Some fine tuning (#4505 - in case of --no-escape)

stamparm · stamparm · commit 091678b9d482 · 2021-01-04T13:45:38.000+01:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -18,7 +18,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.5.1.4"
+VERSION = "1.5.1.5"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
@@ -490,7 +490,7 @@
 REFLECTED_BORDER_REGEX = r"[^A-Za-z]+"
 
 # Regular expression used for replacing non-alphanum characters
-REFLECTED_REPLACEMENT_REGEX = r"[^\n]{1,100}"
+REFLECTED_REPLACEMENT_REGEX = r"[^\n]{1,168}"
 
 # Maximum time (in seconds) spent per reflective value(s) replacement
 REFLECTED_REPLACEMENT_TIMEOUT = 3
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
@@ -98,7 +98,7 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
 
         if kb.jsonAggMode:
             if Backend.isDbms(DBMS.MSSQL):
-                output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), page or "")
+                output = extractRegexResult(r"%s(?P<result>.*)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(page or "", payload))
                 if output:
                     try:
                         retVal = ""
@@ -110,11 +110,11 @@ def _oneShotUnionUse(expression, unpack=True, limited=False):
                     else:
                         retVal = getUnicode(retVal)
             elif Backend.isDbms(DBMS.PGSQL):
-                output = extractRegexResult(r"(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop), page or "")
+                output = extractRegexResult(r"(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(page or "", payload))
                 if output:
                     retVal = output
             else:
-                output = extractRegexResult(r"%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop), page or "")
+                output = extractRegexResult(r"%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop), removeReflectiveValues(page or "", payload))
                 if output:
                     try:
                         retVal = ""
