Minor update of safe3 WAF script

2024-11-22 09:36:35 +03:00 · 2019-01-10 14:19:03 +01:00 · 2019-01-10 14:19:03 +01:00 · 9fef4336b0
commit 9fef4336b0
parent aa7af33fd5
3 changed files with 5 additions and 4 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.1.33"
+VERSION = "1.3.1.34"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -49,7 +49,7 @@ fe370021c6bc99daf44b2bfc0d1effb3  lib/core/patch.py
 9a7d68d5fa01561500423791f15cc676  lib/core/replication.py
 3179d34f371e0295dd4604568fb30bcd  lib/core/revision.py
 d6269c55789f78cf707e09a0f5b45443  lib/core/session.py
-b1f45422ccaa4ffb67909daa015f85d6  lib/core/settings.py
+030191317120c2bae605d2ef3ad5ff3b  lib/core/settings.py
 a8a7501d1e6b21669b858a62e921d191  lib/core/shell.py
 5dc606fdf0afefd4b305169c21ab2612  lib/core/subprocessng.py
 eec3080ba5baca44c6de4595f1c92a0d  lib/core/target.py
@ -448,7 +448,7 @@ ac60456fe7af4eb501d448910e98ee4b  waf/radware.py
 1315066be1abb4f1d34290239be0af14  waf/reblaze.py
 987389e4f403b7615d6d8006420a6260  waf/requestvalidationmode.py
 8dae5619edafaaceccf1c4eb051c7d22  waf/rsfirewall.py
-2a7b234e903d13b3c21d6c17e05d1c46  waf/safe3.py
+d2d9718de217dd07d9e66b2e6ad61380  waf/safe3.py
 4382cb217354d816580ee07178d0a8c7  waf/safedog.py
 ac0728ddb7a15b46b0eabd78cd661f8c  waf/secureiis.py
 ba37e1c37fa0e3688873f74183a9cb9c  waf/senginx.py
--- a/waf/safe3.py
+++ b/waf/safe3.py
@ -16,9 +16,10 @@ def detect(get_page):
    retval = False

    for vector in WAF_ATTACK_VECTORS:
-        _, headers, _ = get_page(get=vector)
+        page, headers, _ = get_page(get=vector)
        retval = re.search(r"Safe3WAF", headers.get(HTTP_HEADER.X_POWERED_BY, ""), re.I) is not None
        retval |= re.search(r"Safe3 Web Firewall", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
+        retval |= all(_ in (page or "") for _ in ("403 Forbidden", "Safe3waf/"))
        if retval:
            break