Minor patch (for ORDER BY 'col' cases)

lib/controller/checks.py

@@ -489,6 +489,9 @@ def checkSqlInjection(place, parameter, value):
 
                         kb.previousMethod = method
 
+                        if conf.dummy:
+                            injectable = False
+
                     # If the injection test was successful feed the injection
                     # object with the test's details
                     if injectable is True:

xml/payloads.xml

@@ -250,7 +250,7 @@ Formats:
 
     <boundary>
         <level>3</level>
-        <clause>1</clause>
+        <clause>1,2,3</clause>
         <where>1,2</where>
         <ptype>2</ptype>
         <prefix>'</prefix>