 *buf) {
if (likely(buf)) {
if (unlikely(strcasestr((char *)buf, "*)(FUZZ=*))(|"))) {
fprintf(stderr, "ALERT: Detected LDAP injection in query: %s\n", buf);
abort();
}
}
}
void __afl_injection_xss(u8 *buf) {
if (likely(buf)) {
if (unlikely(strcasestr((char *)buf, "\";FUZZ;\""))) {
fprintf(stderr, "ALERT: Detected XSS injection in content: %s\n", buf);
abort();
}
}
}
#undef write_error