sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers

by providing option --headers. By default Accept, Accept-Language and Accept-Charset headers are set. Added support to get the injection payload prefix and postfix from user. Minor bug fix to exclude image files when parsing (-l) proxies log files. Minor code adjustments. Updated documentation.
2025-12-06 12:41:30 +00:00 · 2008-12-08 21:24:24 +00:00
parent 15542d2772
commit 9dbad512f1
15 changed files with 365 additions and 232 deletions
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -28,13 +28,12 @@ import md5
 import re

 from lib.core.data import conf
-from lib.core.data import kb
-from lib.core.data import logger


 def comparison(page, headers=None, content=False):
    regExpResults = None

+    # String to be excluded before calculating page hash
    if conf.eString and conf.eString in page:
        index              = page.index(conf.eString)
        length             = len(conf.eString)
@@ -42,28 +41,32 @@ def comparison(page, headers=None, content=False):
        pageWithoutString += page[index+length:]
        page               = pageWithoutString

+    # Regular expression matches to be excluded before calculating page hash
    if conf.eRegexp:
        regExpResults = re.findall(conf.eRegexp, page, re.I | re.M)

-    if conf.eRegexp and regExpResults:
-        for regExpResult in regExpResults:
-            index              = page.index(regExpResult)
-            length             = len(regExpResult)
-            pageWithoutRegExp  = page[:index]
-            pageWithoutRegExp += page[index+length:]
-            page               = pageWithoutRegExp
+        if regExpResults:
+            for regExpResult in regExpResults:
+                index              = page.index(regExpResult)
+                length             = len(regExpResult)
+                pageWithoutRegExp  = page[:index]
+                pageWithoutRegExp += page[index+length:]
+                page               = pageWithoutRegExp

+    # String to match in page when the query is valid
    if conf.string:
        if conf.string in page:
            return True
        else:
            return False

-    elif conf.regexp:
+    # Regular expression to match in page when the query is valid
+    if conf.regexp:
        if re.search(conf.regexp, page, re.I | re.M):
            return True
        else:
            return False

+    # By default it returns the page content MD5 hash
    else:
        return md5.new(page).hexdigest()