mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 11:33:47 +03:00
Far better detection of SecureIIS (WAF)
This commit is contained in:
Miroslav Stampar
parent
ec06037335
commit
1b863ecf93
|
|
@ -19,7 +19,7 @@ from lib.core.enums import OS
|
||||||
from lib.core.revision import getRevisionNumber
|
from lib.core.revision import getRevisionNumber
|
||||||
|
|
||||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||||
VERSION = "1.0.6.49"
|
VERSION = "1.0.6.50"
|
||||||
REVISION = getRevisionNumber()
|
REVISION = getRevisionNumber()
|
||||||
STABLE = VERSION.count('.') <= 2
|
STABLE = VERSION.count('.') <= 2
|
||||||
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
|
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
|
||||||
|
|
|
||||||
|
|
@ -5,8 +5,6 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'doc/COPYING' for copying permission
|
See the file 'doc/COPYING' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import re
|
|
||||||
|
|
||||||
from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
|
from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
|
||||||
from lib.core.settings import WAF_ATTACK_VECTORS
|
from lib.core.settings import WAF_ATTACK_VECTORS
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,6 @@ def detect(get_page):
|
||||||
page, headers, code = get_page(get=vector)
|
page, headers, code = get_page(get=vector)
|
||||||
retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is None
|
retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is None
|
||||||
retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||||
retval |= code == 406 # specific for mod_security (and forks)
|
|
||||||
retval |= "This error was generated by Mod_Security" in (page or "")
|
retval |= "This error was generated by Mod_Security" in (page or "")
|
||||||
if retval:
|
if retval:
|
||||||
break
|
break
|
||||||
|
|
|
||||||
|
|
@ -5,13 +5,21 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'doc/COPYING' for copying permission
|
See the file 'doc/COPYING' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from lib.core.enums import HTTP_HEADER
|
import re
|
||||||
|
|
||||||
|
from lib.core.settings import WAF_ATTACK_VECTORS
|
||||||
|
|
||||||
__product__ = "SecureIIS Web Server Security (BeyondTrust)"
|
__product__ = "SecureIIS Web Server Security (BeyondTrust)"
|
||||||
|
|
||||||
def detect(get_page):
|
def detect(get_page):
|
||||||
_, _, code = get_page()
|
retval = False
|
||||||
retval = code != 404
|
|
||||||
_, _, code = get_page(auxHeaders={HTTP_HEADER.TRANSFER_ENCODING: 'a' * 1025, HTTP_HEADER.ACCEPT_ENCODING: "identity"})
|
for vector in WAF_ATTACK_VECTORS:
|
||||||
retval = retval and code == 404
|
page, _, _ = get_page(get=vector)
|
||||||
|
retval = re.search(r"SecureIIS[^<]+Web Server Protection", page or "") is not None
|
||||||
|
retval |= "http://www.eeye.com/SecureIIS/" in (page or "")
|
||||||
|
retval |= "?subject=SecureIIS Error" in (page or "")
|
||||||
|
if retval:
|
||||||
|
break
|
||||||
|
|
||||||
return retval
|
return retval
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user