Bug fix in detection engine (abstract URI header sometimes caused problems - e.g. when automatic --string used)

stamparm · stamparm · commit 035137ef4e8b · 2016-09-23T17:38:14.000+02:00
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from lib.core.revision import getRevisionNumber
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.0.9.30"
+VERSION = "1.0.9.31"
 REVISION = getRevisionNumber()
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
diff --git a/lib/request/comparison.py b/lib/request/comparison.py
@@ -26,6 +26,7 @@
 from lib.core.settings import REFLECTED_VALUE_MARKER
 from lib.core.settings import LOWER_RATIO_BOUND
 from lib.core.settings import UPPER_RATIO_BOUND
+from lib.core.settings import URI_HTTP_HEADER
 from lib.core.threads import getCurrentThreadData
 
 def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
@@ -48,15 +49,15 @@ def _comparison(page, headers, code, getRatioValue, pageLength):
     threadData = getCurrentThreadData()
 
     if kb.testMode:
-        threadData.lastComparisonHeaders = listToStrValue(headers.headers) if headers else ""
+        threadData.lastComparisonHeaders = listToStrValue([_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)]) if headers else ""
         threadData.lastComparisonPage = page
         threadData.lastComparisonCode = code
 
     if page is None and pageLength is None:
         return None
 
     if any((conf.string, conf.notString, conf.regexp)):
-        rawResponse = "%s%s" % (listToStrValue(headers.headers) if headers else "", page)
+        rawResponse = "%s%s" % (listToStrValue([_ for _ in headers.headers if not _.startswith("%s:" % URI_HTTP_HEADER)]) if headers else "", page)
 
         # String to match in page when the query is True and/or valid
         if conf.string:
diff --git a/txt/checksum.md5 b/txt/checksum.md5
@@ -45,7 +45,7 @@ e60456db5380840a586654344003d4e6  lib/core/readlineng.py
 5ef56abb8671c2ca6ceecb208258e360  lib/core/replication.py
 99a2b496b9d5b546b335653ca801153f  lib/core/revision.py
 7c15dd2777af4dac2c89cab6df17462e  lib/core/session.py
-ff390f8d2d8653658a8a39dba2ddab2c  lib/core/settings.py
+11375783a4c6d11502ba32dd3b1ef1ce  lib/core/settings.py
 7af83e4f18cab6dff5e67840eb65be80  lib/core/shell.py
 23657cd7d924e3c6d225719865855827  lib/core/subprocessng.py
 0bc2fae1dec18cdd11954b22358293f2  lib/core/target.py
@@ -67,7 +67,7 @@ af6b8e1c6eb074b56bbd9cd80aebcd97  lib/parse/payloads.py
 b40a4c5d91770d347df36d3065b63798  lib/parse/sitemap.py
 9299f21804033f099681525bb9bf51c0  lib/request/basicauthhandler.py
 ca9879ea9277810c5fce0f0d8d2f8e03  lib/request/basic.py
-97fb6323bfb5f941b27cbdb00f9078e1  lib/request/comparison.py
+c48285682a61d49982cb508351013cb4  lib/request/comparison.py
 20fe3d96ae45cf46d19504415cebd819  lib/request/connect.py
 49b4c583af68689de5f9acb162de2939  lib/request/direct.py
 1a46f7bb26b23ec0c0d9d9c95828241b  lib/request/dns.py
