From 7d6f51f75843a1162c2267c882ce2dc99a47002a Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Fri, 3 Dec 2010 10:42:46 +0000
Subject: [PATCH] Avoid blank space between prefix and test's payload if it's a
 stacked queries test

---
 lib/controller/checks.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index c9573f89c..22a8589a7 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -54,7 +54,6 @@ from plugins.dbms.sybase.syntax import Syntax as Sybase
 from plugins.dbms.sqlite.syntax import Syntax as SQLite
 from plugins.dbms.maxdb.syntax import Syntax as MaxDB
 
-
 def unescape(string, dbms):
     unescaper = {
                   "Access": Access.unescape,
@@ -244,7 +243,7 @@ def checkSqlInjection(place, parameter, value):
                 # Forge request payload by prepending with boundary's
                 # prefix and appending the boundary's suffix to the
                 # test's ' <payload><comment> ' string
-                boundPayload = "%s%s %s %s" % (origValue, prefix, fstPayload, suffix)
+                boundPayload = "%s%s%s%s %s" % (origValue, prefix, (" " if stype != 4 else ""), fstPayload, suffix)
                 boundPayload = boundPayload.strip()
                 boundPayload = agent.cleanupPayload(boundPayload, value)
                 reqPayload = agent.payload(place, parameter, value, boundPayload)
@@ -265,7 +264,7 @@ def checkSqlInjection(place, parameter, value):
                         # boundary's prefix and appending the boundary's
                         # suffix to the test's ' <payload><comment> '
                         # string
-                        boundPayload = "%s%s %s %s" % (origValue, prefix, sndPayload, suffix)
+                        boundPayload = "%s%s%s%s %s" % (origValue, prefix, (" " if stype != 4 else ""), sndPayload, suffix)
                         boundPayload = boundPayload.strip()
                         boundPayload = agent.cleanupPayload(boundPayload, value)
                         cmpPayload = agent.payload(place, parameter, value, boundPayload)