mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	Minor patch
This commit is contained in:
		
							parent
							
								
									3fca379f29
								
							
						
					
					
						commit
						56f0b811a6
					
				|  | @ -39,6 +39,7 @@ from lib.core.common import singleTimeWarnMessage | ||||||
| from lib.core.common import urlencode | from lib.core.common import urlencode | ||||||
| from lib.core.common import wasLastResponseDBMSError | from lib.core.common import wasLastResponseDBMSError | ||||||
| from lib.core.common import wasLastResponseHTTPError | from lib.core.common import wasLastResponseHTTPError | ||||||
|  | from lib.core.defaults import defaults | ||||||
| from lib.core.data import conf | from lib.core.data import conf | ||||||
| from lib.core.data import kb | from lib.core.data import kb | ||||||
| from lib.core.data import logger | from lib.core.data import logger | ||||||
|  | @ -68,6 +69,7 @@ from lib.core.settings import URI_HTTP_HEADER | ||||||
| from lib.core.settings import UPPER_RATIO_BOUND | from lib.core.settings import UPPER_RATIO_BOUND | ||||||
| from lib.core.settings import IDS_WAF_CHECK_PAYLOAD | from lib.core.settings import IDS_WAF_CHECK_PAYLOAD | ||||||
| from lib.core.settings import IDS_WAF_CHECK_RATIO | from lib.core.settings import IDS_WAF_CHECK_RATIO | ||||||
|  | from lib.core.settings import IDS_WAF_CHECK_TIMEOUT | ||||||
| from lib.core.threads import getCurrentThreadData | from lib.core.threads import getCurrentThreadData | ||||||
| from lib.request.connect import Connect as Request | from lib.request.connect import Connect as Request | ||||||
| from lib.request.inject import checkBooleanExpression | from lib.request.inject import checkBooleanExpression | ||||||
|  | @ -1153,12 +1155,16 @@ def checkWaf(): | ||||||
|     value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER |     value = "" if not conf.parameters.get(PLACE.GET) else conf.parameters[PLACE.GET] + DEFAULT_GET_POST_DELIMITER | ||||||
|     value += agent.addPayloadDelimiters("%s=%s" % (randomStr(), payload)) |     value += agent.addPayloadDelimiters("%s=%s" % (randomStr(), payload)) | ||||||
| 
 | 
 | ||||||
|  |     pushValue(conf.timeout) | ||||||
|  |     conf.timeout = IDS_WAF_CHECK_TIMEOUT | ||||||
|  | 
 | ||||||
|     try: |     try: | ||||||
|         retVal = Request.queryPage(place=PLACE.GET, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO |         retVal = Request.queryPage(place=PLACE.GET, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO | ||||||
|     except SqlmapConnectionException: |     except SqlmapConnectionException: | ||||||
|         retVal = True |         retVal = True | ||||||
|     finally: |     finally: | ||||||
|         kb.matchRatio = None |         kb.matchRatio = None | ||||||
|  |         conf.timeout = popValue() | ||||||
| 
 | 
 | ||||||
|     if retVal: |     if retVal: | ||||||
|         warnMsg = "heuristics detected that the target " |         warnMsg = "heuristics detected that the target " | ||||||
|  | @ -1173,6 +1179,10 @@ def checkWaf(): | ||||||
|             if output and output[0] in ("Y", "y"): |             if output and output[0] in ("Y", "y"): | ||||||
|                 conf.identifyWaf = True |                 conf.identifyWaf = True | ||||||
| 
 | 
 | ||||||
|  |         if conf.timeout == defaults.timeout: | ||||||
|  |             logger.warning("dropping timeout to 5 seconds (i.e. '--timeout=5')") | ||||||
|  |             conf.timeout = 5 | ||||||
|  | 
 | ||||||
|     return retVal |     return retVal | ||||||
| 
 | 
 | ||||||
| def identifyWaf(): | def identifyWaf(): | ||||||
|  |  | ||||||
|  | @ -42,6 +42,9 @@ CONSTANT_RATIO = 0.9 | ||||||
| # Ratio used in heuristic check for WAF/IDS/IPS protected targets | # Ratio used in heuristic check for WAF/IDS/IPS protected targets | ||||||
| IDS_WAF_CHECK_RATIO = 0.5 | IDS_WAF_CHECK_RATIO = 0.5 | ||||||
| 
 | 
 | ||||||
|  | # Timeout used in heuristic check for WAF/IDS/IPS protected targets | ||||||
|  | IDS_WAF_CHECK_TIMEOUT = 10 | ||||||
|  | 
 | ||||||
| # Lower and upper values for match ratio in case of stable page | # Lower and upper values for match ratio in case of stable page | ||||||
| LOWER_RATIO_BOUND = 0.02 | LOWER_RATIO_BOUND = 0.02 | ||||||
| UPPER_RATIO_BOUND = 0.98 | UPPER_RATIO_BOUND = 0.98 | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user