Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ac77092

Browse files
stamparmstamparm
committed
Better fix for that page/headers/comparison --string candidate problem
1 parent 8141d17 commit ac77092

3 files changed

Lines changed: 4 additions & 2 deletions

File tree

lib/controller/checks.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -379,7 +379,7 @@ def genCmpPayload():
379379
if not injectable and not any((conf.string, conf.notString, conf.regexp)) and kb.pageStable:
380380
trueSet = set(extractTextTagContent(truePage))
381381
falseSet = set(extractTextTagContent(falsePage))
382-
candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage else None for _ in (trueSet - falseSet)))
382+
candidates = filter(None, (_.strip() if _.strip() in (kb.pageTemplate or "") and _.strip() not in falsePage and _.strip() not in threadData.lastComparisonHeaders else None for _ in (trueSet - falseSet)))
383383
if candidates:
384384
conf.string = candidates[0]
385385
infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=\"%s\")" % (place, parameter, title, repr(conf.string).lstrip('u').strip("'"))

lib/core/threads.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -42,6 +42,7 @@ def reset(self):
4242
self.hashDBCursor = None
4343
self.inTransaction = False
4444
self.lastComparisonPage = None
45+
self.lastComparisonHeaders = None
4546
self.lastErrorPage = None
4647
self.lastHTTPError = None
4748
self.lastRedirectMsg = None

lib/request/comparison.py

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
4747
threadData = getCurrentThreadData()
4848

4949
if kb.testMode:
50+
threadData.lastComparisonHeaders = listToStrValue(headers.headers) if headers else ""
5051
threadData.lastComparisonPage = page
5152

5253
if page is None and pageLength is None:
@@ -56,7 +57,7 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
5657
seqMatcher.set_seq1(kb.pageTemplate)
5758

5859
if any((conf.string, conf.notString, conf.regexp)):
59-
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
60+
rawResponse = "%s%s" % (listToStrValue(headers.headers) if headers else "", page)
6061

6162
# String to match in page when the query is True and/or valid
6263
if conf.string:

0 commit comments

Comments
 (0)