PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

incorporation of method for neutralization of reflective values

Browse Source
This commit is contained in:
Miroslav Stampar
2011-02-25 09:22:44 +00:00
parent 708ddf5608
commit aa88361ab1
4 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
lib/core/common.py
View File

@@ -81,6 +81,8 @@ from lib.core.settings import DUMP_TAB_MARKER
from lib.core.settings import DUMP_START_MARKER
from lib.core.settings import DUMP_STOP_MARKER
from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import PAYLOAD_DELIMITER
from lib.core.settings import REFLECTED_VALUE_MARKER
from lib.core.settings import TIME_DEFAULT_DELAY
from lib.core.settings import TIME_STDEV_COEFF
from lib.core.settings import DYNAMICITY_MARK_LENGTH
@@ -2386,3 +2388,20 @@ def cpuThrottle(value):
"""
delay = 0.00001 * (value ** 2)
time.sleep(delay)
def removeReflectiveValues(content, payload):
"""
Neutralizes (static/marked) reflective values in a given content based on a payload
(e.g. ?search=sql injection ---> ...value="sql%20injection")
"""
payload = payload.replace(PAYLOAD_DELIMITER, '')
regex = filterStringValue(payload, r'[A-Za-z0-9]', r'[^\s]+')
retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content)
if retVal != content:
warnMsg = "reflective value found and filtered out"
logger.warn(warnMsg)
return retVal