skipped 573 lines 574 574 w2 = attack_false.filtered_text 575 575 ratio_true = get_boolean_ratio(w0, w1) 576 576 ratio_false = get_boolean_ratio(w0, w2) 577 - logger.debug(f"ratio false payload attack : {ratio_false}") 578 - logger.debug(f"ratio true payload attack: {ratio_true}") 577 + # logger.debug(f"ratios : ( True = > { ratio_true } / False = > {ratio_false}) ") 579 578 if not conf.match_ratio: 580 579 if ratio_false >= 0.02 and ratio_false <= 0.98: 581 580 conf.match_ratio = ratio_false skipped 40 lines 622 621 not_string = difference 623 622 _cases.append("Page Content") 624 623 else: 625 - if ctt != ctf and ctb == ctt: 626 - is_vulner = True 627 - content_length = ctt 628 - _cases.append("Content Length") 629 - elif ctt != ctf and ctb == ctf: 630 - is_vulner = True 631 - content_length = ctf 632 - _cases.append("Content Length") 624 + # do check if initial requests performed returrned exact same content length 625 + if conf._bool_check_on_ct: 626 + if ctt != ctf and ctb == ctt: 627 + is_vulner = True 628 + content_length = ctt 629 + _cases.append("Content Length") 630 + elif ctt != ctf and ctb == ctf: 631 + is_vulner = True 632 + content_length = ctf 633 + _cases.append("Content Length") 633 634 if ratio_true != ratio_false: 634 635 _cases.append("Page Ratio") 635 636 is_vulner = True skipped 10 lines 646 647 is_vulner = False 647 648 else: 648 649 logger.debug(f"possible injectable cases detected: '{case}'") 650 + if case == "Content Length": 651 + if not conf._bool_ctt and not conf._bool_ctf: 652 + logger.debug( 653 + "setting config content length for comparision to avoid false positive.." 654 + ) 655 + conf._bool_ctt = ctt 656 + conf._bool_ctf = ctf 649 657 if case == "Page Ratio": 650 658 w0set = set(get_filtered_page_content(base.text, True, "\n").split("\n")) 651 659 w1set = set(get_filtered_page_content(attack_true.text, True, "\n").split("\n")) skipped 1418 lines