Proper way to skip already used payloads (important to --suffix/--prefix cases)

2025-12-07 05:01:30 +00:00 · 2018-04-12 14:38:32 +02:00
parent 60767de2eb
commit 8ca3287df4
3 changed files with 7 additions and 5 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -454,11 +454,13 @@ def checkSqlInjection(place, parameter, value):
                        boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
                        boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
                        reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
+
                        if reqPayload:
-                            if reqPayload in seenPayload:
+                            stripPayload = re.sub(r"(\A|\b|_)([A-Za-z]{4}((?<!LIKE))|\d+)(_|\b|\Z)", r"\g<1>.\g<4>", reqPayload)
+                            if stripPayload in seenPayload:
                                continue
                            else:
-                                seenPayload.add(reqPayload)
+                                seenPayload.add(stripPayload)
                    else:
                        reqPayload = None