libinjection fuzzer: fuzz MariaDB/MSSQL/MySQL/PostgreSQL/Oracle database query to find libinjection bypasses
libinjection is a library that parses parameter value to SQL elements (tokens) and checks if tokens combination (fingerprint) is familiar to SQL-injection attack. This library has high performance and is commonly used by WAF/NGFW solutions.
libinjection-fuzzer is a simple python script that works this way:
- connects to MySQL database
- executes query
- checks for libinjection fingerprint if query was successful
This script is much more slower than similar fuzzers written in C, but works as expected with high accuracy of the results, since it checks payloads on real DB and verifies bypasses via
This tool is supposed to fuzz MariaDB/MSSQL/MySQL/PostgreSQL/Oracle database query to find libinjection bypasses. Related articles:
git clone https://github.com/2d8/libinjection-fuzzer.git
Copyright (c) 2017, Positive Technologies.