Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 12f3024

Browse files
committed
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
1 parent 9f707fe commit 12f3024

3 files changed

Lines changed: 6 additions & 7 deletions

File tree

lib/core/common.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2411,7 +2411,7 @@ def cpuThrottle(value):
24112411
delay = 0.00001 * (value ** 2)
24122412
time.sleep(delay)
24132413

2414-
def removeReflectiveValues(content, payload):
2414+
def removeReflectiveValues(content, payload, suppressWarning=False):
24152415
"""
24162416
Neutralizes (static/marked) reflective values in a given content based on a payload
24172417
(e.g. ?search=sql injection ---> ...value="sql%20injection")
@@ -2429,7 +2429,7 @@ def removeReflectiveValues(content, payload):
24292429

24302430
retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
24312431

2432-
if retVal != content:
2432+
if retVal != content and not suppressWarning:
24332433
debugMsg = "reflective value found and filtered out"
24342434
logger.debug(debugMsg)
24352435

lib/techniques/inband/union/test.py

Lines changed: 3 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -124,10 +124,9 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
124124

125125
# Perform the request
126126
page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
127-
content = "%s%s".lower() % (page or "", listToStrValue(headers.headers if headers else None) or "")
128-
129-
# Remove possible reflective values from content (especially headers part)
130-
content = removeReflectiveValues(content, payload)
127+
content = "%s%s".lower() % (removeReflectiveValues(page, payload) or "", \
128+
removeReflectiveValues(listToStrValue(headers.headers if headers else None), \
129+
payload, True) or "")
131130

132131
if content and phrase in content:
133132
validPayload = payload

lib/techniques/inband/union/use.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,7 @@ def __oneShotUnionUse(expression, unpack=True):
6565
# sql injection output
6666
output = extractRegexResult(check, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE) \
6767
or extractRegexResult(check, removeReflectiveValues(listToStrValue(headers.headers \
68-
if headers else None), payload), re.DOTALL | re.IGNORECASE)
68+
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)
6969

7070
if output:
7171
output = getUnicode(output, kb.pageEncoding)

0 commit comments

Comments
 (0)