Safer WAF heuristics in case of URI injections

This commit is contained in:
Miroslav Stampar 2018-03-11 03:20:33 +01:00
parent 4cefff7e98
commit 5380e8174b
3 changed files with 11 additions and 6 deletions

View File

@ -1332,6 +1332,11 @@ def checkWaf():
retVal = False retVal = False
payload = "%d %s" % (randomInt(), IDS_WAF_CHECK_PAYLOAD) payload = "%d %s" % (randomInt(), IDS_WAF_CHECK_PAYLOAD)
if PLACE.URI in conf.parameters:
place = PLACE.POST
value = "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))
else:
place = PLACE.GET
value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER
value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload)) value += "%s=%s" % (randomStr(), agent.addPayloadDelimiters(payload))
@ -1339,7 +1344,7 @@ def checkWaf():
conf.timeout = IDS_WAF_CHECK_TIMEOUT conf.timeout = IDS_WAF_CHECK_TIMEOUT
try: try:
retVal = Request.queryPage(place=PLACE.GET, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO
except SqlmapConnectionException: except SqlmapConnectionException:
retVal = True retVal = True
finally: finally:

View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.2.3.14" VERSION = "1.2.3.15"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

View File

@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py
1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py
b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py
0f581182871148b0456a691ae85b04c0 lib/controller/action.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py
5132e59761d8bb617412d2aaaf987716 lib/controller/checks.py e8533a8a406fe58cc610337639ed4bb1 lib/controller/checks.py
9fbd66da9b5cf58bbb8474ccf9252bb7 lib/controller/controller.py 9fbd66da9b5cf58bbb8474ccf9252bb7 lib/controller/controller.py
a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py a7b0c8e5a18a3abe8803999dcfc4664f lib/controller/handler.py
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
fcb74fcc9577523524659ec49e2e964b lib/core/session.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py
b7e3ed2ba524c6b532fcc13025bd7dc3 lib/core/settings.py 32680252839964d1ff2c62207f64b3b0 lib/core/settings.py
d0adc28a38e43a787df4471f7f027413 lib/core/shell.py d0adc28a38e43a787df4471f7f027413 lib/core/shell.py
63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py 63491be462c515a1a3880c27c2acc4a2 lib/core/subprocessng.py
3cc852f927833895361973fbcfd156d2 lib/core/target.py 3cc852f927833895361973fbcfd156d2 lib/core/target.py