Latest libinjection cannot be used due broken embedding
wargio opened this issue · comments
The latest changes on libinjection does not allow embedding.
Is the module still functional for now with Naxsi project?
yes, i have update till the latest usable commit
If they won't fix this, then i will just fork it and keep it synced with patches.
If they won't fix this, then i will just fork it and keep it synced with patches.
excellent, thanks for your effort 👍 , but I think this library is very important and the community will continue to maintain it.
by the way I share with you a link about a new technique to bypass the waf.
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
those new keywords are very interesting
I am already testing, I think you are referring to this rule:
MainRule "str:c:c:msg:obvious windows path" "mz:ARGS|URL|BODY|$HEADERS_VAR:Cookie" "s:$TRAVERSAL:4" id:1203;
no, i'm referring to the changes in the commit
https://github.com/wargio/naxsi/pull/64/files#diff-91665550fa46dd90eba9ba0568773985dfb0f25b3a5504da1255376c07ee2534
ok , understood .
thank wargio.
What classification did you give to the rules?
what you mean? the rules are simple, if i see any of those json functions being called, then i know is a SQLi
I mean description
"msg:json functions and operators"
ok, ready.