Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 20988e5

Browse files
stamparmstamparm
committed
warp 5 mr spock :)
1 parent 001cbff commit 20988e5

4 files changed

Lines changed: 27 additions & 5 deletions

File tree

lib/core/common.py

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@
5454
from lib.core.enums import OS
5555
from lib.core.enums import PLACE
5656
from lib.core.enums import PAYLOAD
57+
from lib.core.enums import REFLECTIVE_COUNTER
5758
from lib.core.enums import SORTORDER
5859
from lib.core.enums import WARNFLAGS
5960
from lib.core.exception import sqlmapDataException
@@ -94,6 +95,7 @@
9495
from lib.core.settings import TIME_DEFAULT_DELAY
9596
from lib.core.settings import TIME_STDEV_COEFF
9697
from lib.core.settings import DYNAMICITY_MARK_LENGTH
98+
from lib.core.settings import REFLECTIVE_MISS_THRESHOLD
9799
from lib.core.settings import SENSITIVE_DATA_REGEX
98100
from lib.core.settings import SUPPORTED_OS
99101
from lib.core.settings import UNKNOWN_DBMS_VERSION
@@ -2498,7 +2500,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
24982500

24992501
retVal = content
25002502

2501-
if all([content, payload]):
2503+
if all([content, payload]) and kb.reflectiveMechanism:
25022504
payload = payload.replace(PAYLOAD_DELIMITER, '')
25032505

25042506
regex = filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX)
@@ -2508,9 +2510,19 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
25082510

25092511
retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
25102512

2511-
if retVal != content and not suppressWarning:
2512-
debugMsg = "reflective value found and filtered out"
2513-
logger.debug(debugMsg)
2513+
if retVal != content:
2514+
kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT] += 1
2515+
if not suppressWarning:
2516+
debugMsg = "reflective value found and filtered out"
2517+
logger.debug(debugMsg)
2518+
2519+
elif not kb.testMode and not kb.reflectiveCounters[REFLECTIVE_COUNTER.HIT]:
2520+
kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] += 1
2521+
if kb.reflectiveCounters[REFLECTIVE_COUNTER.MISS] > REFLECTIVE_MISS_THRESHOLD:
2522+
kb.reflectiveMechanism = False
2523+
if not suppressWarning:
2524+
debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
2525+
logger.debug(debugMsg)
25142526

25152527
return retVal
25162528

lib/core/enums.py

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -57,6 +57,10 @@ class NULLCONNECTION:
5757
HEAD = "HEAD"
5858
RANGE = "Range"
5959

60+
class REFLECTIVE_COUNTER:
61+
MISS = "MISS"
62+
HIT = "HIT"
63+
6064
class HASH:
6165
MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z'
6266
MYSQL_OLD = r'(?i)\A[0-9a-f]{16}\Z'

lib/core/option.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -61,6 +61,7 @@
6161
from lib.core.enums import MOBILES
6262
from lib.core.enums import PAYLOAD
6363
from lib.core.enums import PRIORITY
64+
from lib.core.enums import REFLECTIVE_COUNTER
6465
from lib.core.exception import sqlmapConnectionException
6566
from lib.core.exception import sqlmapFilePathException
6667
from lib.core.exception import sqlmapGenericException
@@ -1378,6 +1379,8 @@ def __setKnowledgeBaseAttributes(flushAll=True):
13781379
kb.proxyAuthHeader = None
13791380
kb.queryCounter = 0
13801381
kb.redirectSetCookie = None
1382+
kb.reflectiveMechanism = True
1383+
kb.reflectiveCounters = {REFLECTIVE_COUNTER.MISS:0, REFLECTIVE_COUNTER.HIT:0}
13811384
kb.responseTimes = []
13821385
kb.resumedQueries = {}
13831386
kb.singleLogFlags = set()

lib/core/settings.py

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -302,7 +302,7 @@
302302
REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'
303303

304304
# Regular expression used for marking non-alphanum characters
305-
REFLECTED_NON_ALPHA_NUM_REGEX = r'\W+?'
305+
REFLECTED_NON_ALPHA_NUM_REGEX = r'\W+'
306306

307307
# Chars which can be used as a failsafe values in case of too long URL encoding value
308308
URLENCODE_FAILSAFE_CHARS = '()|,'
@@ -348,3 +348,6 @@
348348
IGNORE_SPACE_AFFECTED_KEYWORDS = ("CAST", "COUNT", "EXTRACT", "GROUP_CONCAT", "MAX", "MID", "MIN", "SESSION_USER", "SUBSTR", "SUBSTRING", "SUM", "SYSTEM_USER", "TRIM")
349349

350350
LEGAL_DISCLAIMER = "usage of sqlmap for attacking web servers without prior mutual consent can be considered as an illegal activity. it is the final user's responsibility to obey all applicable local, state and federal laws. authors assume no liability and are not responsible for any misuse or damage caused by this program."
351+
352+
# After this number of misses reflective removal mechanism is turned off (for speed up reasons)
353+
REFLECTIVE_MISS_THRESHOLD = 20

0 commit comments

Comments
 (0)