diff options
Diffstat (limited to 'instrumentation/afl-compiler-rt.o.c')
| -rw-r--r-- | instrumentation/afl-compiler-rt.o.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/instrumentation/afl-compiler-rt.o.c b/instrumentation/afl-compiler-rt.o.c index def59b6b..39a762b6 100644 --- a/instrumentation/afl-compiler-rt.o.c +++ b/instrumentation/afl-compiler-rt.o.c @@ -92,6 +92,8 @@ extern ssize_t _kern_write(int fd, off_t pos, const void *buffer, size_t bufferSize); #endif // HAIKU +char *strcasestr(const char *haystack, const char *needle); + static u8 __afl_area_initial[MAP_INITIAL_SIZE]; static u8 *__afl_area_ptr_dummy = __afl_area_initial; static u8 *__afl_area_ptr_backup = __afl_area_initial; @@ -2670,5 +2672,52 @@ void __afl_set_persistent_mode(u8 mode) { } +// Marker: ADD_TO_INJECTIONS + +void __afl_injection_sql(u8 *buf) { + + if (likely(buf)) { + + if (unlikely(strstr((char *)buf, "'\"\"'"))) { + + fprintf(stderr, "ALERT: Detected SQL injection in query: %s\n", buf); + abort(); + + } + + } + +} + +void __afl_injection_ldap(u8 *buf) { + + if (likely(buf)) { + + if (unlikely(strstr((char *)buf, "*)(1=*))(|"))) { + + fprintf(stderr, "ALERT: Detected LDAP injection in query: %s\n", buf); + abort(); + + } + + } + +} + +void __afl_injection_xss(u8 *buf) { + + if (likely(buf)) { + + if (unlikely(strstr((char *)buf, "1\"><\""))) { + + fprintf(stderr, "ALERT: Detected XSS injection in content: %s\n", buf); + abort(); + + } + + } + +} + #undef write_error |