mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Update for an Issue #760
This commit is contained in:
parent
32af0b17b0
commit
305ec45fc6
|
@ -14,18 +14,18 @@ def dependencies():
|
|||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
Append a HTTP Request Parameter to ByPass
|
||||
WAF Protection of Varnish Firewall.
|
||||
Append a HTTP Request Parameter to bypass
|
||||
WAF Protection of Varnish Firewall
|
||||
|
||||
You can tamper with different Parameters, like:
|
||||
>> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
|
||||
>> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
|
||||
>> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)
|
||||
>> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)
|
||||
>> X-remote-IP: * or %00 or %0A
|
||||
|
||||
http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
|
||||
Notes:
|
||||
Reference: http://h30499.www3.hp.com/t5/Fortify-Application-Security/Bypassing-web-application-firewalls-using-HTTP-headers/ba-p/6418366
|
||||
|
||||
Examples:
|
||||
>> X-forwarded-for: TARGET_CACHESERVER_IP (184.189.250.X)
|
||||
>> X-remote-IP: TARGET_PROXY_IP (184.189.250.X)
|
||||
>> X-originating-IP: TARGET_LOCAL_IP (127.0.0.1)
|
||||
>> x-remote-addr: TARGET_INTERNALUSER_IP (192.168.1.X)
|
||||
>> X-remote-IP: * or %00 or %0A
|
||||
"""
|
||||
|
||||
headers = kwargs.get("headers", {})
|
||||
|
|
Loading…
Reference in New Issue
Block a user