Finalizing implementation for an Issue #290

2025-12-07 13:11:29 +00:00 · 2013-02-21 14:33:12 +01:00
parent 6a2129268d
commit 8e49872d7c
22 changed files with 344 additions and 25 deletions
--- a/waf/denyall.py
+++ b/waf/denyall.py
@@ -0,0 +1,26 @@
+#!/usr/bin/env python
+
+"""
+Copyright (c) 2006-2013 sqlmap developers (http://sqlmap.org/)
+See the file 'doc/COPYING' for copying permission
+"""
+
+import re
+
+from lib.core.enums import HTTPHEADER
+from lib.core.settings import WAF_ATTACK_VECTORS
+
+__product__ = "Deny All Web Application Firewall (DenyAll)"
+
+def detect(get_page):
+    page, headers, code = get_page()
+    retval = re.search(r"\Asessioncookie=", headers.get(HTTPHEADER.SET_COOKIE, ""), re.I) is not None
+
+    if not retval:
+        for vector in WAF_ATTACK_VECTORS:
+            page, headers, code = get_page(get=vector)
+            retval = code == 200 and re.search(r"\ACondition Intercepted", page, re.I) is not None
+            if retval:
+                break
+
+    return retval