Implementation for an Issue #155

lib/controller/checks.py

@@ -635,6 +635,15 @@ def heuristicCheckSqlInjection(place, parameter):
 
     kb.heuristicTest = result
 
+    if not result and kb.dynamicParameter:
+        _ = conf.paramDict[place][parameter]
+
+        if _.isdigit():
+            randInt = int(randomInt())
+            payload = "%s%s%s" % (prefix, "%s-%s" % (int(_) + randInt, randInt), suffix)
+            payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
+            result = Request.queryPage(payload, place, raise404=False)
+
     if result:
         infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
         logger.info(infoMsg)
@@ -675,10 +684,10 @@ def checkDynParam(place, parameter, value):
     except sqlmapConnectionException:
         pass
 
-    if dynResult is None:
+    result = None if dynResult is None else not dynResult
-        return None
+    kb.dynamicParameter = result
-    else:
+
-        return not dynResult
+    return result
 
 def checkDynamicContent(firstPage, secondPage):
     """

lib/controller/controller.py

@@ -438,8 +438,9 @@ def start():
                             logger.info(infoMsg)
 
                         elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
-                                kb.dynamicParameter = checkDynParam(place, parameter, value)
+                                check = checkDynParam(place, parameter, value)
-                                if not kb.dynamicParameter:
+
+                                if not check:
                                     warnMsg = "%s parameter '%s' appears to be not dynamic" % (place, parameter)
                                     logger.warn(warnMsg)