Proper way to skip already used payloads (important to --suffix/--prefix cases)

2026-01-03 05:09:15 +00:00 · 2018-04-12 14:38:32 +02:00
parent 60767de2eb
commit 8ca3287df4
3 changed files with 7 additions and 5 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -454,11 +454,13 @@ def checkSqlInjection(place, parameter, value):
                        boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
                        boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
                        reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
+
                        if reqPayload:
-                            if reqPayload in seenPayload:
+                            stripPayload = re.sub(r"(\A|\b|_)([A-Za-z]{4}((?<!LIKE))|\d+)(_|\b|\Z)", r"\g<1>.\g<4>", reqPayload)
+                            if stripPayload in seenPayload:
                                continue
                            else:
-                                seenPayload.add(reqPayload)
+                                seenPayload.add(stripPayload)
                    else:
                        reqPayload = None

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.4.16"
+VERSION = "1.2.4.17"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)