sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-19 21:10:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor patch for WAF mechanism

Browse Source
This commit is contained in:
Miroslav Stampar 2017-10-16 11:42:11 +02:00
parent 94579aa80d
commit 1f60dfc835
2 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/controller/checks.py
View File

@ -1382,6 +1382,9 @@ def identifyWaf():
retVal = [] retVal = []
for function, product in kb.wafFunctions: for function, product in kb.wafFunctions:
if retVal and "unknown" in product.lower():
continue
try: try:
logger.debug("checking for WAF/IPS/IDS product '%s'" % product) logger.debug("checking for WAF/IPS/IDS product '%s'" % product)
found = function(_) found = function(_)

3
waf/fortiweb.py
View File

@ -16,8 +16,9 @@ def detect(get_page):
retval = False retval = False
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
_, headers, _ = get_page(get=vector) page, headers, _ = get_page(get=vector)
retval = re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval = re.search(r"\AFORTIWAFSID=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
retval |= all(_ in (page or "") for _ in (".fgd_icon", ".blocked", ".authenticate"))
if retval: if retval:
break break