Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0f9c819

Browse files
stamparmstamparm
committed
Implementation on request
1 parent d12b65d commit 0f9c819

6 files changed

Lines changed: 28 additions & 8 deletions

File tree

lib/controller/checks.py

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,10 +7,12 @@
77

88
import copy
99
import httplib
10+
import os
1011
import random
1112
import re
1213
import socket
1314
import subprocess
15+
import tempfile
1416
import time
1517

1618
from extra.beep.beep import beep
@@ -30,6 +32,7 @@
3032
from lib.core.common import hashDBWrite
3133
from lib.core.common import intersect
3234
from lib.core.common import listToStrValue
35+
from lib.core.common import openFile
3336
from lib.core.common import parseFilePaths
3437
from lib.core.common import popValue
3538
from lib.core.common import pushValue
@@ -55,6 +58,7 @@
5558
from lib.core.enums import HEURISTIC_TEST
5659
from lib.core.enums import HTTP_HEADER
5760
from lib.core.enums import HTTPMETHOD
61+
from lib.core.enums import MKSTEMP_PREFIX
5862
from lib.core.enums import NOTE
5963
from lib.core.enums import NULLCONNECTION
6064
from lib.core.enums import PAYLOAD
@@ -1384,6 +1388,18 @@ def _(*args, **kwargs):
13841388
retVal.append(product)
13851389

13861390
if retVal:
1391+
if kb.wafSpecificResponse and len(retVal) == 1 and "unknown" in retVal[0].lower():
1392+
handle, filename = tempfile.mkstemp(prefix=MKSTEMP_PREFIX.SPECIFIC_RESPONSE)
1393+
os.close(handle)
1394+
with openFile(filename, "w+b") as f:
1395+
f.write(kb.wafSpecificResponse)
1396+
1397+
message = "WAF/IPS/IDS specific response can be found in '%s'. " % filename
1398+
message += "If you know the details on used protection please "
1399+
message += "report it along with specific response "
1400+
message += "to '[email protected]'"
1401+
logger.warn(message)
1402+
13871403
message = "are you sure that you want to "
13881404
message += "continue with further target testing? [y/N] "
13891405
choice = readInput(message, default='N', boolean=True)

lib/core/enums.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -369,6 +369,7 @@ class MKSTEMP_PREFIX:
369369
RESULTS = "sqlmapresults-"
370370
COOKIE_JAR = "sqlmapcookiejar-"
371371
BIG_ARRAY = "sqlmapbigarray-"
372+
SPECIFIC_RESPONSE = "sqlmapresponse-"
372373

373374
class TIMEOUT_STATE:
374375
NORMAL = 0

lib/core/option.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2019,6 +2019,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
20192019
kb.tableExistsChoice = None
20202020
kb.uChar = NULL
20212021
kb.unionDuplicates = False
2022+
kb.wafSpecificResponse = None
20222023
kb.xpCmdshellAvailable = False
20232024

20242025
if flushAll:

lib/core/settings.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.enums import OS
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.1.7.22"
22+
VERSION = "1.1.7.23"
2323
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2424
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2525
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -633,7 +633,7 @@
633633
CHECK_ZERO_COLUMNS_THRESHOLD = 10
634634

635635
# Boldify all logger messages containing these "patterns"
636-
BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA")
636+
BOLD_PATTERNS = ("' injectable", "provided empty", "leftover chars", "might be injectable", "' is vulnerable", "is not injectable", "does not seem to be", "test failed", "test passed", "live test final result", "test shows that", "the back-end DBMS is", "created Github", "blocked by the target server", "protection is involved", "CAPTCHA", "specific response")
637637

