diff --git a/lib/request/connect.py b/lib/request/connect.py index d8e4b8f16..2512689bf 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -497,7 +497,7 @@ class Connect: return page, responseHeaders, code @staticmethod - def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None): + def queryPage(value=None, place=None, content=False, getRatioValue=False, silent=False, method=None, timeBasedCompare=False, noteResponseTime=True, auxHeaders=None, response=False, raise404=None, removeReflection=True): """ This method calls a function to get the target url page content and returns its page MD5 hash or a boolean value in case of @@ -669,11 +669,12 @@ class Connect: elif noteResponseTime: kb.responseTimes.append(threadData.lastQueryDuration) + if not response and removeReflection: + page = removeReflectiveValues(page, payload) + if content or response: return page, headers - page = removeReflectiveValues(page, payload) - if getRatioValue: return comparison(page, headers, code, getRatioValue=False, pageLength=pageLength), comparison(page, headers, code, getRatioValue=True, pageLength=pageLength) elif pageLength or page: diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 6e64e8687..ee0d69837 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -274,7 +274,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix warnMsg = "if UNION based SQL injection is not detected, " warnMsg += "please consider " if not conf.uChar: - warnMsg += "providing --union-char switch " + warnMsg += "using --union-char switch " warnMsg += "(e.g. --union-char=1) " if not conf.dbms: if not conf.uChar: