Minor patches

extra/wafdetectify/wafdetectify.py

@@ -48,6 +48,7 @@ def get_page(get=None, url=None, host=None, data=None):
     except Exception, ex:
         code = getattr(ex, "code", None)
         page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "")
+        headers = ex.info() if hasattr(ex, "info") else {}
 
     result = CACHE[key] = page, headers, code
 

lib/core/settings.py

@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.8.26"
+VERSION = "1.2.8.27"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

txt/checksum.md5

@@ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247  extra/shutils/newlines.py
 1e5532ede194ac9c083891c2f02bca93  extra/sqlharvest/__init__.py
 b3e60ea4e18a65c48515d04aab28ff68  extra/sqlharvest/sqlharvest.py
 1e5532ede194ac9c083891c2f02bca93  extra/wafdetectify/__init__.py
-5a5d4305e9dd22c3ba06b8587dad9db7  extra/wafdetectify/wafdetectify.py
+0142de525def5e3f17092dcc1ed67c95  extra/wafdetectify/wafdetectify.py
 3459c562a6abb9b4bdcc36925f751f3e  lib/controller/action.py
 7493c782345a60f6c00c9281d51a494e  lib/controller/checks.py
 c414cecdb0472c92cf50ed5b01e4438c  lib/controller/controller.py
@@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-d30a78044622a9f97a2b62eec4c62e95  lib/core/settings.py
+fe3bc1dc84fcdfc26e552984f6c4b139  lib/core/settings.py
 dd68a9d02fccb4fa1428b20e15b0db5d  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 815d1cf27f0f8738d81531e73149867d  lib/core/target.py
@@ -422,7 +422,7 @@ ade1299c435db7b9e35cf1166ed9d859  waf/generic.py
 30ae98958fb35061d9a4145cc74c0489  waf/isaserver.py
 5a5c9452b9779bf39c208ebe26c98fdb  waf/jiasule.py
 898f53c12133da3e946301f4aa97d538  waf/knownsec.py
-81e6bf619c7bb73c4b62e2439e60e95a  waf/kona.py
+15a50edd48961ea168648a370f42e123  waf/kona.py
 b17a154fe7959619eaafffa60e14199f  waf/modsecurity.py
 d09a50713daf3c0a2594ed4f50c57adb  waf/naxsi.py
 bf573d01d56e585f4ad57132bc594934  waf/netcontinuum.py

waf/kona.py

@@ -17,7 +17,7 @@ def detect(get_page):
 
     for vector in WAF_ATTACK_VECTORS:
         page, headers, code = get_page(get=vector)
-        retval = code in (400, 403, 501) and re.search(r"Reference #[0-9a-f.]+", page or "", re.I) is not None
+        retval = code in (400, 403, 501) and all(_ in (page or "") for _ in ("Access Denied", "You don't have permission to access", "on this server", "Reference"))
         retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
         if retval:
             break