sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-01-23 15:54:24 +03:00
Code Issues Packages Projects Releases Wiki Activity

avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables

Browse Source
This commit is contained in:
Bernardo Damele 2015-02-20 18:36:34 +00:00
parent 4bbf168b18
commit 4f939b5719
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/checks.py
View File

@ -650,9 +650,12 @@ def heuristicCheckDbms(injection):
pushValue(kb.injection) pushValue(kb.injection)
kb.injection = injection kb.injection = injection
randStr1, randStr2 = randomStr(), randomStr()
for dbms in getPublicTypeMembers(DBMS, True): for dbms in getPublicTypeMembers(DBMS, True):
if not FROM_DUMMY_TABLE.get(dbms, ""):
continue
randStr1, randStr2 = randomStr(), randomStr()
Backend.forceDbms(dbms) Backend.forceDbms(dbms)
if checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr1)): if checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr1)):