mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
Minor patch (disable tamper script usage in WAF/IDS/IPS check phase)
This commit is contained in:
parent
c634f0b0d6
commit
a8cb14ed4a
|
@ -1359,7 +1359,7 @@ def checkWaf():
|
|||
conf.timeout = IDS_WAF_CHECK_TIMEOUT
|
||||
|
||||
try:
|
||||
retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True)[1] < IDS_WAF_CHECK_RATIO
|
||||
retVal = Request.queryPage(place=place, value=value, getRatioValue=True, noteResponseTime=False, silent=True, disableTampering=True)[1] < IDS_WAF_CHECK_RATIO
|
||||
except SqlmapConnectionException:
|
||||
retVal = True
|
||||
finally:
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.2.4.12"
|
||||
VERSION = "1.2.4.13"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -770,7 +770,7 @@ class Connect(object):
|
|||
|
||||
@staticmethod
|
||||
@stackedmethod
|
||||
def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True):
|
||||
def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True, disableTampering=False):
|
||||
"""
|
||||
This method calls a function to get the target URL page content
|
||||
and returns its page ratio (0 <= ratio <= 1) or a boolean value
|
||||
|
@ -817,7 +817,7 @@ class Connect(object):
|
|||
conf.httpHeaders.append((HTTP_HEADER.CONTENT_TYPE, contentType))
|
||||
|
||||
if payload:
|
||||
if kb.tamperFunctions:
|
||||
if not disableTampering and kb.tamperFunctions:
|
||||
for function in kb.tamperFunctions:
|
||||
try:
|
||||
payload = function(payload=payload, headers=auxHeaders)
|
||||
|
|
|
@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py
|
|||
1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py
|
||||
b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py
|
||||
0f581182871148b0456a691ae85b04c0 lib/controller/action.py
|
||||
5084b16b037ed8d29f594f6113fe78e3 lib/controller/checks.py
|
||||
56d325f83671146c28ac300ff553420f lib/controller/checks.py
|
||||
c414cecdb0472c92cf50ed5b01e4438c lib/controller/controller.py
|
||||
c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py
|
||||
1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py
|
||||
|
@ -46,7 +46,7 @@ c9a56e58984420a5abb7a3f7aadc196d lib/core/optiondict.py
|
|||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||
16bc4ff0ccd5121f1b90016b5d759ef6 lib/core/settings.py
|
||||
8a247c468eef23045b8537d4ff98d823 lib/core/settings.py
|
||||
0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py
|
||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||
a35efa7bec9f1e6cedf17c9830a79241 lib/core/target.py
|
||||
|
@ -68,7 +68,7 @@ ec4e56bbb1349176b2a22e0b99ba6a55 lib/parse/payloads.py
|
|||
30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py
|
||||
7e8e0a3fdebbe443832c1bab2f8d3869 lib/request/basic.py
|
||||
c0cabedead14b8a23353b606672cff42 lib/request/comparison.py
|
||||
18052b8924b77eb2e772350b262aae88 lib/request/connect.py
|
||||
1865164621eb94c9c231006765065c17 lib/request/connect.py
|
||||
dd4598675027fae99f2e2475b05986da lib/request/direct.py
|
||||
2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py
|
||||
eee965d781546d05f36cfd14af050913 lib/request/httpshandler.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user