sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-26 05:31:04 +03:00
Code Issues Packages Projects Releases Wiki Activity

strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test

Browse Source
This commit is contained in:
Miroslav Stampar 2012-03-22 00:06:50 +00:00
parent e88687b1f0
commit 3abcd6910a
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/controller/checks.py
View File

@ -556,10 +556,10 @@ def checkFalsePositives(injection):
retVal = None retVal = None
elif checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))): elif checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))):
retVal = None retVal = None
elif not checkBooleanExpression("%d=(%d+%d)" % (randInt1 + randInt2, randInt1, randInt2)):
retVal = None
elif checkBooleanExpression("(%d+%d)>%d" % (randInt3, min(randInt1, randInt2), randInt1 + randInt2 + randInt3)): elif checkBooleanExpression("(%d+%d)>%d" % (randInt3, min(randInt1, randInt2), randInt1 + randInt2 + randInt3)):
retVal = None retVal = None
elif not checkBooleanExpression("%d=(%d+%d)" % (randInt1 + randInt2, randInt1, randInt2)):
retVal = None
if retVal is None: if retVal is None:
warnMsg = "false positive or unexploitable injection point detected" warnMsg = "false positive or unexploitable injection point detected"