trust me, i know what i am doing :)

2024-11-22 17:46:37 +03:00 · 2010-11-07 20:33:33 +00:00 · 2010-11-07 20:33:33 +00:00 · 620fa1c8fb
commit 620fa1c8fb
parent 73e85bfc75
2 changed files with 8 additions and 6 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -217,6 +217,8 @@ def start():
                        testSqlInj = True
                        paramKey = (conf.hostname, conf.path, place, parameter)

+                        conf.matchRatio = None
+
                        if paramKey in kb.testedParams:
                            testSqlInj = False

@ -242,14 +244,14 @@ def start():
                        if testSqlInj:
                            heuristicCheckSqlInjection(place, parameter, value)

+                            conf.matchRatio = None
+
                            for parenthesis in range(0, 4):
                                logMsg  = "testing sql injection on %s " % place
                                logMsg += "parameter '%s' with " % parameter
                                logMsg += "%d parenthesis" % parenthesis
                                logger.info(logMsg)

-                                conf.matchRatio = None
-
                                injType = checkSqlInjection(place, parameter, value, parenthesis)

                                if injType:
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -20,6 +20,10 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
    if page is None and pageLength is None:
        return None

+    # In case of an DBMS error page return None
+    if wasLastRequestError():
+        return None
+
    regExpResults = None

    if page:
@ -105,10 +109,6 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
    if getSeqMatcher:
        return ratio

-    # In case of an DBMS error page return None
-    elif wasLastRequestError():
-        return None
-
    elif ratio == 1:
        return True