diff --git a/lib/core/settings.py b/lib/core/settings.py index bbd640edb..2e014209d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.28" +VERSION = "1.2.8.29" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index bad941e70..bb317f4b1 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -676dac9284820f0949ec1f63e8827c4b lib/core/settings.py +06f18a0602e49a4b14f4096feea04e4b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -404,7 +404,7 @@ ef722d062564def381b1f96f5faadee3 waf/baidu.py 41e399dbfe7b904d5aacfb37d85e1fbf waf/blockdos.py 2f3bbf43be94d4e9ffe9f80e8483d62f waf/ciscoacexml.py ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py -feda0f2a5172325f39e8e3e38c45f73d waf/cloudflare.py +5987ef1e3f368f1f6cf5dad341db7159 waf/cloudflare.py b16b1c15532103346d5e2f5b8bd1ed36 waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py 56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py diff --git a/waf/cloudflare.py b/waf/cloudflare.py index 7e738bb47..c2e8cdf55 100644 --- a/waf/cloudflare.py +++ b/waf/cloudflare.py @@ -17,12 +17,13 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if code >= 400: + retval |= re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= headers.get("cf-ray") is not None retval |= re.search(r"CloudFlare Ray ID:|var CloudFlare=", page or "") is not None + retval |= all(_ in (page or "") for _ in ("Attention Required! | Cloudflare", "Please complete the security check to access")) if retval: break