improvement of heuristic check (now original value is included too)

2025-02-09 08:00:36 +03:00 · 2010-11-12 23:06:01 +00:00 · 2010-11-12 23:06:01 +00:00 · 84849316b3
commit 84849316b3
parent 06a872fc99
1 changed files with 1 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -125,7 +125,7 @@ def heuristicCheckSqlInjection(place, parameter, value):
        if conf.postfix:
            postfix = conf.postfix
-    payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
+    payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
    payload = agent.payload(place, parameter, value, payload)
    Request.queryPage(payload, place, raise404=False)
    result = wasLastRequestError()