Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries)

2024-11-25 19:13:48 +03:00 · 2013-03-01 10:59:04 +01:00 · 2013-03-01 10:59:04 +01:00 · 440b484bf6
commit 440b484bf6
parent e42350ddce
1 changed files with 6 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -657,7 +657,12 @@ def checkFalsePositives(injection):
            if not checkBooleanExpression("(%d+%d)=%d" % (randInt1, randInt2, randInt1 + randInt2)):
                retVal = None
                break
-            elif checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))):
+
+            # Just in case if DBMS hasn't properly recovered from previous delayed request
+            if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data:
+                checkBooleanExpression("%d=%d", randInt1, randInt2)
+
+            if checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))):
                retVal = None
                break
            elif checkBooleanExpression("(%d+%d)>%d" % (randInt3, min(randInt1, randInt2), randInt1 + randInt2 + randInt3)):