mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Couple of drei patches
This commit is contained in:
Miroslav Stampar
parent
4d028c7230
commit
285482b396
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
|||
from thirdparty import six
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.3.5.41"
|
||||
VERSION = "1.3.5.42"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
|||
|
|
@ -803,7 +803,7 @@ class Connect(object):
|
|||
responseMsg += "[#%d] (%s %s):\r\n" % (threadData.lastRequestUID, code, status)
|
||||
|
||||
if responseHeaders:
|
||||
logHeaders = getUnicode("".join(responseHeaders.headers).strip() if six.PY2 else responseHeaders.__bytes__())
|
||||
logHeaders = getUnicode("".join(responseHeaders.headers).strip())
|
||||
|
||||
logHTTPTraffic(requestMsg, "%s%s\r\n\r\n%s" % (responseMsg, logHeaders, (page or "")[:MAX_CONNECTION_CHUNK_SIZE]), start, time.time())
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
|
|||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
import functools
|
||||
import os
|
||||
import random
|
||||
import shutil
|
||||
|
|
@ -14,6 +15,7 @@ import string
|
|||
from lib.core.common import getSafeExString
|
||||
from lib.core.compat import xrange
|
||||
from lib.core.data import logger
|
||||
from thirdparty import six
|
||||
|
||||
def purge(directory):
|
||||
"""
|
||||
|
|
@ -66,7 +68,10 @@ def purge(directory):
|
|||
except:
|
||||
pass
|
||||
|
||||
if six.PY2:
|
||||
dirpaths.sort(cmp=lambda x, y: y.count(os.path.sep) - x.count(os.path.sep))
|
||||
else:
|
||||
dirpaths.sort(key=functools.cmp_to_key(lambda x, y: y.count(os.path.sep) - x.count(os.path.sep)))
|
||||
|
||||
logger.debug("renaming directory names to random values")
|
||||
for dirpath in dirpaths:
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, headers, code = get_page(get=vector)
|
||||
retval |= code >= 400 and headers.get("Powered-By-ChinaCache") is not None
|
||||
retval |= (code or 0) >= 400 and headers.get("Powered-By-ChinaCache") is not None
|
||||
|
||||
if retval:
|
||||
break
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, headers, code = get_page(get=vector)
|
||||
retval |= code >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected"))
|
||||
retval |= (code or 0) >= 400 and all(_ in (page or "") for _ in ("Cloudbric", "Malicious Code Detected"))
|
||||
if retval:
|
||||
break
|
||||
|
||||
|
|
|
|||
|
|
@ -18,7 +18,7 @@ def detect(get_page):
|
|||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, headers, code = get_page(get=vector)
|
||||
|
||||
if code >= 400:
|
||||
if (code or 0) >= 400:
|
||||
retval |= re.search(r"cloudflare", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
retval |= re.search(r"\A__cfduid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None
|
||||
retval |= headers.get("cf-ray") is not None
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, _, code = get_page(get=vector)
|
||||
retval |= code >= 400 and "This site is protected by CrawlProtect" in (page or "")
|
||||
retval |= (code or 0) >= 400 and "This site is protected by CrawlProtect" in (page or "")
|
||||
retval |= "<title>CrawlProtect" in (page or "")
|
||||
if retval:
|
||||
break
|
||||
|
|
|
|||
|
|
@ -19,13 +19,13 @@ def detect(get_page):
|
|||
retval = False
|
||||
|
||||
original, _, code = get_page()
|
||||
if original is None or code >= 400:
|
||||
if original is None or (code or 0) >= 400:
|
||||
return False
|
||||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, headers, code = get_page(get=vector)
|
||||
|
||||
if code >= 400 or (IPS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
|
||||
if (code or 0) >= 400 or (IPS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
|
||||
if code is not None:
|
||||
kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(getUnicode(_) for _ in (headers.headers if headers else {}) or [] if not _.startswith("URI")), getUnicode(page or ""))
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, headers, code = get_page(get=vector)
|
||||
retval |= code >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
retval |= (code or 0) >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
if retval:
|
||||
break
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, headers, code = get_page(get=vector)
|
||||
retval |= code >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
retval |= (code or 0) >= 400 and re.search(r"Secure Entry Server", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
if retval:
|
||||
break
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, _, code = get_page(get=vector)
|
||||
retval |= code >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck"))
|
||||
retval |= (code or 0) >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck"))
|
||||
if retval:
|
||||
break
|
||||
|
||||
|
|
|
|||
|
|
@ -14,7 +14,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, _, code = get_page(get=vector)
|
||||
retval |= code >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
|
||||
retval |= (code or 0) >= 400 and "Request rejected by xVarnish-WAF" in (page or "")
|
||||
if retval:
|
||||
break
|
||||
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, headers, code = get_page(get=vector)
|
||||
retval |= code >= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
retval |= (code or 0) >= 400 and re.search(r"\AWatchGuard", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
retval |= "Request denied by WatchGuard Firewall" in (page or "")
|
||||
if retval:
|
||||
break
|
||||
|
|
|
|||
|
|
@ -17,7 +17,7 @@ def detect(get_page):
|
|||
|
||||
for vector in WAF_ATTACK_VECTORS:
|
||||
page, headers, code = get_page(get=vector)
|
||||
retval |= code >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
retval |= (code or 0) >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
|
||||
retval |= all(_ in (page or "") for _ in ("Your request has been blocked", "Incident ID", "/__zenedge/assets/"))
|
||||
if retval:
|
||||
break
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user