diff --git a/lib/core/settings.py b/lib/core/settings.py index 09c4d8860..c3d6200d1 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.3.1.25" +VERSION = "1.3.1.26" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 7f24a66f7..4dab4fa92 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -49,7 +49,7 @@ fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py 9a7d68d5fa01561500423791f15cc676 lib/core/replication.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py -41376018e1ec67c302bb69ded1c2b427 lib/core/settings.py +6696b297ceb42a671f3a326d9e63f99a lib/core/settings.py a8a7501d1e6b21669b858a62e921d191 lib/core/shell.py 5dc606fdf0afefd4b305169c21ab2612 lib/core/subprocessng.py eec3080ba5baca44c6de4595f1c92a0d lib/core/target.py @@ -408,7 +408,7 @@ ca3ab78d6ed53b7f2c07ed2530d47efd udf/postgresql/windows/32/8.4/lib_postgresqlud 742f8c9b7f3a858e11dfd2ce3df65c6e waf/binarysec.py ef8c5db49ad9973b59d6b9b65b001714 waf/blockdos.py 2608fbe2c80fae99bb09db1f93d80cdd waf/bluedon.py -51c13712456699f23324f0a410ce6f93 waf/cerber.py +8385218d8a1863dbfd4274db36880dfe waf/cerber.py 5ae64cad95b7f904c350cc81230c3bd1 waf/chinacache.py a05edf8f2962dfff0457b7a4fd5e169c waf/ciscoacexml.py 2565869c73a9a37f25deb317e8f5d9dd waf/cleantalk.py @@ -421,7 +421,7 @@ e49bb75985f60556b4481dc085f3c62b waf/denyall.py dbe50bbcb1b4664d6cebfcca63e75125 waf/distil.py 886c6502a6a2aae49921efed8d439f7b waf/dotdefender.py a8412619d7f26ed6bc9e0b20a57b2324 waf/edgecast.py -3f440d629b31052e675ee9d48d4ce370 waf/expressionengine.py +b65877b412a4c648aa442116ef94e2af waf/expressionengine.py 588d2f9a8f201e120e74e508564cb487 waf/fortiweb.py 0e9eb20967d2dde941cca8c663a63e1f waf/generic.py 4ea580dd1b9679bd733866976ad5d81e waf/godaddy.py @@ -456,7 +456,7 @@ ba37e1c37fa0e3688873f74183a9cb9c waf/senginx.py 24f1cc66625e58e4c91c0cb4364a2202 waf/sitelock.py a840fcd2bb042694f9aab2859e7c9b30 waf/sonicwall.py 45683bfe7a428f47745416c727a789bd waf/sophos.py -197bae9ee9b7e8d4f77e814a33cfd665 waf/stackpath.py +4a11ba8e5f3995b35f5fc189b8c2692e waf/stackpath.py a0aa5997d0d5db18920840220dc4ad36 waf/stingray.py 74bd52941b606d15f1a6cdc7b52f761c waf/sucuri.py 205beb7ed5e70119f8700a9e295b6a4a waf/tencent.py diff --git a/waf/cerber.py b/waf/cerber.py index 9141b31fd..bccb7f054 100644 --- a/waf/cerber.py +++ b/waf/cerber.py @@ -5,8 +5,6 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ -import re - from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "WP Cerber Security (Cerber Tech)" diff --git a/waf/expressionengine.py b/waf/expressionengine.py index 8d8d0fc6c..85befdc84 100644 --- a/waf/expressionengine.py +++ b/waf/expressionengine.py @@ -5,6 +5,9 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ +import re + +from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "ExpressionEngine (EllisLab)" @@ -13,8 +16,9 @@ def detect(get_page): retval = False for vector in WAF_ATTACK_VECTORS: - page, _, _ = get_page(get=vector) + page, headers, _ = get_page(get=vector) retval = any((page or "").strip() == _ for _ in ("Invalid GET Data", "Invalid URI")) + retval |= re.search(r"\Aexp_last_", headers.get(HTTP_HEADER.SET_COOKIE, ""), re.I) is not None if retval: break diff --git a/waf/stackpath.py b/waf/stackpath.py index 20c1a630e..2e12b9c2a 100644 --- a/waf/stackpath.py +++ b/waf/stackpath.py @@ -5,7 +5,6 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ -from lib.core.enums import HTTP_HEADER from lib.core.settings import WAF_ATTACK_VECTORS __product__ = "StackPath Web Application Firewall (StackPath LLC)"