PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Cleaning junk and updating asm.py WAF script

Browse Source
This commit is contained in:
Miroslav Stampar
2019-01-07 14:13:29 +01:00
parent fcfbc5d59f
commit 8ceff3dcc7
4 changed files with 7 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
waf/asm.py
View File

@@ -5,6 +5,8 @@ Copyright (c) 2006-2019 sqlmap developers (http://sqlmap.org/)
See the file 'LICENSE' for copying permission
"""
import re
from lib.core.settings import WAF_ATTACK_VECTORS
__product__ = "Application Security Manager (F5 Networks)"
@@ -13,9 +15,10 @@ def detect(get_page):
retval = False
for vector in WAF_ATTACK_VECTORS:
page, _, _ = get_page(get=vector)
page, headers, code = get_page(get=vector)
retval = "The requested URL was rejected. Please consult with your administrator." in (page or "")
retval |= all(_ in (page or "") for _ in ("This page can't be displayed. Contact support for additional information", "The incident ID is:"))
retval |= (code >= 400) and "ID" in (page or "") and re.search(r"\b\d{19}\b", page or "") is not None
if retval:
break