The latest changes on libinjection does not allow embedding.

libinjection/libinjection#31

Is the module still functional for now with Naxsi project?

yes, i have update till the latest usable commit

If they won't fix this, then i will just fork it and keep it synced with patches.

If they won't fix this, then i will just fork it and keep it synced with patches.

excellent, thanks for your effort 👍 , but I think this library is very important and the community will continue to maintain it.

by the way I share with you a link about a new technique to bypass the waf.

https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf

those new keywords are very interesting

@rickygm most of that should be caught by these additional rules: #64

I am already testing, I think you are referring to this rule:

MainRule "str:c:c:msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;

no, i'm referring to the changes in the commit
https://github.com/wargio/naxsi/pull/64/files#diff-91665550fa46dd90eba9ba0568773985dfb0f25b3a5504da1255376c07ee2534

ok , understood .
thank wargio.

What classification did you give to the rules?

what you mean? the rules are simple, if i see any of those json functions being called, then i know is a SQLi

I mean description

"msg:json functions and operators"

ok, ready.