@@ -475,46 +475,47 @@ def genCmpPayload():
475475
476476 injectable = True
477477
478- if injectable and kb .pageStable and not any ((conf .string , conf .notString , conf .regexp , conf .code , kb .nullConnection )):
479- if all ((falseCode , trueCode )) and falseCode != trueCode :
480- conf .code = trueCode
478+ if injectable :
479+ if kb .pageStable and not any ((conf .string , conf .notString , conf .regexp , conf .code , kb .nullConnection )):
480+ if all ((falseCode , trueCode )) and falseCode != trueCode :
481+ conf .code = trueCode
481482
482- infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --code=%d)" % (paramType , parameter , title , conf .code )
483- logger .info (infoMsg )
484- else :
485- trueSet = set (extractTextTagContent (trueRawResponse ))
486- trueSet = trueSet .union (__ for _ in trueSet for __ in _ .split ())
487-
488- falseSet = set (extractTextTagContent (falseRawResponse ))
489- falseSet = falseSet .union (__ for _ in falseSet for __ in _ .split ())
490-
491- candidates = filter (None , (_ .strip () if _ .strip () in trueRawResponse and _ .strip () not in falseRawResponse else None for _ in (trueSet - falseSet )))
492-
493- if candidates :
494- candidates = sorted (candidates , key = lambda _ : len (_ ))
495- for candidate in candidates :
496- if re .match (r"\A\w+\Z" , candidate ):
497- break
498-
499- conf .string = candidate
500-
501- infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\" %s\" )" % (paramType , parameter , title , repr (conf .string ).lstrip ('u' ).strip ("'" ))
483+ infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --code=%d)" % (paramType , parameter , title , conf .code )
502484 logger .info (infoMsg )
485+ else :
486+ trueSet = set (extractTextTagContent (trueRawResponse ))
487+ trueSet = trueSet .union (__ for _ in trueSet for __ in _ .split ())
488+
489+ falseSet = set (extractTextTagContent (falseRawResponse ))
490+ falseSet = falseSet .union (__ for _ in falseSet for __ in _ .split ())
503491
504- if not any ((conf .string , conf .notString )):
505- candidates = filter (None , (_ .strip () if _ .strip () in falseRawResponse and _ .strip () not in trueRawResponse else None for _ in (falseSet - trueSet )))
492+ candidates = filter (None , (_ .strip () if _ .strip () in trueRawResponse and _ .strip () not in falseRawResponse else None for _ in (trueSet - falseSet )))
506493
507494 if candidates :
508495 candidates = sorted (candidates , key = lambda _ : len (_ ))
509496 for candidate in candidates :
510497 if re .match (r"\A\w+\Z" , candidate ):
511498 break
512499
513- conf .notString = candidate
500+ conf .string = candidate
514501
515- infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --not- string=\" %s\" )" % (paramType , parameter , title , repr (conf .notString ).lstrip ('u' ).strip ("'" ))
502+ infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --string=\" %s\" )" % (paramType , parameter , title , repr (conf .string ).lstrip ('u' ).strip ("'" ))
516503 logger .info (infoMsg )
517504
505+ if not any ((conf .string , conf .notString )):
506+ candidates = filter (None , (_ .strip () if _ .strip () in falseRawResponse and _ .strip () not in trueRawResponse else None for _ in (falseSet - trueSet )))
507+
508+ if candidates :
509+ candidates = sorted (candidates , key = lambda _ : len (_ ))
510+ for candidate in candidates :
511+ if re .match (r"\A\w+\Z" , candidate ):
512+ break
513+
514+ conf .notString = candidate
515+
516+ infoMsg = "%s parameter '%s' appears to be '%s' injectable (with --not-string=\" %s\" )" % (paramType , parameter , title , repr (conf .notString ).lstrip ('u' ).strip ("'" ))
517+ logger .info (infoMsg )
518+
518519 if not any ((conf .string , conf .notString , conf .code )):
519520 infoMsg = "%s parameter '%s' appears to be '%s' injectable " % (paramType , parameter , title )
520521 logger .info (infoMsg )
0 commit comments