diff --git a/lib/core/settings.py b/lib/core/settings.py index 32ce8db7c..8872e8374 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.1.41" +VERSION = "1.3.1.42" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 72dff6815..b774dc306 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py 9a7d68d5fa01561500423791f15cc676 lib/core/replication.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py -df03aea681ed80e9850697b60db1b0eb lib/core/settings.py +da97136510824fdec55455dde8c674c3 lib/core/settings.py a8a7501d1e6b21669b858a62e921d191 lib/core/shell.py 5dc606fdf0afefd4b305169c21ab2612 lib/core/subprocessng.py eec3080ba5baca44c6de4595f1c92a0d lib/core/target.py @@ -429,7 +429,7 @@ fb6be55d21a70765e35549af2484f762 waf/__init__.py a3ee375714987acccc26d1b07c2e8af7 waf/isaserver.py ce9cf35919a92d65347bb74ca0c5c86f waf/jiasule.py f44ed04eeb4287c11ce277703ec7d72d waf/knownsec.py -d50d82bec48814eb5b699d302dbdae9a waf/kona.py +8c3977c543ca4ec6d4231f604217cf94 waf/kona.py d4f36e44f496f4d51baa3241eabc60fd waf/malcare.py 4397c299d27a500851726444fb89759e waf/modsecurity.py 78af8e791207db9723a14bddeb7524af waf/naxsi.py @@ -459,6 +459,7 @@ a840fcd2bb042694f9aab2859e7c9b30 waf/sonicwall.py 205beb7ed5e70119f8700a9e295b6a4a waf/tencent.py ef6f83952ce6b5a7bbb19f9b903af2b6 waf/teros.py ba0fb1e6b815446b9d6f30950900fc80 waf/trafficshield.py +1c15216824f96e23a76591ac29eb6d7d waf/urlmaster.py 876c746d96193071271cb8b7e00e1422 waf/urlscan.py 80314083009c87d32bf32d84e8bbb7be waf/varnish.py 455bb16f552e7943e0a5cf35e83a74ea waf/virusdie.py diff --git a/waf/kona.py b/waf/kona.py index be124a92c..c6c8bfaf8 100644 --- a/waf/kona.py +++ b/waf/kona.py @@ -17,8 +17,7 @@ def detect(get_page): for vector in WAF_ATTACK_VECTORS: page, headers, code = get_page(get=vector) - retval = code in (400, 403, 501) and all(_ in (page or "") for _ in ("Access Denied", "You don't have permission to access", "on this server", "Reference")) - retval |= re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None + retval = code >= 400 and re.search(r"AkamaiGHost", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None if retval: break diff --git a/waf/urlmaster.py b/waf/urlmaster.py new file mode 100644 index 000000000..65d31c03b --- /dev/null +++ b/waf/urlmaster.py @@ -0,0 +1,21 @@ +#!/usr/bin/env python + +""" +Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) +See the file 'LICENSE' for copying permission +""" + +from lib.core.settings import WAF_ATTACK_VECTORS + +__product__ = "Url Master SecurityCheck (iFinity/DotNetNuke)" + +def detect(get_page): + retval = False + + for vector in WAF_ATTACK_VECTORS: + page, _, code = get_page(get=vector) + retval = code >= 400 and all(_ in (page or "") for _ in ("UrlMaster", "UrlRewriteModule", "SecurityCheck")) + if retval: + break + + return retval