libinjection fuzzer: fuzz MariaDB/MSSQL/MySQL/PostgreSQL/Oracle database query to find libinjection bypasses

by do son · February 25, 2018

libinjection is a library that parses parameter value to SQL elements (tokens) and checks if tokens combination (fingerprint) is familiar to SQL-injection attack. This library has high performance and is commonly used by WAF/NGFW solutions.

libinjection-fuzzer is a simple python script that works this way:

connects to MySQL database
executes query
checks for libinjection fingerprint if query was successful

This script is much more slower than similar fuzzers written in C, but works as expected with high accuracy of the results, since it checks payloads on real DB and verifies bypasses via pylibinjection library.

libinjection fuzzer

This tool is supposed to fuzz MariaDB/MSSQL/MySQL/PostgreSQL/Oracle database query to find libinjection bypasses. Related articles:

libinjection: fuzz to bypass

Part 2. libinjection: different databases fuzzing

Download

git clone https://github.com/2d8/libinjection-fuzzer.git

Usage

# python fuzzer.py -h

usage: fuzzer.py [-h] [-t {mysql,mariadb,mssql,pgsql,oracle}] -q QUERY -p

                 PAYLOAD -c CHARS [-u USER] [--password PASSWORD] -d DB

                 [-o OUT] [--log-all] [--check CHECK] [--threads THREADS]



libinjection fuzzer MariaDB, MSSQL, MySQL, PostgreSQL and Oracle databases



optional arguments:

  -h, --help            show this help message and exit

  -t {mysql,mariadb,mssql,pgsql,oracle}, --type {mysql,mariadb,mssql,pgsql,oracle}

                        Database type: mysql, mssql

  -q QUERY, --query QUERY

                        Query to fuzz

  -p PAYLOAD, --payload PAYLOAD

                        Payload to use

  -c CHARS, --chars CHARS

                        Characters to fuzz

  -u USER, --user USER  Database user

  --password PASSWORD   Database user

  -d DB, --db DB        Database name

  -o OUT, --out OUT     Filename pattern (default: log)

  --log-all

  --check CHECK         Check value

Example

python fuzzer.py -t pgsql -u pt -d test --log-all -q "select * from users where id='1{}'" -c " \"#\$%&()*+,-./1:;<=>?@[\]^_\`a{|}~!" -p "' + {} union select 'a',version() -- 1"

Source: https://github.com/2d8/

libinjection fuzzer: fuzz MariaDB/MSSQL/MySQL/PostgreSQL/Oracle database query to find libinjection bypasses

Search

Brilliantly

Content & Links