diff --git a/lib/core/settings.py b/lib/core/settings.py index 4b59dd1f7..38f2d64fc 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import OS from lib.core.revision import getRevisionNumber # sqlmap version (...) -VERSION = "1.0.5.87" +VERSION = "1.0.5.88" REVISION = getRevisionNumber() STABLE = VERSION.count('.') <= 2 VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev") diff --git a/waf/denyall.py b/waf/denyall.py index a371d44bf..424787460 100644 --- a/waf/denyall.py +++ b/waf/denyall.py @@ -18,7 +18,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) retval = re.search(r"\Asessioncookie=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None - retval |= code == 200 and re.search(r"\ACondition Intercepted", page, re.I) is not None + retval |= code == 200 and re.search(r"\ACondition Intercepted", page or "", re.I) is not None if retval: break diff --git a/waf/expressionengine.py b/waf/expressionengine.py index 4a7e89791..510487571 100644 --- a/waf/expressionengine.py +++ b/waf/expressionengine.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "Invalid GET Data" in page + retval = "Invalid GET Data" in (page or "") if retval: break diff --git a/waf/jiasule.py b/waf/jiasule.py index 631d08e30..baf671af3 100644 --- a/waf/jiasule.py +++ b/waf/jiasule.py @@ -20,7 +20,7 @@ def detect(get_page): retval = re.search(r"jiasule-WAF", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None retval |= re.search(r"__jsluid=", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None retval |= re.search(r"jsl_tracking", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None - retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page, re.I) is not None + retval |= re.search(r"static\.jiasule\.com/static/js/http_error\.js", page or "", re.I) is not None retval |= code == 403 and "notice-jiasule" in (page or "") if retval: break diff --git a/waf/knownsec.py b/waf/knownsec.py index b21d79a29..e9079bb35 100644 --- a/waf/knownsec.py +++ b/waf/knownsec.py @@ -16,7 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = re.search(r"url\('/ks-waf-error\.png'\)", page, re.I) is not None + retval = re.search(r"url\('/ks-waf-error\.png'\)", page or "", re.I) is not None if retval: break diff --git a/waf/kona.py b/waf/kona.py index f90b63f26..e19029586 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code in (400, 403, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is not None + retval = code in (400, 403, 501) and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is not None retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/modsecurity.py b/waf/modsecurity.py index 5dd8b7f49..063419a14 100644 --- a/waf/modsecurity.py +++ b/waf/modsecurity.py @@ -17,9 +17,10 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page, re.I) is None + retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is None retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None - retval |= code == 406 and "This error was generated by Mod_Security" in page + retval |= code == 406 # specific for mod_security (and forks) + retval |= "This error was generated by Mod_Security" in (page or "") if retval: break diff --git a/waf/paloalto.py b/waf/paloalto.py index 96355166a..55a4cc37e 100644 --- a/waf/paloalto.py +++ b/waf/paloalto.py @@ -16,7 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = re.search(r"Access[^<]+has been blocked in accordance with company policy", page, re.I) is not None + retval = re.search(r"Access[^<]+has been blocked in accordance with company policy", page or "", re.I) is not None if retval: break diff --git a/waf/radware.py b/waf/radware.py index aa09658a5..45eea416d 100644 --- a/waf/radware.py +++ b/waf/radware.py @@ -16,7 +16,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, _ = get_page(get=vector) - retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page, re.I | re.S) is not None + retval = re.search(r"Unauthorized Activity Has Been Detected.+Case Number:", page or "", re.I | re.S) is not None retval |= headers.get("X-SL-CompState") is not None if retval: break diff --git a/waf/requestvalidationmode.py b/waf/requestvalidationmode.py index b0f8a9e74..4c8ba02b8 100644 --- a/waf/requestvalidationmode.py +++ b/waf/requestvalidationmode.py @@ -14,8 +14,8 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "ASP.NET has detected data in the request that is potentially dangerous" in page - retval |= "Request Validation has detected a potentially dangerous client input value" in page + retval = "ASP.NET has detected data in the request that is potentially dangerous" in (page or "") + retval |= "Request Validation has detected a potentially dangerous client input value" in (page or "") if retval: break diff --git a/waf/senginx.py b/waf/senginx.py index 1c59bd74c..54cb17648 100644 --- a/waf/senginx.py +++ b/waf/senginx.py @@ -14,7 +14,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, _, _ = get_page(get=vector) - retval = "SENGINX-ROBOT-MITIGATION" in page + retval = "SENGINX-ROBOT-MITIGATION" in (page or "") if retval: break