PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-09 06:01:29 +00:00
Code Issues Projects Releases Wiki Activity

removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)

Browse Source
This commit is contained in:
Miroslav Stampar
2011-03-29 20:45:21 +00:00
parent 9f707febf5
commit 12f3024c8a
3 changed files with 6 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/techniques/inband/union/test.py
View File

@@ -124,10 +124,9 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
# Perform the request
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
content = "%s%s".lower() % (page or "", listToStrValue(headers.headers if headers else None) or "")
# Remove possible reflective values from content (especially headers part)
content = removeReflectiveValues(content, payload)
content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
payload, True) or "")
if content and phrase in content:
validPayload = payload

2
lib/techniques/inband/union/use.py
View File

@@ -65,7 +65,7 @@ def __oneShotUnionUse(expression, unpack=True):
# sql injection output
output = extractRegexResult(check, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE) \
or extractRegexResult(check, removeReflectiveValues(listToStrValue(headers.headers \
if headers else None), payload), re.DOTALL | re.IGNORECASE)
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)
if output:
output = getUnicode(output, kb.pageEncoding)