3535from lib .core .data import queries
3636from lib .core .dicts import FROM_DUMMY_TABLE
3737from lib .core .enums import DBMS
38+ from lib .core .enums import HTTP_HEADER
3839from lib .core .settings import CHECK_ZERO_COLUMNS_THRESHOLD
3940from lib .core .settings import MYSQL_ERROR_CHUNK_LENGTH
4041from lib .core .settings import MSSQL_ERROR_CHUNK_LENGTH
@@ -99,14 +100,14 @@ def _oneShotErrorUse(expression, field=None):
99100
100101 incrementCounter (kb .technique )
101102
102- if page and conf .noCast :
103+ if page and conf .noEscape :
103104 page = re .sub (r"('|\%%27)%s('|\%%27).*?('|\%%27)%s('|\%%27)" % (kb .chars .start , kb .chars .stop ), "" , page )
104105
105106 # Parse the returned page to get the exact error-based
106107 # SQL injection output
107108 output = reduce (lambda x , y : x if x is not None else y , (\
108109 extractRegexResult (check , page , re .DOTALL | re .IGNORECASE ), \
109- extractRegexResult (check , listToStrValue (headers . headers \
110+ extractRegexResult (check , listToStrValue ([ headers [ header ] for header in headers if header . lower () != HTTP_HEADER . URI . lower ()] \
110111 if headers else None ), re .DOTALL | re .IGNORECASE ), \
111112 extractRegexResult (check , threadData .lastRedirectMsg [1 ] \
112113 if threadData .lastRedirectMsg and threadData .lastRedirectMsg [0 ] == \
@@ -117,7 +118,7 @@ def _oneShotErrorUse(expression, field=None):
117118 output = getUnicode (output )
118119 else :
119120 trimmed = extractRegexResult (trimcheck , page , re .DOTALL | re .IGNORECASE ) \
120- or extractRegexResult (trimcheck , listToStrValue (headers . headers \
121+ or extractRegexResult (trimcheck , listToStrValue ([ headers [ header ] for header in headers if header . lower () != HTTP_HEADER . URI . lower ()] \
121122 if headers else None ), re .DOTALL | re .IGNORECASE ) \
122123 or extractRegexResult (trimcheck , threadData .lastRedirectMsg [1 ] \
123124 if threadData .lastRedirectMsg and threadData .lastRedirectMsg [0 ] == \
0 commit comments