PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 21:21:33 +00:00
Code Issues Projects Releases Wiki Activity

incorporation of method for neutralization of reflective values

Browse Source
This commit is contained in:
Miroslav Stampar
2011-02-25 09:22:44 +00:00
parent 708ddf5608
commit aa88361ab1
4 changed files with 34 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/techniques/inband/union/test.py
View File

@@ -23,6 +23,7 @@ from lib.core.common import parseUnionPage
from lib.core.common import popValue
from lib.core.common import pushValue
from lib.core.common import randomStr
from lib.core.common import removeReflectiveValues
from lib.core.common import stdev
from lib.core.data import conf
from lib.core.data import kb
@@ -122,6 +123,9 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
content = "%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")
# Remove possible reflective values from content (especially headers part)
content = removeReflectiveValues(content, payload)
if content and phrase in content:
validPayload = payload
vector = (position, count, comment, prefix, suffix, conf.uChar, where)