sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-29 17:39:56 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update luanginxwafbypass.py

Browse Source
This commit is contained in:
Jennifer Torres 2018-10-25 12:05:24 +01:00 committed by GitHub
parent c70818bfc7
commit 15a77ef3e9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
tamper/luanginxwafbypass.py
View File

@ -12,7 +12,8 @@ Open Data Security (@ODSops) [https://ods.es]
PoC: https://www.youtube.com/watch?v=JUvro7cqidY PoC: https://www.youtube.com/watch?v=JUvro7cqidY
Vulnerability information: https://opendatasecurity.io/cloudflare-vulnerability-allows-waf-be-disabled/ Vulnerability information: https://opendatasecurity.io/cloudflare-vulnerability-allows-waf-be-disabled/
Example: sqlmap -r file.txt --tamper=luanginxwafbypass.py --dbs --skip-urlencode Example: sqlmap -r file.txt --tamper=luanginxwafbypass.py --dbs --skip-urlencode -p vulnparameter
Required options: --skip-urlencode, -p
''' '''
import sys import sys
@ -32,8 +33,6 @@ def tamper(payload, **kwargs):
try: try:
headers = kwargs.get("headers", {}) headers = kwargs.get("headers", {})
randomParameter = randomParameterGenerator() randomParameter = randomParameterGenerator()
''' Get parameter name to test '''
parameter = conf["testParameter"][0] parameter = conf["testParameter"][0]
if not parameter: if not parameter: