Trivial renaming update

2025-03-03 11:45:46 +03:00 · 2019-01-26 12:36:03 +01:00 · 2019-01-26 12:36:03 +01:00 · e01a7908aa
commit e01a7908aa
parent 4b5457903a
5 changed files with 13 additions and 13 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -86,7 +86,7 @@ from lib.core.settings import DUMMY_NON_SQLI_CHECK_APPENDIX
 from lib.core.settings import FI_ERROR_REGEX
 from lib.core.settings import FORMAT_EXCEPTION_STRINGS
 from lib.core.settings import HEURISTIC_CHECK_ALPHABET
-from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
+from lib.core.settings import IPS_WAF_CHECK_PAYLOAD
 from lib.core.settings import IDS_WAF_CHECK_RATIO
 from lib.core.settings import IDS_WAF_CHECK_TIMEOUT
 from lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH
@ -1353,7 +1353,7 @@ def checkWaf():
    logger.info(infoMsg)

    retVal = False
-    payload = "%d %s" % (randomInt(), IDS_WAF_CHECK_PAYLOAD)
+    payload = "%d %s" % (randomInt(), IPS_WAF_CHECK_PAYLOAD)

    if PLACE.URI in conf.parameters:
        place = PLACE.POST
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.1.74"
+VERSION = "1.3.1.75"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@ -536,7 +536,7 @@ CHECK_INTERNET_ADDRESS = "https://ipinfo.io/"
 CHECK_INTERNET_VALUE = "IP Address Details"

 # Payload used for checking of existence of WAF/IPS (dummier the better)
-IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"
+IPS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,NULL,'<script>alert(\"XSS\")</script>',table_name FROM information_schema.tables WHERE 2>1--/**/; EXEC xp_cmdshell('cat ../../../etc/passwd')#"

 # Vectors used for provoking specific WAF/IPS behavior(s)
 WAF_ATTACK_VECTORS = (
@ -544,7 +544,7 @@ WAF_ATTACK_VECTORS = (
    "search=<script>alert(1)</script>",
    "file=../../../../etc/passwd",
    "q=<invalid>foobar",
-    "id=1 %s" % IDS_WAF_CHECK_PAYLOAD
+    "id=1 %s" % IPS_WAF_CHECK_PAYLOAD
 )

 # Used for status representation in dictionary attack phase
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -103,7 +103,7 @@ from lib.core.settings import MAX_MURPHY_SLEEP_TIME
 from lib.core.settings import META_REFRESH_REGEX
 from lib.core.settings import MIN_TIME_RESPONSES
 from lib.core.settings import MAX_TIME_RESPONSES
-from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
+from lib.core.settings import IPS_WAF_CHECK_PAYLOAD
 from lib.core.settings import IS_WIN
 from lib.core.settings import LARGE_CHUNK_TRIM_MARKER
 from lib.core.settings import PAYLOAD_DELIMITER
@ -1284,7 +1284,7 @@ class Connect(object):

        if conf.secondUrl:
            page, headers, code = Connect.getPage(url=conf.secondUrl, cookie=cookie, ua=ua, silent=silent, auxHeaders=auxHeaders, response=response, raise404=False, ignoreTimeout=timeBasedCompare, refreshing=True)
-        elif kb.secondReq and IDS_WAF_CHECK_PAYLOAD not in urllib.unquote(value or ""):
+        elif kb.secondReq and IPS_WAF_CHECK_PAYLOAD not in urllib.unquote(value or ""):
            def _(value):
                if kb.customInjectionMark in (value or ""):
                    if payload is None:
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@ -24,7 +24,7 @@ fb6be55d21a70765e35549af2484f762  extra/sqlharvest/__init__.py
 fb6be55d21a70765e35549af2484f762  extra/wafdetectify/__init__.py
 aec73042403993076f478da48066a79e  extra/wafdetectify/wafdetectify.py
 ec782b9cdb8d857a80b6ecf0f32db7f4  lib/controller/action.py
-9f12e798cb9b194a61f8e278c689fb22  lib/controller/checks.py
+d392dbccdb59ac36530c1182675a2609  lib/controller/checks.py
 b37a93767459162b30798bd9732a12a3  lib/controller/controller.py
 c1da277517c7ec4c23e953a51b51e203  lib/controller/handler.py
 fb6be55d21a70765e35549af2484f762  lib/controller/__init__.py
@ -50,7 +50,7 @@ fe370021c6bc99daf44b2bfc0d1effb3  lib/core/patch.py
 7d8a22c582ad201f65b73225e4456170  lib/core/replication.py
 3179d34f371e0295dd4604568fb30bcd  lib/core/revision.py
 d6269c55789f78cf707e09a0f5b45443  lib/core/session.py
-f59bb60ed2e0a30ed73b1ff174e2d950  lib/core/settings.py
+4452b55a638f30718bddea46b64db046  lib/core/settings.py
 4483b4a5b601d8f1c4281071dff21ecc  lib/core/shell.py
 10fd19b0716ed261e6d04f311f6f527c  lib/core/subprocessng.py
 9c7b5c6397fb3da33e7a4d7876d159c6  lib/core/target.py
@ -72,7 +72,7 @@ adcecd2d6a8667b22872a563eb83eac0  lib/parse/payloads.py
 e4ea70bcd461f5176867dcd89d372386  lib/request/basicauthhandler.py
 97b7577fdfe3d8537fe9ea3a070d0507  lib/request/basic.py
 fc25d951217077fe655ed2a3a81552ae  lib/request/comparison.py
-27927a37edfa9c2dfb6e5de9e859d10f  lib/request/connect.py
+28faffc0aeb0d8a3e78063f195488536  lib/request/connect.py
 7cba86090b02558f04c6692cef66e772  lib/request/direct.py
 2b7509ba38a667c61cefff036ec4ca6f  lib/request/dns.py
 ceac6b3bf1f726f8ff43c6814e9d7281  lib/request/httpshandler.py
@ -422,7 +422,7 @@ af079de99a8ec6988d28aa4c0aa32cf9  waf/cloudbric.py
 a8412619d7f26ed6bc9e0b20a57b2324  waf/edgecast.py
 5df01dde939c0d22bc163730873e9854  waf/expressionengine.py
 588d2f9a8f201e120e74e508564cb487  waf/fortiweb.py
-0e9eb20967d2dde941cca8c663a63e1f  waf/generic.py
+447f6d63b6f691a852ca198afaaac4a6  waf/generic.py
 4ea580dd1b9679bd733866976ad5d81e  waf/godaddy.py
 27385b15477031a3aff25df601a1ff51  waf/greywizard.py
 256a7ea2c1cd2745fe788cf8f6123f8a  waf/imunify360.py
--- a/waf/generic.py
+++ b/waf/generic.py
@ -9,7 +9,7 @@ import re

 from lib.core.data import kb
 from lib.core.settings import GENERIC_PROTECTION_REGEX
-from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
+from lib.core.settings import IPS_WAF_CHECK_PAYLOAD
 from lib.core.settings import WAF_ATTACK_VECTORS

 __product__ = "Generic (Unknown)"
@ -24,7 +24,7 @@ def detect(get_page):
    for vector in WAF_ATTACK_VECTORS:
        page, headers, code = get_page(get=vector)

-        if code >= 400 or (IDS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
+        if code >= 400 or (IPS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))):
            if code is not None:
                kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in (headers.headers if headers else {}) or [] if not _.startswith("URI")), page)