diff --git a/lib/core/settings.py b/lib/core/settings.py index 2b15c294a..87472e89d 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.9.18" +VERSION = "1.2.9.19" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 3e6f9d37f..9b1307fc7 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -50,7 +50,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -9b9a0dbc9e47aa07545f1e157ebb3d4e lib/core/settings.py +ef7c758b79feb71ddb3376df9149d562 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 815d1cf27f0f8738d81531e73149867d lib/core/target.py @@ -392,6 +392,7 @@ d9006810684baf01ea33281d21522519 udf/postgresql/windows/32/8.3/lib_postgresqlud ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_ 0d3fe0293573a4453463a0fa5a081de1 udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_ 336d0b0d2be333f5a6184042c85464fd waf/360.py +0ce8a335c7eb9cf14e645f64b3a5e91f waf/aesecure.py a73a40d201b39f3387714c59934331e4 waf/airlock.py 7da7970b45512b0233450dbd8088fde0 waf/anquanbao.py b61329e8f8bdbf5625f9520ec010af1f waf/armor.py @@ -407,6 +408,7 @@ ba84f296cb52f5e78a0670b98d7763fa waf/cloudbric.py 94b50385a9d462492e3a639d71aaa1c3 waf/cloudflare.py 29ba81741fd7e220a95fe7c5fae76e1a waf/cloudfront.py ac96f34c254951d301973617064eb1b5 waf/comodo.py +c84e515440fe482476c1f2687bd9960f waf/crawlprotect.py 56d58c982c2cf775e0f8dc6767f336fd waf/datapower.py 1538b661e35843074f4599be93b3fae9 waf/denyall.py 0182d23b34cf903537f77f4ec4b144bf waf/distil.py diff --git a/waf/aesecure.py b/waf/aesecure.py new file mode 100644 index 000000000..083d1aad4 --- /dev/null +++ b/waf/aesecure.py @@ -0,0 +1,25 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +import re + +from lib.core.enums import HTTP_HEADER +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "aeSecure (aeSecure)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, headers, _ = get_page(get=vector) + retval = headers.get("aeSecure-code") is not None + retval |= all(_ in (page or "") for _ in ("aeSecure", "aesecure_denied.png")) + if retval: + break + + return retval diff --git a/waf/crawlprotect.py b/waf/crawlprotect.py new file mode 100644 index 000000000..ed1698f96 --- /dev/null +++ b/waf/crawlprotect.py @@ -0,0 +1,19 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "CrawlProtect (Jean-Denis Brun)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, _, code = get_page(get=vector) + retval = code >= 400 and "This site is protected by CrawlProtect" in (page or "") + + return retval