Hi,

The error happens when compiling this code.

I tried this code

$ src/main.rs

extern crate libinjection;
use std::str;
use libinjection::{xss};

fn main() {

    let _b = "OVJtAFc=";
    let bytes = base64::decode(_b).unwrap();
    let _ok = str::from_utf8(&bytes).unwrap();
    let _is_ok = xss(_ok).unwrap();
    println!("{}", _is_ok); 

}

$ Cargo.toml                                                                                                                                                      1 ⨯
[package]
name = "new"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[dependencies]
libinjection = "0.2"
base64 = "0.13.0"

Meta

rustc --version --verbose:

rustc 1.58.1 (db9d1b20b 2022-01-20)
binary: rustc
commit-hash: db9d1b20bba1968c1ec1fc49616d4742c1725b4b
commit-date: 2022-01-20
host: x86_64-unknown-linux-gnu
release: 1.58.1
LLVM version: 13.0.0

# cargo run
   Compiling new v0.1.0 (/home/kali/new)
    Finished dev [unoptimized + debuginfo] target(s) in 0.46s
     Running `target/debug/new`
thread 'main' panicked at 'called `Option::unwrap()` on a `None` value', src/main.rs:11:27
stack backtrace:
   0:     0x563858ee94dc - std::backtrace_rs::backtrace::libunwind::trace::h09f7e4e089375279
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/../../backtrace/src/backtrace/libunwind.rs:93:5
   1:     0x563858ee94dc - std::backtrace_rs::backtrace::trace_unsynchronized::h1ec96f1c7087094e
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x563858ee94dc - std::sys_common::backtrace::_print_fmt::h317b71fc9a5cf964
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/sys_common/backtrace.rs:67:5
   3:     0x563858ee94dc - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::he3555b48e7dfe7f0
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/sys_common/backtrace.rs:46:22
   4:     0x563858f0372c - core::fmt::write::h513b07ca38f4fb1b
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/core/src/fmt/mod.rs:1149:17
   5:     0x563858ee6c65 - std::io::Write::write_fmt::haf8c932b52111354
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/io/mod.rs:1697:15
   6:     0x563858eeac30 - std::sys_common::backtrace::_print::h195c38364780a303
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/sys_common/backtrace.rs:49:5
   7:     0x563858eeac30 - std::sys_common::backtrace::print::hc09dfdea923b6730
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/sys_common/backtrace.rs:36:9
   8:     0x563858eeac30 - std::panicking::default_hook::{{closure}}::hb2e38ec0d91046a3
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panicking.rs:211:50
   9:     0x563858eea7e5 - std::panicking::default_hook::h60284635b0ad54a8
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panicking.rs:228:9
  10:     0x563858eeb2e4 - std::panicking::rust_panic_with_hook::ha677a669fb275654
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panicking.rs:606:17
  11:     0x563858eead92 - std::panicking::begin_panic_handler::{{closure}}::h976246fb95d93c31
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panicking.rs:500:13
  12:     0x563858ee9984 - std::sys_common::backtrace::__rust_end_short_backtrace::h38077ee5b7b9f99a
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/sys_common/backtrace.rs:139:18
  13:     0x563858eead29 - rust_begin_unwind
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panicking.rs:498:5
  14:     0x563858ec3da1 - core::panicking::panic_fmt::h35f3a62252ba0fd2
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/core/src/panicking.rs:107:14
  15:     0x563858ec3ced - core::panicking::panic::h86fc01e270142a61
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/core/src/panicking.rs:48:5
  16:     0x563858eccb3e - core::option::Option<T>::unwrap::hd8f9d23cad4cf60f
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/core/src/option.rs:746:21
  17:     0x563858ecc921 - new::main::h21ff5125dd81b9ee
                               at /home/kali/Desktop/source_code_fuzzing_course/Chapter06/arvancloud_libinjection/new/src/main.rs:11:18
  18:     0x563858ecd02b - core::ops::function::FnOnce::call_once::h0c7e75edaedfd0f5
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/core/src/ops/function.rs:227:5
  19:     0x563858eccc5e - std::sys_common::backtrace::__rust_begin_short_backtrace::hc3ffef76f0ea0d5c
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/sys_common/backtrace.rs:123:18
  20:     0x563858ecca71 - std::rt::lang_start::{{closure}}::h1086c611fdc767a2
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/rt.rs:145:18
  21:     0x563858ee916b - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::h7e688d7cdfeb7e00
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/core/src/ops/function.rs:259:13
  22:     0x563858ee916b - std::panicking::try::do_call::h4be824d2350b44c9
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panicking.rs:406:40
  23:     0x563858ee916b - std::panicking::try::h0a6fc7affbe5088d
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panicking.rs:370:19
  24:     0x563858ee916b - std::panic::catch_unwind::h22c320f732ec805e
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panic.rs:133:14
  25:     0x563858ee916b - std::rt::lang_start_internal::{{closure}}::hd38309c108fe679d
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/rt.rs:128:48
  26:     0x563858ee916b - std::panicking::try::do_call::h8fcaf501f097a28e
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panicking.rs:406:40
  27:     0x563858ee916b - std::panicking::try::h20e906825f98acc1
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panicking.rs:370:19
  28:     0x563858ee916b - std::panic::catch_unwind::h8c5234dc632124ef
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/panic.rs:133:14
  29:     0x563858ee916b - std::rt::lang_start_internal::hc4dd8cd3ec4518c2
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/rt.rs:128:20
  30:     0x563858ecca40 - std::rt::lang_start::hd2a340c49054275a
                               at /rustc/db9d1b20bba1968c1ec1fc49616d4742c1725b4b/library/std/src/rt.rs:144:17
  31:     0x563858ecca0c - main
  32:     0x7f4443e217ed - __libc_start_main
  33:     0x563858ec44ca - _start
  34:                0x0 - <unknown>

