mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 13:03:50 +03:00
Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries)
This commit is contained in:
parent
e42350ddce
commit
440b484bf6
|
@ -657,7 +657,12 @@ def checkFalsePositives(injection):
|
|||
if not checkBooleanExpression("(%d+%d)=%d" % (randInt1, randInt2, randInt1 + randInt2)):
|
||||
retVal = None
|
||||
break
|
||||
elif checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))):
|
||||
|
||||
# Just in case if DBMS hasn't properly recovered from previous delayed request
|
||||
if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data:
|
||||
checkBooleanExpression("%d=%d", randInt1, randInt2)
|
||||
|
||||
if checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))):
|
||||
retVal = None
|
||||
break
|
||||
elif checkBooleanExpression("(%d+%d)>%d" % (randInt3, min(randInt1, randInt2), randInt1 + randInt2 + randInt3)):
|
||||
|
|
Loading…
Reference in New Issue
Block a user