sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-07-29 09:29:50 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update luanginxwafbypass.py

Browse Source
This commit is contained in:
Jennifer Torres 2018-10-25 11:16:04 +01:00 committed by GitHub
parent bbd7ba9fd0
commit c70818bfc7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
tamper/luanginxwafbypass.py
View File

@ -27,12 +27,18 @@ def randomParameterGenerator(size=6, chars=string.ascii_uppercase + string.digit
output = ''.join(random.choice(chars) for _ in range(size)) output = ''.join(random.choice(chars) for _ in range(size))
return output return output
''' [Tamper] LUA-Nginx WAFs Bypass ''' ''' [Tamper] LUA-Nginx WAF Bypass '''
def tamper(payload, **kwargs): def tamper(payload, **kwargs):
try: try:
headers = kwargs.get("headers", {}) headers = kwargs.get("headers", {})
randomParameter = randomParameterGenerator() randomParameter = randomParameterGenerator()
parameter = conf["testParameter"]
''' Get parameter name to test '''
parameter = conf["testParameter"][0]
if not parameter:
print "\n[-] [ERROR] Add an injectable parameter with -p option (-p param)"
sys.exit(0)
if conf["skipUrlEncode"] != True: if conf["skipUrlEncode"] != True:
print "\n[-] [ERROR] --skip-urlencode option must be activated" print "\n[-] [ERROR] --skip-urlencode option must be activated"