Closes #1163

2025-01-23 15:54:24 +03:00 · 2015-02-13 10:59:03 +01:00 · 2015-02-13 10:59:03 +01:00 · 2e5c11e427
commit 2e5c11e427
parent b1d13d1e7d
1 changed files with 19 additions and 19 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -196,25 +196,6 @@ def checkSqlInjection(place, parameter, value):
                    logger.debug(debugMsg)
                    continue

-            elif not (kb.extendTests and intersect(dbms, kb.extendTests)):
-                # Skip test if the risk is higher than the provided (or default)
-                # value
-                # Parse test's <risk>
-                if test.risk > conf.risk:
-                    debugMsg = "skipping test '%s' because the risk (%d) " % (title, test.risk)
-                    debugMsg += "is higher than the provided (%d)" % conf.risk
-                    logger.debug(debugMsg)
-                    continue
-
-                # Skip test if the level is higher than the provided (or default)
-                # value
-                # Parse test's <level>
-                if test.level > conf.level:
-                    debugMsg = "skipping test '%s' because the level (%d) " % (title, test.level)
-                    debugMsg += "is higher than the provided (%d)" % conf.level
-                    logger.debug(debugMsg)
-                    continue
-
            if dbms is not None:
                if injection.dbms is not None and not intersect(injection.dbms, dbms):
                    debugMsg = "skipping test '%s' because " % title
@ -237,6 +218,25 @@ def checkSqlInjection(place, parameter, value):
                    logger.debug(debugMsg)
                    continue

+            if not (kb.extendTests and intersect(dbms, kb.extendTests)):
+                # Skip test if the risk is higher than the provided (or default)
+                # value
+                # Parse test's <risk>
+                if test.risk > conf.risk:
+                    debugMsg = "skipping test '%s' because the risk (%d) " % (title, test.risk)
+                    debugMsg += "is higher than the provided (%d)" % conf.risk
+                    logger.debug(debugMsg)
+                    continue
+
+                # Skip test if the level is higher than the provided (or default)
+                # value
+                # Parse test's <level>
+                if test.level > conf.level:
+                    debugMsg = "skipping test '%s' because the level (%d) " % (title, test.level)
+                    debugMsg += "is higher than the provided (%d)" % conf.level
+                    logger.debug(debugMsg)
+                    continue
+
            # Skip test if it does not match the same SQL injection clause
            # already identified by another test
            clauseMatch = False