From 287371337d9bc0b3f2386880103abf4716ea870c Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 15:56:13 +0200 Subject: [PATCH] Update of ZENEDGE WAF script --- lib/core/settings.py | 2 +- txt/checksum.md5 | 4 ++-- waf/zenedge.py | 3 ++- 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 0c597f443..bbd640edb 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.27" +VERSION = "1.2.8.28" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 0bc9adaac..bad941e70 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -fe3bc1dc84fcdfc26e552984f6c4b139 lib/core/settings.py +676dac9284820f0949ec1f63e8827c4b lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -457,7 +457,7 @@ f3a81da13ee098e94edd965ea4b37b04 waf/varnish.py 11a5c6b10ced11e505a74e36ee2503b3 waf/wordfence.py 68e332530fab216d017ede506c3fec2f waf/yundun.py bea35ba732ccc9548e6c4023cea6832b waf/yunsuo.py -705ac8663513c12150cb5623ef4a04fb waf/zenedge.py +47f8f6623841232a93c5229d6c1bebfe waf/zenedge.py dc394c5b90ada0a5d5853b5ad1f7d56d xml/banner/generic.xml d8925c034263bf1b83e7d8e1c78eec57 xml/banner/mssql.xml 7b21aeb3ad66d7686eacd23a6346292c xml/banner/mysql.xml diff --git a/waf/zenedge.py b/waf/zenedge.py index 82d367cfa..b5b3e0fb3 100644 --- a/waf/zenedge.py +++ b/waf/zenedge.py @@ -16,8 +16,9 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - _, headers, code = get_page(get=vector) + page, headers, code = get_page(get=vector) retval = code >= 400 and re.search(r"\AZENEDGE", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval |= all(_ in (page or "") for _ in ("Your request has been blocked", "Incident ID", "/__zenedge/assets/")) if retval: break