From 62a361835353f2478d8ef04e7db244c204153b89 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 30 Aug 2018 15:50:17 +0200 Subject: [PATCH] Minor patches --- extra/wafdetectify/wafdetectify.py | 1 + lib/core/settings.py | 2 +- txt/checksum.md5 | 6 +++--- waf/kona.py | 2 +- 4 files changed, 6 insertions(+), 5 deletions(-) diff --git a/extra/wafdetectify/wafdetectify.py b/extra/wafdetectify/wafdetectify.py index e92775613..248a009e7 100644 --- a/extra/wafdetectify/wafdetectify.py +++ b/extra/wafdetectify/wafdetectify.py @@ -48,6 +48,7 @@ def get_page(get=None, url=None, host=None, data=None): except Exception, ex: code = getattr(ex, "code", None) page = ex.read() if hasattr(ex, "read") else getattr(ex, "msg", "") + headers = ex.info() if hasattr(ex, "info") else {} result = CACHE[key] = page, headers, code diff --git a/lib/core/settings.py b/lib/core/settings.py index 54e7c282f..0c597f443 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.8.26" +VERSION = "1.2.8.27" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9e42d80e7..0bc9adaac 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -22,7 +22,7 @@ e4805169a081b834ca51a60a150c7247 extra/shutils/newlines.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 1e5532ede194ac9c083891c2f02bca93 extra/wafdetectify/__init__.py -5a5d4305e9dd22c3ba06b8587dad9db7 extra/wafdetectify/wafdetectify.py +0142de525def5e3f17092dcc1ed67c95 extra/wafdetectify/wafdetectify.py 3459c562a6abb9b4bdcc36925f751f3e lib/controller/action.py 7493c782345a60f6c00c9281d51a494e lib/controller/checks.py c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -d30a78044622a9f97a2b62eec4c62e95 lib/core/settings.py +fe3bc1dc84fcdfc26e552984f6c4b139 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -422,7 +422,7 @@ ade1299c435db7b9e35cf1166ed9d859 waf/generic.py 30ae98958fb35061d9a4145cc74c0489 waf/isaserver.py 5a5c9452b9779bf39c208ebe26c98fdb waf/jiasule.py 898f53c12133da3e946301f4aa97d538 waf/knownsec.py -81e6bf619c7bb73c4b62e2439e60e95a waf/kona.py +15a50edd48961ea168648a370f42e123 waf/kona.py b17a154fe7959619eaafffa60e14199f waf/modsecurity.py d09a50713daf3c0a2594ed4f50c57adb waf/naxsi.py bf573d01d56e585f4ad57132bc594934 waf/netcontinuum.py diff --git a/waf/kona.py b/waf/kona.py index 47824f019..f24702411 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -17,7 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code in (400, 403, 501) and re.search(r"Reference #[0-9a-f.]+", page or "", re.I) is not None + retval = code in (400, 403, 501) and all(_ in (page or "") for _ in ("Access Denied", "You don't have permission to access", "on this server", "Reference")) retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break