mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-02-03 05:04:11 +03:00
strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test
This commit is contained in:
parent
e88687b1f0
commit
3abcd6910a
|
@ -556,10 +556,10 @@ def checkFalsePositives(injection):
|
|||
retVal = None
|
||||
elif checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))):
|
||||
retVal = None
|
||||
elif not checkBooleanExpression("%d=(%d+%d)" % (randInt1 + randInt2, randInt1, randInt2)):
|
||||
retVal = None
|
||||
elif checkBooleanExpression("(%d+%d)>%d" % (randInt3, min(randInt1, randInt2), randInt1 + randInt2 + randInt3)):
|
||||
retVal = None
|
||||
elif not checkBooleanExpression("%d=(%d+%d)" % (randInt1 + randInt2, randInt1, randInt2)):
|
||||
retVal = None
|
||||
|
||||
if retVal is None:
|
||||
warnMsg = "false positive or unexploitable injection point detected"
|
||||
|
|
Loading…
Reference in New Issue
Block a user