Merge 4407b03b67 into 9fff88d6e4

2025-08-03 03:40:11 +03:00 · 2014-07-22 12:26:10 +00:00 · 2014-07-22 12:26:10 +00:00 · ecc7e43a24
commit ecc7e43a24
parent 9fff88d6e4 4407b03b67
2 changed files with 6 additions and 5 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -62,7 +62,6 @@ from lib.core.settings import FORMAT_EXCEPTION_STRINGS
 from lib.core.settings import HEURISTIC_CHECK_ALPHABET
 from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH
 from lib.core.settings import UNKNOWN_DBMS
-from lib.core.settings import URI_HTTP_HEADER
 from lib.core.settings import LOWER_RATIO_BOUND
 from lib.core.settings import UPPER_RATIO_BOUND
 from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
@ -417,8 +416,7 @@ def checkSqlInjection(place, parameter, value):
                            try:
                                page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
                                output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
-                                        or extractRegexResult(check, listToStrValue( \
-                                        [headers[key] for key in headers.keys() if key.lower() != URI_HTTP_HEADER.lower()] \
+                                        or extractRegexResult(check, listToStrValue(headers.headers \
                                        if headers else None), re.DOTALL | re.IGNORECASE) \
                                        or extractRegexResult(check, threadData.lastRedirectMsg[1] \
                                        if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -27,6 +27,7 @@ from lib.core.common import isNumPosStrValue
 from lib.core.common import listToStrValue
 from lib.core.common import readInput
 from lib.core.common import unArrayizeValue
+from lib.core.common import urlencode
 from lib.core.convert import hexdecode
 from lib.core.convert import htmlunescape
 from lib.core.data import conf
@ -99,8 +100,10 @@ def _oneShotErrorUse(expression, field=None):

                incrementCounter(kb.technique)

-                if page and conf.noCast:
-                    page = re.sub(r"('|\%%27)%s('|\%%27).*?('|\%%27)%s('|\%%27)" % (kb.chars.start, kb.chars.stop), "", page)
+                if page and conf.noEscape:
+                    payload = re.sub(r".*?__PAYLOAD_DELIMITER__(.*)__PAYLOAD_DELIMITER__",r'\g<1>',payload)
+                    payload = urlencode(payload,"")
+                    headers["URI"] = headers["URI"].replace(payload,"")

                # Parse the returned page to get the exact error-based
                # SQL injection output