PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Adding new WAF scripts

Browse Source
This commit is contained in:
Miroslav Stampar
2019-01-07 01:21:07 +01:00
parent 30497acd0c
commit 54d0678cbe
6 changed files with 58 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
waf/modsecurity.py
View File

@@ -18,7 +18,7 @@ def detect(get_page):
for vector in WAF_ATTACK_VECTORS:
page, headers, code = get_page(get=vector)
retval = re.search(r"Mod_Security|NOYB", headers.get(HTTP_HEADER.SERVER, ""), re.I) is not None
retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "The page you are trying to access is restricted due to a security rule"))
retval |= any(_ in (page or "") for _ in ("This error was generated by Mod_Security", "One or more things in your request were suspicious", "rules of the mod_security module", "The page you are trying to access is restricted due to a security rule", "Protected by Mod Security"))
if retval:
break