Minor upgrade for WAF/IDS/IPS detection

2024-11-22 01:26:42 +03:00 · 2016-05-31 09:49:50 +02:00 · 2016-05-31 09:49:50 +02:00 · 2c6621c26a
commit 2c6621c26a
parent f0500b1d2f
2 changed files with 4 additions and 3 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import OS
 from lib.core.revision import getRevisionNumber

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.5.115"
+VERSION = "1.0.5.116"
 REVISION = getRevisionNumber()
 STABLE = VERSION.count('.') <= 2
 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")
@ -463,7 +463,7 @@ BRUTE_TABLE_EXISTS_TEMPLATE = "EXISTS(SELECT %d FROM %s)"
 BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"

 # Payload used for checking of existence of IDS/WAF (dummier the better)
-IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,'<script>',table_name FROM information_schema.tables WHERE 2>1-- ../../../etc/passwd"
+IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/../../../etc/passwd"

 # Data inside shellcodeexec to be filled with random string
 SHELLCODEEXEC_RANDOM_STRING_MARKER = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
--- a/waf/generic.py
+++ b/waf/generic.py
@ -7,6 +7,7 @@ See the file 'doc/COPYING' for copying permission

 import re

+from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
 from lib.core.settings import WAF_ATTACK_VECTORS

 __product__ = "Generic (Unknown)"
@ -21,7 +22,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, _, code = get_page(get=vector)

-        if code >= 400:
+        if code >= 400 or IDS_WAF_CHECK_PAYLOAD in vector and code is None:
            retval = True
            break