From 0d3e8a76d86adb2305168d5d9a9113c5de4573e4 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Wed, 8 Jun 2011 14:40:42 +0000 Subject: [PATCH] Cosmetics and a missing param --- lib/controller/checks.py | 6 +++--- lib/core/optiondict.py | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 1b9e9f7f5..6361c7e9a 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -505,7 +505,7 @@ def checkSqlInjection(place, parameter, value): # Return the injection object if injection.place is not None and injection.parameter is not None: if not conf.dropSetCookie and PAYLOAD.TECHNIQUE.BOOLEAN in injection.data and injection.data[PAYLOAD.TECHNIQUE.BOOLEAN].vector.startswith('OR'): - warnMsg = "in OR boolean-based injections please consider usage " + warnMsg = "in OR boolean-based injections, please consider usage " warnMsg += "of switch --drop-set-cookie if you experience any " warnMsg += "problems during data retrieval" logger.warn(warnMsg) @@ -532,11 +532,11 @@ def checkFalsePositives(injection): kb.injection = injection randInt1, randInt2 = int(randomInt(2)) + 1, int(randomInt(2)) + 1 - # just in case (also, they have to be different than 0 because of the last test) + # Just in case (also, they have to be different than 0 because of the last test) while randInt1 == randInt2: randInt2 = int(randomInt(2)) + 1 - # simple arithmetic operations which should show basic + # Simple arithmetic operations which should show basic # arithmetic ability of the backend if it's really injectable if not checkBooleanExpression("(%d+%d)=%d" % (randInt1, randInt2, randInt1 + randInt2)): retVal = None diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py index 6d1259808..50333bbdc 100644 --- a/lib/core/optiondict.py +++ b/lib/core/optiondict.py @@ -25,6 +25,7 @@ optDict = { "Request": { "data": "string", "cookie": "string", + "cDel": "string", "cookieUrlencode": "boolean", "dropSetCookie": "boolean", "agent": "string",