Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ba7ab21

Browse files
stamparmstamparm
committed
Minor update for vuln testing
1 parent bbf7472 commit ba7ab21

3 files changed

Lines changed: 11 additions & 2 deletions

File tree

extra/vulnserver/vulnserver.py

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@
1616

1717
if sys.version_info >= (3, 0):
1818
from http.client import FOUND
19+
from http.client import INTERNAL_SERVER_ERROR
1920
from http.client import NOT_FOUND
2021
from http.client import OK
2122
from http.server import BaseHTTPRequestHandler
@@ -27,6 +28,7 @@
2728
from BaseHTTPServer import BaseHTTPRequestHandler
2829
from BaseHTTPServer import HTTPServer
2930
from httplib import FOUND
31+
from httplib import INTERNAL_SERVER_ERROR
3032
from httplib import NOT_FOUND
3133
from httplib import OK
3234
from SocketServer import ThreadingMixIn
@@ -85,6 +87,13 @@ def do_REQUEST(self):
8587
if query:
8688
params.update(parse_qs(query))
8789

90+
if "<script>" in unquote_plus(query):
91+
self.send_response(INTERNAL_SERVER_ERROR)
92+
self.send_header("Connection", "close")
93+
self.end_headers()
94+
self.wfile.write("CLOUDFLARE_ERROR_500S_BOX".encode("utf8"))
95+
return
96+
8897
if hasattr(self, "data"):
8998
params.update(parse_qs(self.data))
9099

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@
1717
from lib.core.enums import OS
1818

1919
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
20-
VERSION = "1.3.4.36"
20+
VERSION = "1.3.4.37"
2121
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2222
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2323
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

lib/core/testing.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ def _thread():
6464
thread.start()
6565

6666
for options, checks in (
67-
("--version", ("1.", "#")),
67+
("--identify-waf", ("CloudFlare",)),
6868
("--flush-session", ("Type: boolean-based blind", "Type: time-based blind", "Type: UNION query", "back-end DBMS: SQLite", "3 columns")),
6969
("--banner --schema --dump -T users --binary-fields=surname --where 'id>3'", ("banner: '3", "INTEGER", "TEXT", "id", "name", "surname", "2 entries", "6E616D6569736E756C6C")),
7070
("--all", ("5 entries", "luther", "blisset", "fluffy", "ming", "NULL", "nameisnull")),

0 commit comments

Comments
 (0)