minor improvement for blind based injections with reflected values

stamparm · stamparm · commit f27181c6282a · 2011-06-03T14:41:36.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -2513,7 +2513,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
         while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
             regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)
 
-        if regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)[0].lower() in content.lower(): # fast optimization check
+        if reduce(lambda x,y: x if x else y, regex.split(REFLECTED_NON_ALPHA_NUM_REGEX)).lower() in content.lower(): # fast optimization check
             retVal = re.sub(regex, REFLECTED_VALUE_MARKER, content, re.I)
 
             if retVal != content:
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -302,7 +302,7 @@
 REFLECTED_VALUE_MARKER = '__REFLECTED_VALUE__'
 
 # Regular expression used for marking non-alphanum characters
-REFLECTED_NON_ALPHA_NUM_REGEX = r'[^<>\\r\\n]+?'
+REFLECTED_NON_ALPHA_NUM_REGEX = r'[^\r\n]+?'
 
 # Chars which can be used as a failsafe values in case of too long URL encoding value
 URLENCODE_FAILSAFE_CHARS = '()|,'
