Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1b863ec

Browse files
stamparmstamparm
committed
Far better detection of SecureIIS (WAF)
1 parent ec06037 commit 1b863ec

4 files changed

Lines changed: 14 additions & 9 deletions

File tree

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@
1919
from lib.core.revision import getRevisionNumber
2020

2121
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
22-
VERSION = "1.0.6.49"
22+
VERSION = "1.0.6.50"
2323
REVISION = getRevisionNumber()
2424
STABLE = VERSION.count('.') <= 2
2525
VERSION_STRING = "sqlmap/%s#%s" % (VERSION, "stable" if STABLE else "dev")

waf/generic.py

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -5,8 +5,6 @@
55
See the file 'doc/COPYING' for copying permission
66
"""
77

8-
import re
9-
108
from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
119
from lib.core.settings import WAF_ATTACK_VECTORS
1210

waf/modsecurity.py

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,6 @@ def detect(get_page):
1919
page, headers, code = get_page(get=vector)
2020
retval = code == 501 and re.search(r"Reference #[0-9A-Fa-f.]+", page or "", re.I) is None
2121
retval |= re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
22-
retval |= code == 406 # specific for mod_security (and forks)
2322
retval |= "This error was generated by Mod_Security" in (page or "")
2423
if retval:
2524
break

waf/secureiis.py

Lines changed: 13 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,21 @@
55
See the file 'doc/COPYING' for copying permission
66
"""
77

8-
from lib.core.enums import HTTP_HEADER
8+
import re
9+
10+
from lib.core.settings import WAF_ATTACK_VECTORS
911

1012
__product__ = "SecureIIS Web Server Security (BeyondTrust)"
1113

1214
def detect(get_page):
13-
_, _, code = get_page()
14-
retval = code != 404
15-
_, _, code = get_page(auxHeaders={HTTP_HEADER.TRANSFER_ENCODING: 'a' * 1025, HTTP_HEADER.ACCEPT_ENCODING: "identity"})
16-
retval = retval and code == 404
15+
retval = False
16+
17+
for vector in WAF_ATTACK_VECTORS:
18+
page, _, _ = get_page(get=vector)
19+
retval = re.search(r"SecureIIS[^<]+Web Server Protection", page or "") is not None
20+
retval |= "http://www.eeye.com/SecureIIS/" in (page or "")
21+
retval |= "?subject=SecureIIS Error" in (page or "")
22+
if retval:
23+
break
24+
1725
return retval

0 commit comments

Comments
 (0)