Skip to content

Latest commit

 

History

History

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

libinjection Audit Findings

Security audit of libinjection, a SQL injection and XSS detection library. Each finding includes a detailed write-up and a patch.

Summary

Total findings: 5 -- High: 5, Medium: 0

Findings

Test server (nullserver.py)

# Finding Severity
005 Unauthenticated shutdown endpoint exits server High

Test driver (testdriver.c)

# Finding Severity
007 Unbounded strcat overflows fixed test buffers High
008 Token printer can overflow g_actual High
009 HTML5 token formatter overflows fixed-size output buffer High

HTML5 CLI (html5_cli.c)

# Finding Severity
010 URL decode heap off-by-one High