mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
minor improvement for blind based injections with reflected values
This commit is contained in:
parent
e9eafc2e94
commit
f27181c628
|
@ -2513,7 +2513,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
|
|||
while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
|
||||
regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)
|
||||
|
||||
if regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)[0].lower() in content.lower(): # fast optimization check
|
||||
if reduce(lambda x,y: x if x else y, regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)).lower() in content.lower(): # fast optimization check
|
||||
retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
|
||||
|
||||
if retVal != content:
|
||||
|
|
|
@ -302,7 +302,7 @@ EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREA
|
|||
REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'
|
||||
|
||||
# Regular expression used for marking non-alphanum characters
|
||||
REFLECTED_NON_ALPHA_NUM_REGEX = r'[^<>\\r\\n]+?'
|
||||
REFLECTED_NON_ALPHA_NUM_REGEX = r'[^\r\n]+?'
|
||||
|
||||
# Chars which can be used as a failsafe values in case of too long URL encoding value
|
||||
URLENCODE_FAILSAFE_CHARS = '()|,'
|
||||
|
|
Loading…
Reference in New Issue
Block a user