@@ -839,7 +839,7 @@ class _(dict):
839839
840840 @staticmethod
841841 @stackedmethod
842- def queryPage (value = None , place = None , content = False , getRatioValue = False , silent = False , method = None , timeBasedCompare = False , noteResponseTime = True , auxHeaders = None , response = False , raise404 = None , removeReflection = True , disableTampering = False ):
842+ def queryPage (value = None , place = None , content = False , getRatioValue = False , silent = False , method = None , timeBasedCompare = False , noteResponseTime = True , auxHeaders = None , response = False , raise404 = None , removeReflection = True , disableTampering = False , ignoreSecondOrder = False ):
843843 """
844844 This method calls a function to get the target URL page content
845845 and returns its page ratio (0 <= ratio <= 1) or a boolean value
@@ -1339,17 +1339,18 @@ def _randomizeParameter(paramString, randomParameter):
13391339 warnMsg += "behavior in custom WAF/IPS solutions"
13401340 singleTimeWarnMessage (warnMsg )
13411341
1342- if conf .secondUrl :
1343- page , headers , code = Connect .getPage (url = conf .secondUrl , cookie = cookie , ua = ua , silent = silent , auxHeaders = auxHeaders , response = response , raise404 = False , ignoreTimeout = timeBasedCompare , refreshing = True )
1344- elif kb .secondReq and IPS_WAF_CHECK_PAYLOAD not in _urllib .parse .unquote (value or "" ):
1345- def _ (value ):
1346- if kb .customInjectionMark in (value or "" ):
1347- if payload is None :
1348- value = value .replace (kb .customInjectionMark , "" )
1349- else :
1350- value = re .sub (r"\w*%s" % re .escape (kb .customInjectionMark ), payload , value )
1351- return value
1352- page , headers , code = Connect .getPage (url = _ (kb .secondReq [0 ]), post = _ (kb .secondReq [2 ]), method = kb .secondReq [1 ], cookie = kb .secondReq [3 ], silent = silent , auxHeaders = dict (auxHeaders , ** dict (kb .secondReq [4 ])), response = response , raise404 = False , ignoreTimeout = timeBasedCompare , refreshing = True )
1342+ if not ignoreSecondOrder :
1343+ if conf .secondUrl :
1344+ page , headers , code = Connect .getPage (url = conf .secondUrl , cookie = cookie , ua = ua , silent = silent , auxHeaders = auxHeaders , response = response , raise404 = False , ignoreTimeout = timeBasedCompare , refreshing = True )
1345+ elif kb .secondReq and IPS_WAF_CHECK_PAYLOAD not in _urllib .parse .unquote (value or "" ):
1346+ def _ (value ):
1347+ if kb .customInjectionMark in (value or "" ):
1348+ if payload is None :
1349+ value = value .replace (kb .customInjectionMark , "" )
1350+ else :
1351+ value = re .sub (r"\w*%s" % re .escape (kb .customInjectionMark ), payload , value )
1352+ return value
1353+ page , headers , code = Connect .getPage (url = _ (kb .secondReq [0 ]), post = _ (kb .secondReq [2 ]), method = kb .secondReq [1 ], cookie = kb .secondReq [3 ], silent = silent , auxHeaders = dict (auxHeaders , ** dict (kb .secondReq [4 ])), response = response , raise404 = False , ignoreTimeout = timeBasedCompare , refreshing = True )
13531354
13541355 threadData .lastQueryDuration = calculateDeltaSeconds (start )
13551356
0 commit comments