fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)

2025-03-03 11:45:46 +03:00 · 2010-11-12 22:29:33 +00:00 · 2010-11-12 22:29:33 +00:00 · 0d66f101da
commit 0d66f101da
parent a777d59870
1 changed files with 2 additions and 2 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -81,7 +81,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
        payload = agent.payload(place, parameter, value, positive.format % eval(positive.params))
        trueResult = Request.queryPage(payload, place)

-        if trueResult is True:
+        if trueResult:
            infoMsg  = "confirming %s (%s) injection " % (case.desc, logic)
            infoMsg += "on %s parameter '%s'" % (place, parameter)
            logger.info(infoMsg)
@ -93,7 +93,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):

            falseResult = Request.queryPage(payload, place)

-            if falseResult is False:
+            if not falseResult:
                infoMsg  = "%s parameter '%s' is %s (%s) injectable " % (place, parameter, case.desc, logic)
                infoMsg += "with %d parenthesis" % parenthesis
                logger.info(infoMsg)