sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 11:33:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor improvement for blind based injections with reflected values

Browse Source
This commit is contained in:
Miroslav Stampar 2011-06-03 14:41:36 +00:00
parent e9eafc2e94
commit f27181c628
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/common.py
View File

@ -2513,7 +2513,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex: while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX) regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)
if regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)[0].lower() in content.lower(): # fast optimization check if reduce(lambda x,y: x if x else y, regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)).lower() in content.lower(): # fast optimization check
retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I) retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
if retVal != content: if retVal != content:

2
lib/core/settings.py
View File

@ -302,7 +302,7 @@ EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ", " INTO OUTFILE ", "CREA
REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__' REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'
# Regular expression used for marking non-alphanum characters # Regular expression used for marking non-alphanum characters
REFLECTED_NON_ALPHA_NUM_REGEX = r'[^<>\\r\\n]+?' REFLECTED_NON_ALPHA_NUM_REGEX = r'[^\r\n]+?'
# Chars which can be used as a failsafe values in case of too long URL encoding value # Chars which can be used as a failsafe values in case of too long URL encoding value
URLENCODE_FAILSAFE_CHARS = '()|,' URLENCODE_FAILSAFE_CHARS = '()|,'