Thanks, Ramin,

The current version of libinjection is built from client9/libinjection which was last updated on Mar 12, 2018.

There is a newer fork libinjection/libinjection which, at the time of writing, has a few changes and bug fixes, with the latest commit being 14 days ago.

When I try to build on my machine (macOS 10.14.6, rustc 1.40.0-nightly).

I get an unable to clone libinjection error. I've included a trace below, but wondering if there are any special steps I need to take to get it to build locally? Thanks!

 ✘  ~/code/libinjection-rs   master  cargo build
   Compiling libinjection v0.1.1 (/Users/me/code/libinjection-rs)
error: failed to run custom build command for `libinjection v0.1.1 (/Users/me/code/libinjection-rs)`

Caused by:
  process didn't exit successfully: `/Users/me/code/libinjection-rs/target/debug/build/libinjection-e6642227de8a378d/build-script-build` (exit code: 101)
--- stderr
thread 'main' panicked at 'unable to clone libinjection', build.rs:54:9
stack backtrace:
   0: backtrace::backtrace::libunwind::trace
             at /Users/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.40/src/backtrace/libunwind.rs:88
   1: backtrace::backtrace::trace_unsynchronized
             at /Users/runner/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.40/src/backtrace/mod.rs:66
   2: std::sys_common::backtrace::_print_fmt
             at src/libstd/sys_common/backtrace.rs:77
   3: <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt
             at src/libstd/sys_common/backtrace.rs:61
   4: core::fmt::write
             at src/libcore/fmt/mod.rs:1028
   5: std::io::Write::write_fmt
             at src/libstd/io/mod.rs:1412
   6: std::sys_common::backtrace::_print
             at src/libstd/sys_common/backtrace.rs:65
   7: std::sys_common::backtrace::print
             at src/libstd/sys_common/backtrace.rs:50
   8: std::panicking::default_hook::{{closure}}
             at src/libstd/panicking.rs:188
   9: std::panicking::default_hook
             at src/libstd/panicking.rs:205
  10: std::panicking::rust_panic_with_hook
             at src/libstd/panicking.rs:464
  11: std::panicking::begin_panic
             at /rustc/38048763e885a3ee139abf39d59a530b16484150/src/libstd/panicking.rs:400
  12: build_script_build::main
             at ./build.rs:54

Hi,

Methods for bypass libinjection-rs of DOM base XSS

1- javascript:alert(eval("2*3"));

Senario

PoC : http://example.com/?returnURL=javascript:alert(1);

          var redirectUrl = getUrlParameter('returnURL');
          window.parent.location.href = redirectUrl;

2- a tag when user click button and trigger alert :).

	 <a href="javascript:alert(1);"> click me </a>

3- title value

     `<img id="testz" title="javascript:alert(1)">`

        <script>
         document.location.href=window.testz.title;
        </script>

Real example :

source image : https://twitter.com/Milad_Bahari/status/990539191544156160

Source

[dependencies]
json = "0.11.13"
libinjection = "0.1"

#[macro_use]
extern crate json;
extern crate libinjection;

use libinjection::{xss};


fn main() {
    let data = object!{
        "foo" => "javascript:alert(1);",
    };

    let is_xss = xss("javascript:alert(1);").unwrap();
    let is_xss_2 = xss(&data.dump()).unwrap();
    let is_xss_3 = xss("<img id='testz' title='javascript:alert(1)'>").unwrap();
    
    println!("{}", data); 
    println!("{}", is_xss); // false
    println!("{}", is_xss_2); // false
    println!("{}", is_xss_3); // false

}

Thanks, Ramin - kernel security engineering Best regards,

Hi,

libinection-rs unable to detect time base sql inection,

1 - Payload 1'=sleep(10)='1

let (is_sqli, fingerprint) = sqli("1'=sleep(10)='1").unwrap();
assert!(is_sqli); // false
assert_eq!("s&sos", fingerprint);

2- Payloads used to determine database version '=IF(MID(VERSION(),1,1)=1,SLEEP(10),0)='1

let (is_sqli, fingerprint) = sqli("'=IF(MID(VERSION(),1,1)=1,SLEEP(10),0)='1").unwrap();
assert!(is_sqli); // false
assert_eq!("s&sos", fingerprint);

Thanks, Ramin - kernel security engineering Best regards,