diff options
| -rw-r--r-- | docs/env_variables.md | 13 | ||||
| -rw-r--r-- | src/afl-cc.c | 4 |
2 files changed, 17 insertions, 0 deletions
diff --git a/docs/env_variables.md b/docs/env_variables.md index a7636511..a972b6da 100644 --- a/docs/env_variables.md +++ b/docs/env_variables.md @@ -196,6 +196,19 @@ in the specified file. For more information, see [instrumentation/README.instrument_list.md](../instrumentation/README.instrument_list.md). +#### INJECTIONS + +This feature is able to find simple injection vulnerabilities in insecure +calls to mysql/mariadb/nosql/postgresql/ldap and XSS in libxml2. + + - Setting `AFL_LLVM_INJECTIONS_ALL` will enable all injection hooking + + - Setting `AFL_LLVM_INJECTIONS_SQL` will enable SQL injection hooking + + - Setting `AFL_LLVM_INJECTIONS_LDAP` will enable LDAP injection hooking + + - Setting `AFL_LLVM_INJECTIONS_XSS` will enable XSS injection hooking + #### LAF-INTEL This great feature will split compares into series of single byte comparisons to diff --git a/src/afl-cc.c b/src/afl-cc.c index a46facc7..54c733c9 100644 --- a/src/afl-cc.c +++ b/src/afl-cc.c @@ -2295,6 +2295,10 @@ int main(int argc, char **argv, char **envp) { "comparisons\n" " AFL_LLVM_DICT2FILE_NO_MAIN: skip parsing main() for the " "dictionary\n" + " AFL_LLVM_INJECTIONS_ALL: enables all injections hooking\n" + " AFL_LLVM_INJECTIONS_SQL: enables SQL injections hooking\n" + " AFL_LLVM_INJECTIONS_LDAP: enables LDAP injections hooking\n" + " AFL_LLVM_INJECTIONS_XSS: enables XSS injections hooking\n" " AFL_LLVM_LAF_ALL: enables all LAF splits/transforms\n" " AFL_LLVM_LAF_SPLIT_COMPARES: enable cascaded comparisons\n" " AFL_LLVM_LAF_SPLIT_COMPARES_BITW: size limit (default 8)\n" |