From 5860b8942f3286c853e24245a6e7b6428efbbb33 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 3 Jan 2011 09:16:42 +0000
Subject: [PATCH] minor update

---
 lib/controller/checks.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index bdc76cd45..4d0c9e944 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -492,13 +492,23 @@ def simpletonCheckSqlInjection(place, parameter, value):
 
     result = False
     randInt = randomInt()
-    payload = "%s OR %d>%d" % (value, randInt, randInt+1)
+    randStr = randomStr()
+
+    if value.isdigit():
+        payload = "%s OR %d>%d" % (value, randInt, randInt+1)
+    else:
+        payload = "%s' OR '%s'!='%s" % (value, randStr, randStr)
+
     payload = agent.payload(place, parameter, value, payload)
     firstPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
 
     if not (wasLastRequestDBMSError() or wasLastRequestHTTPError()):
         if getComparePageRatio(kb.originalPage, firstPage, filtered=True) > CONSTANT_RATIO:
-            payload = "%s AND %d>%d" % (value, randInt, randInt+1)
+            if value.isdigit():
+                payload = "%s AND %d>%d" % (value, randInt, randInt+1)
+            else:
+                payload = "%s' AND '%s'!='%s" % (value, randStr, randStr)
+
             payload = agent.payload(place, parameter, value, payload)
             secondPage, _ = Request.queryPage(payload, place, content=True, raise404=False)
             result = getComparePageRatio(firstPage, secondPage, filtered=True) <= CONSTANT_RATIO