From f27181c6282a9e98fb20be7cebae96565ab61a07 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 3 Jun 2011 14:41:36 +0000
Subject: [PATCH] minor improvement for blind based injections with reflected
 values

---
 lib/core/common.py   | 2 +-
 lib/core/settings.py | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 8cf115077..d0d6ec057 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2513,7 +2513,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
         while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
             regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)
 
-        if regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)[0].lower() in content.lower(): # fast optimization check
+        if reduce(lambda x,y: x if x else y, regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)).lower() in content.lower(): # fast optimization check
             retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
 
             if retVal != content:
diff --git a/lib/core/settings.py b/lib/core/settings.py
index 7ed897630..00e5b9f85 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -302,7 +302,7 @@ EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREA
 REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'
 
 # Regular expression used for marking non-alphanum characters
-REFLECTED_NON_ALPHA_NUM_REGEX = r'[^<>\\r\\n]+?'
+REFLECTED_NON_ALPHA_NUM_REGEX = r'[^\r\n]+?'
 
 # Chars which can be used as a failsafe values in case of too long URL encoding value
 URLENCODE_FAILSAFE_CHARS = '()|,'