From 84849316b35d6bc16fe95e3924abf3e8b73ffdea Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 12 Nov 2010 23:06:01 +0000 Subject: [PATCH] improvement of heuristic check (now original value is included too) --- lib/controller/checks.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 04183db1d..ba298e3cd 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -125,7 +125,7 @@ def heuristicCheckSqlInjection(place, parameter, value): if conf.postfix: postfix = conf.postfix - payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix) + payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix) payload = agent.payload(place, parameter, value, payload) Request.queryPage(payload, place, raise404=False) result = wasLastRequestError()