Prevent double tests (e.g. in same final tests where suffix is cut by the comment)

2024-11-22 09:36:35 +03:00 · 2015-07-10 00:54:02 +02:00 · 2015-07-10 00:54:02 +02:00 · 48b627f3ff
commit 48b627f3ff
parent ca2f63c672
1 changed files with 6 additions and 0 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -90,6 +90,7 @@ def checkSqlInjection(place, parameter, value):

    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place
    tests = getSortedInjectionTests()
+    seenPayload = set()

    while tests:
        test = tests.pop(0)
@ -390,6 +391,11 @@ def checkSqlInjection(place, parameter, value):
                        boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
                        boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
                        reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
+                        if reqPayload:
+                            if reqPayload in seenPayload:
+                                continue
+                            else:
+                                seenPayload.add(reqPayload)
                    else:
                        reqPayload = None