From 33094a118c226ee2a97f0f6faad89753d8320283 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 18 Jan 2013 16:35:09 +0100
Subject: [PATCH] Fix for an Issue where '--string' is being automatically
 picked not looking properly in headers too

---
 lib/controller/checks.py  | 12 ++++++------
 lib/core/threads.py       |  2 +-
 lib/request/comparison.py | 25 +++++++++++--------------
 3 files changed, 18 insertions(+), 21 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 38301455e..e25702853 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -360,11 +360,11 @@ def checkSqlInjection(place, parameter, value):
                             kb.matchRatio = None
                             kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE)
                             Request.queryPage(genCmpPayload(), place, raise404=False)
-                            falsePage = threadData.lastComparisonPage or ""
+                            falseContent = threadData.lastComparisonContent
 
                             # Perform the test's True request
                             trueResult = Request.queryPage(reqPayload, place, raise404=False)
-                            truePage = threadData.lastComparisonPage or ""
+                            trueContent = threadData.lastComparisonContent
 
                             if trueResult:
                                 falseResult = Request.queryPage(genCmpPayload(), place, raise404=False)
@@ -377,11 +377,11 @@ def checkSqlInjection(place, parameter, value):
                                     injectable = True
 
                             if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable:
-                                trueSet = set(extractTextTagContent(truePage))
-                                falseSet = set(extractTextTagContent(falsePage))
-                                candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet)))
+                                trueSet = set(extractTextTagContent(trueContent))
+                                falseSet = set(extractTextTagContent(falseContent))
+                                candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falseContent else None for _ in (trueSet - falseSet)))
                                 if candidates:
-                                    conf.string = random.sample(candidates, 1)[0]
+                                    conf.string = candidates[0]
                                     infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'"))
                                     logger.info(infoMsg)
 
diff --git a/lib/core/threads.py b/lib/core/threads.py
index 015e2c312..5e8a7c395 100644
--- a/lib/core/threads.py
+++ b/lib/core/threads.py
@@ -41,7 +41,7 @@ class _ThreadData(threading.local):
         self.disableStdOut = False
         self.hashDBCursor = None
         self.inTransaction = False
-        self.lastComparisonPage = None
+        self.lastComparisonContent = None
         self.lastErrorPage = None
         self.lastHTTPError = None
         self.lastRedirectMsg = None
diff --git a/lib/request/comparison.py b/lib/request/comparison.py
index fe00054ea..c2a886ed5 100644
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -46,8 +46,8 @@ def _adjust(condition, getRatioValue):
 def _comparison(page, headers, code, getRatioValue, pageLength):
     threadData = getCurrentThreadData()
 
-    if kb.testMode:
-        threadData.lastComparisonPage = page
+    if kb.testMode or any((conf.string, conf.notString, conf.regexp)):
+        threadData.lastComparisonContent = "%s%s" % (listToStrValue(headers.headers if headers else ""), page or "")
 
     if page is None and pageLength is None:
         return None
@@ -55,20 +55,17 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
     seqMatcher = threadData.seqMatcher
     seqMatcher.set_seq1(kb.pageTemplate)
 
-    if any((conf.string, conf.notString, conf.regexp)):
-        rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
+    # String to match in page when the query is True and/or valid
+    if conf.string:
+        return conf.string in threadData.lastComparisonContent
 
-        # String to match in page when the query is True and/or valid
-        if conf.string:
-            return conf.string in rawResponse
+    # String to match in page when the query is False and/or invalid
+    if conf.notString:
+        return conf.notString not in threadData.lastComparisonContent
 
-        # String to match in page when the query is False and/or invalid
-        if conf.notString:
-            return conf.notString not in rawResponse
-
-        # Regular expression to match in page when the query is True and/or valid
-        if conf.regexp:
-            return re.search(conf.regexp, rawResponse, re.I | re.M) is not None
+    # Regular expression to match in page when the query is True and/or valid
+    if conf.regexp:
+        return re.search(conf.regexp, threadData.lastComparisonContent, re.I | re.M) is not None
 
     # HTTP code to match when the query is valid
     if conf.code: