Removing reflective warning for parsing heuristic test

This commit is contained in:
stamparm 2013-07-08 11:48:33 +02:00
parent 27bf37e741
commit 8d3435ab0b
3 changed files with 6 additions and 1 deletions

View File

@ -744,10 +744,14 @@ def heuristicCheckSqlInjection(place, parameter):
while '\'' not in randStr: while '\'' not in randStr:
randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET) randStr = randomStr(length=10, alphabet=HEURISTIC_CHECK_ALPHABET)
kb.heuristicMode = True
payload = "%s%s%s" % (prefix, randStr, suffix) payload = "%s%s%s" % (prefix, randStr, suffix)
payload = agent.payload(place, parameter, newValue=payload) payload = agent.payload(place, parameter, newValue=payload)
page, _ = Request.queryPage(payload, place, content=True, raise404=False) page, _ = Request.queryPage(payload, place, content=True, raise404=False)
kb.heuristicMode = False
parseFilePaths(page) parseFilePaths(page)
result = wasLastResponseDBMSError() result = wasLastResponseDBMSError()

2
lib/core/common.py Normal file → Executable file
View File

@ -2880,7 +2880,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:]) regex = REFLECTED_REPLACEMENT_REGEX.join(parts[1:])
retVal = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, retVal) retVal = re.sub(r"(?i)\b%s\b" % regex, REFLECTED_VALUE_MARKER, retVal)
if retVal != content: if retVal != content and not kb.heuristicMode:
kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1 kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
if not suppressWarning: if not suppressWarning:
warnMsg = "reflective value(s) found and filtering out" warnMsg = "reflective value(s) found and filtering out"

View File

@ -1599,6 +1599,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
kb.forcedDbms = None kb.forcedDbms = None
kb.headersFp = {} kb.headersFp = {}
kb.heuristicDbms = None kb.heuristicDbms = None
kb.heuristicMode = False
kb.heuristicTest = None kb.heuristicTest = None
kb.hintValue = None kb.hintValue = None
kb.htmlFp = [] kb.htmlFp = []