From 6525e08d6b6e18f9815369235fe059ce7e72c74e Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Mon, 29 Nov 2010 12:13:42 +0000 Subject: [PATCH] Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values --- lib/controller/checks.py | 18 +++++++++++++++--- xml/payloads.xml | 1 - 2 files changed, 15 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 71516446f..fe5817d24 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -131,17 +131,29 @@ def checkSqlInjection(place, parameter, value): testPayload = "%s%s" % (payload, comment) if conf.prefix is not None and conf.suffix is not None: + # Create a custom boundary object for user's supplied prefix + # and suffix boundary = advancedDict() boundary.level = 1 boundary.clause = [ 0 ] boundary.where = [ 1, 2, 3 ] - # TODO: inspect the conf.prefix and conf.suffix to set - # proper ptype - boundary.ptype = 1 boundary.prefix = conf.prefix boundary.suffix = conf.suffix + if "like" in boundary.suffix.lower(): + if "'" in boundary.suffix.lower(): + boundary.ptype = 3 + elif '"' in boundary.suffix.lower(): + boundary.ptype = 5 + elif "'" in boundary.suffix.lower(): + boundary.ptype = 2 + elif '"' in boundary.suffix.lower(): + boundary.ptype = 4 + else: + boundary.ptype = 1 + + # Prepend user's provided boundaries to all others conf.boundaries.insert(0, boundary) for boundary in conf.boundaries: diff --git a/xml/payloads.xml b/xml/payloads.xml index 7f5da2a03..2ec8810ed 100644 --- a/xml/payloads.xml +++ b/xml/payloads.xml @@ -1280,5 +1280,4 @@ Formats: -