diff --git a/lib/core/settings.py b/lib/core/settings.py index 4e3cffcfb..26f33bd3a 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.1.12.21" +VERSION = "1.1.12.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -84,6 +84,9 @@ TEXT_CONTENT_TYPE_REGEX = r"(?i)(text|form|message|xml|javascript|ecmascript|jso # Regular expression used for recognition of generic permission messages PERMISSION_DENIED_REGEX = r"(command|permission|access)\s*(was|is)?\s*denied" +# Regular expression used in recognition of generic protection mechanisms +GENERIC_PROTECTION_REGEX = r"(?i)\b(rejected|blocked|protection|incident|denied|detected|dangerous|firewall)\b" + # Regular expression used for recognition of generic maximum connection messages MAX_CONNECTIONS_REGEX = r"\bmax.+?\bconnection" diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 9c8b8b95c..b92d7deb3 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -46,7 +46,7 @@ f872699e948d0692ce11b54781da814c lib/core/log.py 760d9df2a27ded29109b390ab202e72d lib/core/replication.py a2466b62e67f8b31736bac4dac590e51 lib/core/revision.py 02d4762140a72fd44668d3dab5eabda9 lib/core/session.py -8876dee2d5d1f9efbb520c78849b9a3a lib/core/settings.py +ea5aa15bc9cc2d2dc1b68c6e8121b650 lib/core/settings.py 35bffbad762eb9e03db9e93b1c991103 lib/core/shell.py a59ec28371ae067a6fdd8f810edbee3d lib/core/subprocessng.py d93501771b41315f9fb949305b6ed257 lib/core/target.py @@ -407,7 +407,7 @@ d3aa7e5b222811f90c75aa8a0db509a3 waf/dosarrest.py f4883f1443676f5291b1ef3e2cf0cbfd waf/edgecast.py cd558b27d5bc4e42fcd5571d8c9c3a10 waf/expressionengine.py 6ccb307f53f878eacf9d08d0e97738e2 waf/fortiweb.py -daf5235e066e18c0d9ba9f9b5bc9e47b waf/generic.py +37c81331b70c755610a5c70ead8fc7b6 waf/generic.py 200d859893c4e84fbae9c32d5099ab65 waf/hyperguard.py ced90975810f7f68103d38523567ab3f waf/incapsula.py 5fb9aaf874daa47ea2b672a22740e56b waf/__init__.py diff --git a/waf/generic.py b/waf/generic.py index 8b57e9056..fa769372e 100644 --- a/waf/generic.py +++ b/waf/generic.py @@ -5,7 +5,10 @@ Copyright (c) 2006-2017 sqlmap developers (http://sqlmap.org/) See the file 'LICENSE' for copying permission """ -from lib.core.option import kb +import re + +from lib.core.data import kb +from lib.core.settings import GENERIC_PROTECTION_REGEX from lib.core.settings import IDS_WAF_CHECK_PAYLOAD from lib.core.settings import WAF_ATTACK_VECTORS @@ -14,14 +17,14 @@ __product__ = "Generic (Unknown)" def detect(get_page): retval = False - page, headers, code = get_page() - if page is None or code >= 400: + original, _, code = get_page() + if original is None or code >= 400: return False for vector in WAF_ATTACK_VECTORS: - page, _, code = get_page(get=vector) + page, headers, code = get_page(get=vector) - if code >= 400 or IDS_WAF_CHECK_PAYLOAD in vector and code is None: + if code >= 400 or (IDS_WAF_CHECK_PAYLOAD in vector and (code is None or re.search(GENERIC_PROTECTION_REGEX, page or "") and not re.search(GENERIC_PROTECTION_REGEX, original or ""))): if code is not None: kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in headers.headers or [] if not _.startswith("URI")), page)