From 6acfef475ad5c42d8b2827d1f5236d50651c3043 Mon Sep 17 00:00:00 2001
From: henshin <auspex.net@gmail.com>
Date: Tue, 22 Jul 2014 13:15:39 +0100
Subject: [PATCH 1/2] Update use.py

Filters out returned encoded value from the header "URI" which confuses sqlmap
---
 lib/techniques/error/use.py | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
index c8a43874e..be2e9a5b9 100644
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -27,6 +27,7 @@ from lib.core.common import isNumPosStrValue
 from lib.core.common import listToStrValue
 from lib.core.common import readInput
 from lib.core.common import unArrayizeValue
+from lib.core.common import urlencode
 from lib.core.convert import hexdecode
 from lib.core.convert import htmlunescape
 from lib.core.data import conf
@@ -99,8 +100,10 @@ def _oneShotErrorUse(expression, field=None):
 
                 incrementCounter(kb.technique)
 
-                if page and conf.noCast:
-                    page = re.sub(r"('|\%%27)%s('|\%%27).*?('|\%%27)%s('|\%%27)" % (kb.chars.start, kb.chars.stop), "", page)
+                if page and conf.noEscape:
+                    payload = re.sub(r".*?__PAYLOAD_DELIMITER__(.*)__PAYLOAD_DELIMITER__",r'\g<1>',payload)
+                    payload = urlencode(payload,"")
+                    headers["URI"] = headers["URI"].replace(payload,"")
 
                 # Parse the returned page to get the exact error-based
                 # SQL injection output

From 4407b03b67d4079b5a1d5d7dc7f935fef071bf57 Mon Sep 17 00:00:00 2001
From: henshin <auspex.net@gmail.com>
Date: Tue, 22 Jul 2014 13:20:27 +0100
Subject: [PATCH 2/2] rollback change from the last patch.

This doesn't seem to help on the issue #757 resolution
---
 lib/controller/checks.py | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index bbc3f702d..10e9dab82 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -62,7 +62,6 @@ from lib.core.settings import FORMAT_EXCEPTION_STRINGS
 from lib.core.settings import HEURISTIC_CHECK_ALPHABET
 from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH
 from lib.core.settings import UNKNOWN_DBMS
-from lib.core.settings import URI_HTTP_HEADER
 from lib.core.settings import LOWER_RATIO_BOUND
 from lib.core.settings import UPPER_RATIO_BOUND
 from lib.core.settings import IDS_WAF_CHECK_PAYLOAD
@@ -417,8 +416,7 @@ def checkSqlInjection(place, parameter, value):
                             try:
                                 page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
                                 output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
-                                        or extractRegexResult(check, listToStrValue( \
-                                        [headers[key] for key in headers.keys() if key.lower() != URI_HTTP_HEADER.lower()] \
+                                        or extractRegexResult(check, listToStrValue(headers.headers \
                                         if headers else None), re.DOTALL | re.IGNORECASE) \
                                         or extractRegexResult(check, threadData.lastRedirectMsg[1] \
                                         if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \