Bug fix with special case of reflective values in error-based results

stamparm · stamparm · commit dbf5daf78871 · 2025-12-24T16:16:51.000+01:00
diff --git a/data/txt/sha256sums.txt b/data/txt/sha256sums.txt
@@ -166,7 +166,7 @@ eed1db5da17eca4c65a8f999166e2246eef84397687ae820bbe4984ef65a09df  extra/vulnserv
 4608f21a4333c162ab3c266c903fda4793cc5834de30d06affe9b7566dd09811  lib/controller/__init__.py
 216c9399853b7454d36dcb552baf9f1169ec7942897ddc46504684325cb6ce00  lib/core/agent.py
 fbba89420acafcdb9ba1a95428cf2161b13cfa2d1a7ad7d5e70c14b0e04861f0  lib/core/bigarray.py
-ebf33ba2d4fa727931ab21c61b6c65b2e6cb41c54595caed2ec5153f8776a23a  lib/core/common.py
+d81080a7223e3d2ffd2a063f7c5b49ab9f25294ed70a0fbdf42d0c0df3551bb3  lib/core/common.py
 d53a8aecab8af8b8da4dc1c74d868f70a38770d34b1fa50cae4532cae7ce1c87  lib/core/compat.py
 463005de14642fef4251c951c9b24ec8d456f67f0cd98a9f4d6add281ccbb775  lib/core/convert.py
 ae500647c4074681749735a4f3b17b7eca44868dd3f39f9cab0a575888ba04a1  lib/core/data.py
@@ -188,7 +188,7 @@ c4bfb493a03caf84dd362aec7c248097841de804b7413d0e1ecb8a90c8550bc0  lib/core/readl
 d1bd70c1a55858495c727fbec91e30af267459c8f64d50fabf9e4ee2c007e920  lib/core/replication.py
 1d0f80b0193ac5204527bfab4bde1a7aee0f693fd008e86b4b29f606d1ef94f3  lib/core/revision.py
 d2eb8e4b05ac93551272b3d4abfaf5b9f2d3ac92499a7704c16ed0b4f200db38  lib/core/session.py
-7c88194b2da2d68dfd2fffede71bbb0131a4882a83cdbd53ddc800d7f1981dbb  lib/core/settings.py
+551381bbeabdde59537b6536d0b778c35f669c752bfb1037f233d7c250684869  lib/core/settings.py
 1c5eab9494eb969bc9ce118a2ea6954690c6851cbe54c18373c723b99734bf09  lib/core/shell.py
 4eea6dcf023e41e3c64b210cb5c2efc7ca893b727f5e49d9c924f076bb224053  lib/core/subprocessng.py
 cdd352e1331c6b535e780f6edea79465cb55af53aa2114dcea0e8bf382e56d1a  lib/core/target.py
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -170,6 +170,7 @@
 from lib.core.settings import REFLECTED_REPLACEMENT_TIMEOUT
 from lib.core.settings import REFLECTED_VALUE_MARKER
 from lib.core.settings import REFLECTIVE_MISS_THRESHOLD
+from lib.core.settings import REPLACEMENT_MARKER
 from lib.core.settings import SENSITIVE_DATA_REGEX
 from lib.core.settings import SENSITIVE_OPTIONS
 from lib.core.settings import STDIN_PIPE_DASH
@@ -4149,6 +4150,11 @@ def _(value):
             payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ""), convall=True))
             regex = _(filterStringValue(payload, r"[A-Za-z0-9]", encodeStringEscape(REFLECTED_REPLACEMENT_REGEX)))
 
+            # NOTE: special case when part of the result shares the same output as the payload (e.g. ?id=1... and "sqlmap/1.0-dev (http://sqlmap.org)")
+            preserve = extractRegexResult(r"%s(?P<result>.+?)%s" % (kb.chars.start, kb.chars.stop), content)
+            if preserve:
+                content = content.replace(preserve, REPLACEMENT_MARKER)
+
             if regex != payload:
                 if all(part.lower() in content.lower() for part in filterNone(regex.split(REFLECTED_REPLACEMENT_REGEX))[1:]):  # fast optimization check
                     parts = regex.split(REFLECTED_REPLACEMENT_REGEX)
@@ -4219,6 +4225,9 @@ def _thread(regex):
                             debugMsg = "turning off reflection removal mechanism (for optimization purposes)"
                             logger.debug(debugMsg)
 
+            if preserve and retVal:
+                retVal = retVal.replace(REPLACEMENT_MARKER, preserve)
+
     except (MemoryError, SystemError):
         kb.reflectiveMechanism = False
         if not suppressWarning:
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -19,7 +19,7 @@
 from thirdparty import six
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.9.12.5"
+VERSION = "1.9.12.6"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
