From 8141d17985b42a4cad6b3a81cbf6332307e2e54b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 18 Jan 2013 16:49:35 +0100 Subject: [PATCH] Revert of previous commit (more care has to be done regarding headers dynamicity) --- lib/controller/checks.py | 10 +++++----- lib/core/threads.py | 2 +- lib/request/comparison.py | 25 ++++++++++++++----------- 3 files changed, 20 insertions(+), 17 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index e25702853..83cf6247b 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -360,11 +360,11 @@ def checkSqlInjection(place, parameter, value): kb.matchRatio = None kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE) Request.queryPage(genCmpPayload(), place, raise404=False) - falseContent = threadData.lastComparisonContent + falsePage = threadData.lastComparisonPage or "" # Perform the test's True request trueResult = Request.queryPage(reqPayload, place, raise404=False) - trueContent = threadData.lastComparisonContent + truePage = threadData.lastComparisonPage or "" if trueResult: falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) @@ -377,9 +377,9 @@ def checkSqlInjection(place, parameter, value): injectable = True if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable: - trueSet = set(extractTextTagContent(trueContent)) - falseSet = set(extractTextTagContent(falseContent)) - candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falseContent else None for _ in (trueSet - falseSet))) + trueSet = set(extractTextTagContent(truePage)) + falseSet = set(extractTextTagContent(falsePage)) + candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet))) if candidates: conf.string = candidates[0] infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'")) diff --git a/lib/core/threads.py b/lib/core/threads.py index 5e8a7c395..015e2c312 100644 --- a/lib/core/threads.py +++ b/lib/core/threads.py @@ -41,7 +41,7 @@ class _ThreadData(threading.local): self.disableStdOut = False self.hashDBCursor = None self.inTransaction = False - self.lastComparisonContent = None + self.lastComparisonPage = None self.lastErrorPage = None self.lastHTTPError = None self.lastRedirectMsg = None diff --git a/lib/request/comparison.py b/lib/request/comparison.py index c2a886ed5..fe00054ea 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -46,8 +46,8 @@ def _adjust(condition, getRatioValue): def _comparison(page, headers, code, getRatioValue, pageLength): threadData = getCurrentThreadData() - if kb.testMode or any((conf.string, conf.notString, conf.regexp)): - threadData.lastComparisonContent = "%s%s" % (listToStrValue(headers.headers if headers else ""), page or "") + if kb.testMode: + threadData.lastComparisonPage = page if page is None and pageLength is None: return None @@ -55,17 +55,20 @@ def _comparison(page, headers, code, getRatioValue, pageLength): seqMatcher = threadData.seqMatcher seqMatcher.set_seq1(kb.pageTemplate) - # String to match in page when the query is True and/or valid - if conf.string: - return conf.string in threadData.lastComparisonContent + if any((conf.string, conf.notString, conf.regexp)): + rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) - # String to match in page when the query is False and/or invalid - if conf.notString: - return conf.notString not in threadData.lastComparisonContent + # String to match in page when the query is True and/or valid + if conf.string: + return conf.string in rawResponse - # Regular expression to match in page when the query is True and/or valid - if conf.regexp: - return re.search(conf.regexp, threadData.lastComparisonContent, re.I | re.M) is not None + # String to match in page when the query is False and/or invalid + if conf.notString: + return conf.notString not in rawResponse + + # Regular expression to match in page when the query is True and/or valid + if conf.regexp: + return re.search(conf.regexp, rawResponse, re.I | re.M) is not None # HTTP code to match when the query is valid if conf.code: