sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 11:45:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

Trivial renaming update

Browse Source
This commit is contained in:
Miroslav Stampar 2019-01-26 12:36:03 +01:00
parent 4b5457903a
commit e01a7908aa
5 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/controller/checks.py
View File

@ -86,7 +86,7 @@ from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
from lib.core.settings import FI_ERROR_REGEX from lib.core.settings import FI_ERROR_REGEX
from lib.core.settings import FORMAT_EXCEPTION_STRINGS from lib.core.settings import FORMAT_EXCEPTION_STRINGS
from lib.core.settings import HEURISTIC_CHECK_ALPHABET from lib.core.settings import HEURISTIC_CHECK_ALPHABET
from lib.core.settings import IDS_WAF_CHECK_PAYLOAD from lib.core.settings import IPS_WAF_CHECK_PAYLOAD
from lib.core.settings import IDS_WAF_CHECK_RATIO from lib.core.settings import IDS_WAF_CHECK_RATIO
from lib.core.settings import IDS_WAF_CHECK_TIMEOUT from lib.core.settings import IDS_WAF_CHECK_TIMEOUT
from lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH from lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH
@ -1353,7 +1353,7 @@ def checkWaf():
logger.info(infoMsg) logger.info(infoMsg)
retVal = False retVal = False
payload = "%d %s" % (randomInt(), IDS_WAF_CHECK_PAYLOAD) payload = "%d %s" % (randomInt(), IPS_WAF_CHECK_PAYLOAD)
if PLACE.URI in conf.parameters: if PLACE.URI in conf.parameters:
place = PLACE.POST place = PLACE.POST

6
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.1.74" VERSION = "1.3.1.75"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -536,7 +536,7 @@ CHECK_INTERNET_ADDRESS = "https://ipinfo.io/"
CHECK_INTERNET_VALUE = "IP Address Details" CHECK_INTERNET_VALUE = "IP Address Details"
# Payload used for checking of existence of WAF/IPS (dummier the better) # Payload used for checking of existence of WAF/IPS (dummier the better)
IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#" IPS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"
# Vectors used for provoking specific WAF/IPS behavior(s) # Vectors used for provoking specific WAF/IPS behavior(s)
WAF_ATTACK_VECTORS = ( WAF_ATTACK_VECTORS = (
@ -544,7 +544,7 @@ WAF_ATTACK_VECTORS = (
"search=<script>alert(1)</script>", "search=<script>alert(1)</script>",
"file=../../../../etc/passwd", "file=../../../../etc/passwd",
"q=<invalid>foobar", "q=<invalid>foobar",
"id=1 %s" % IDS_WAF_CHECK_PAYLOAD "id=1 %s" % IPS_WAF_CHECK_PAYLOAD
) )
# Used for status representation in dictionary attack phase # Used for status representation in dictionary attack phase

4
lib/request/connect.py
View File

@ -103,7 +103,7 @@ from lib.core.settings import MAX_MURPHY_SLEEP_TIME
from lib.core.settings import META_REFRESH_REGEX from lib.core.settings import META_REFRESH_REGEX
from lib.core.settings import MIN_TIME_RESPONSES from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import MAX_TIME_RESPONSES from lib.core.settings import MAX_TIME_RESPONSES
from lib.core.settings import IDS_WAF_CHECK_PAYLOAD from lib.core.settings import IPS_WAF_CHECK_PAYLOAD
from lib.core.settings import IS_WIN from lib.core.settings import IS_WIN
from lib.core.settings import LARGE_CHUNK_TRIM_MARKER from lib.core.settings import LARGE_CHUNK_TRIM_MARKER
from lib.core.settings import PAYLOAD_DELIMITER from lib.core.settings import PAYLOAD_DELIMITER
@ -1284,7 +1284,7 @@ class Connect(object):
if conf.secondUrl: if conf.secondUrl:
page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True) page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True)
elif kb.secondReq and IDS_WAF_CHECK_PAYLOAD not in urllib.unquote(value or ""): elif kb.secondReq and IPS_WAF_CHECK_PAYLOAD not in urllib.unquote(value or ""):
def _(value): def _(value):
if kb.customInjectionMark in (value or ""): if kb.customInjectionMark in (value or ""):
if payload is None: if payload is None:

8
txt/checksum.md5
View File

@ -24,7 +24,7 @@ fb6be55d21a70765e35549af2484f762 extra/sqlharvest/__init__.py
fb6be55d21a70765e35549af2484f762 extra/wafdetectify/__init__.py fb6be55d21a70765e35549af2484f762 extra/wafdetectify/__init__.py
aec73042403993076f478da48066a79e extra/wafdetectify/wafdetectify.py aec73042403993076f478da48066a79e extra/wafdetectify/wafdetectify.py
ec782b9cdb8d857a80b6ecf0f32db7f4 lib/controller/action.py ec782b9cdb8d857a80b6ecf0f32db7f4 lib/controller/action.py
9f12e798cb9b194a61f8e278c689fb22 lib/controller/checks.py d392dbccdb59ac36530c1182675a2609 lib/controller/checks.py
b37a93767459162b30798bd9732a12a3 lib/controller/controller.py b37a93767459162b30798bd9732a12a3 lib/controller/controller.py
c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py c1da277517c7ec4c23e953a51b51e203 lib/controller/handler.py
fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py fb6be55d21a70765e35549af2484f762 lib/controller/__init__.py
@ -50,7 +50,7 @@ fe370021c6bc99daf44b2bfc0d1effb3 lib/core/patch.py
7d8a22c582ad201f65b73225e4456170 lib/core/replication.py 7d8a22c582ad201f65b73225e4456170 lib/core/replication.py
3179d34f371e0295dd4604568fb30bcd lib/core/revision.py 3179d34f371e0295dd4604568fb30bcd lib/core/revision.py
d6269c55789f78cf707e09a0f5b45443 lib/core/session.py d6269c55789f78cf707e09a0f5b45443 lib/core/session.py
f59bb60ed2e0a30ed73b1ff174e2d950 lib/core/settings.py 4452b55a638f30718bddea46b64db046 lib/core/settings.py
4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py 4483b4a5b601d8f1c4281071dff21ecc lib/core/shell.py
10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py 10fd19b0716ed261e6d04f311f6f527c lib/core/subprocessng.py
9c7b5c6397fb3da33e7a4d7876d159c6 lib/core/target.py 9c7b5c6397fb3da33e7a4d7876d159c6 lib/core/target.py
@ -72,7 +72,7 @@ adcecd2d6a8667b22872a563eb83eac0 lib/parse/payloads.py
e4ea70bcd461f5176867dcd89d372386 lib/request/basicauthhandler.py e4ea70bcd461f5176867dcd89d372386 lib/request/basicauthhandler.py
97b7577fdfe3d8537fe9ea3a070d0507 lib/request/basic.py 97b7577fdfe3d8537fe9ea3a070d0507 lib/request/basic.py
fc25d951217077fe655ed2a3a81552ae lib/request/comparison.py fc25d951217077fe655ed2a3a81552ae lib/request/comparison.py
27927a37edfa9c2dfb6e5de9e859d10f lib/request/connect.py 28faffc0aeb0d8a3e78063f195488536 lib/request/connect.py
7cba86090b02558f04c6692cef66e772 lib/request/direct.py 7cba86090b02558f04c6692cef66e772 lib/request/direct.py
2b7509ba38a667c61cefff036ec4ca6f lib/request/dns.py 2b7509ba38a667c61cefff036ec4ca6f lib/request/dns.py
ceac6b3bf1f726f8ff43c6814e9d7281 lib/request/httpshandler.py ceac6b3bf1f726f8ff43c6814e9d7281 lib/request/httpshandler.py
@ -422,7 +422,7 @@ af079de99a8ec6988d28aa4c0aa32cf9 waf/cloudbric.py
a8412619d7f26ed6bc9e0b20a57b2324 waf/edgecast.py a8412619d7f26ed6bc9e0b20a57b2324 waf/edgecast.py
5df01dde939c0d22bc163730873e9854 waf/expressionengine.py 5df01dde939c0d22bc163730873e9854 waf/expressionengine.py
588d2f9a8f201e120e74e508564cb487 waf/fortiweb.py 588d2f9a8f201e120e74e508564cb487 waf/fortiweb.py
0e9eb20967d2dde941cca8c663a63e1f waf/generic.py 447f6d63b6f691a852ca198afaaac4a6 waf/generic.py
4ea580dd1b9679bd733866976ad5d81e waf/godaddy.py 4ea580dd1b9679bd733866976ad5d81e waf/godaddy.py
27385b15477031a3aff25df601a1ff51 waf/greywizard.py 27385b15477031a3aff25df601a1ff51 waf/greywizard.py
256a7ea2c1cd2745fe788cf8f6123f8a waf/imunify360.py 256a7ea2c1cd2745fe788cf8f6123f8a waf/imunify360.py

4
waf/generic.py
View File

@ -9,7 +9,7 @@ import re
from lib.core.data import kb from lib.core.data import kb
from lib.core.settings import GENERIC_PROTECTION_REGEX from lib.core.settings import GENERIC_PROTECTION_REGEX
from lib.core.settings import IDS_WAF_CHECK_PAYLOAD from lib.core.settings import IPS_WAF_CHECK_PAYLOAD
from lib.core.settings import WAF_ATTACK_VECTORS from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "Generic (Unknown)" __product__ = "Generic (Unknown)"
@ -24,7 +24,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS: for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector) page, headers, code = get_page(get=vector)
if code >= 400 or (IDS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))): if code >= 400 or (IPS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
if code is not None: if code is not None:
kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in (headers.headers if headers else {}) or [] if not _.startswith("URI")), page) kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in (headers.headers if headers else {}) or [] if not _.startswith("URI")), page)