638638
# Generic www root directory names
639639
GENERIC_DOC_ROOT_DIRECTORY_NAMES = ("htdocs", "httpdocs", "public", "wwwroot", "www")

txt/checksum.md5

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,7 @@ c55b400b72acc43e0e59c87dd8bb8d75 extra/shellcodeexec/windows/shellcodeexec.x32.
2121
310efc965c862cfbd7b0da5150a5ad36 extra/sqlharvest/__init__.py
2222
7713aa366c983cdf1f3dbaa7383ea9e1 extra/sqlharvest/sqlharvest.py
2323
7afe836fd97271ccba67b4c0da2482ff lib/controller/action.py
24-
e711f036d9c561cdb04aec62f872e170 lib/controller/checks.py
24+
2f410ced3f93932699a046c1b704ef3b lib/controller/checks.py
2525
a66093c734c7f94ecdf94d882c2d8b89 lib/controller/controller.py
2626
a97df93b552ee4e4ba3692eae870de7c lib/controller/handler.py
2727
310efc965c862cfbd7b0da5150a5ad36 lib/controller/__init__.py
@@ -35,18 +35,18 @@ a8143dab9d3a27490f7d49b6b29ea530 lib/core/data.py
3535
94b06df2dfd9f6c7a2ad3f04a846b686 lib/core/defaults.py
3636
7309cf449b009723d1a4655fcf1a96d7 lib/core/dicts.py
3737
65b9187de3d8c9c28ddab53ef2b399bc lib/core/dump.py
38-
b9ff4e622c416116bee6024c0f050349 lib/core/enums.py
38+
c8553b821a2089cb8ddd39ae661f25fc lib/core/enums.py
3939
a44d7a4cc6c9a67a72d6af2f25f4ddac lib/core/exception.py
4040
310efc965c862cfbd7b0da5150a5ad36 lib/core/__init__.py
4141
9ba39bf66e9ecd469446bdbbeda906c3 lib/core/log.py
4242
5a34a1be62eab520cacc197b5eacda39 lib/core/optiondict.py
43-
f664e993a4e4d0f8b3153778bec49794 lib/core/option.py
43+
fbf750dc617c3549ee423d6c2334ba4d lib/core/option.py
4444
5f2f56e6c5f274408df61943f1e080c0 lib/core/profiling.py
4545
40be71cd774662a7b420caeb7051e7d5 lib/core/readlineng.py
4646
d8e9250f3775119df07e9070eddccd16 lib/core/replication.py
4747
785f86e3f963fa3798f84286a4e83ff2 lib/core/revision.py
4848
40c80b28b3a5819b737a5a17d4565ae9 lib/core/session.py
49-
abde6355f9cd07ba43b7f35b3068eb1f lib/core/settings.py
49+
947bd803e9e364f0511cace7f4fb97dc lib/core/settings.py
5050
d91291997d2bd2f6028aaf371bf1d3b6 lib/core/shell.py
5151
2ad85c130cc5f2b3701ea85c2f6bbf20 lib/core/subprocessng.py
5252
080dad10c8350a66fd5321935b53fa70 lib/core/target.py
@@ -402,7 +402,7 @@ ab6f6e3169cb43efcf5b6ed84b58252f waf/comodo.py
402402
e4b058d759198216d24f8fed6ef97be4 waf/edgecast.py
403403
f633953970fb181b9ac5420a47e6a610 waf/expressionengine.py
404404
1df78b6ad49259514cb6e4d68371cbcf waf/fortiweb.py
405-
ef151fbc34f16620958ba61dd415ae59 waf/generic.py
405+
a63bc52b39a7fac38a8a3adee1545851 waf/generic.py
406406
d50e17ed49e1a3cb846e652ed98e3b3c waf/hyperguard.py
407407
5b5382ccfb82ee6afdc1b47c8a4bce70 waf/incapsula.py
408408
310efc965c862cfbd7b0da5150a5ad36 waf/__init__.py

waf/generic.py

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,6 +5,7 @@
55
See the file 'doc/COPYING' for copying permission
66
"""
77

8+
from lib.core.option import kb
89
from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
910
from lib.core.settings import WAF_ATTACK_VECTORS
1011

@@ -13,14 +14,15 @@
1314
def detect(get_page):
1415
retval = False
1516

16-
page, _, code = get_page()
17+
page, headers, code = get_page()
1718
if page is None or code >= 400:
1819
return False
1920

2021
for vector in WAF_ATTACK_VECTORS:
2122
page, _, code = get_page(get=vector)
2223

2324
if code >= 400 or IDS_WAF_CHECK_PAYLOAD in vector and code is None:
25+
kb.wafSpecificResponse = "HTTP/1.1 %s\n%s\n%s" % (code, "".join(_ for _ in headers.headers or [] if not _.startswith("URI")), page)
2426
retval = True
2527
break
2628

0 commit comments

Comments
 (0)