From 8fc60215ed0948a9b3906428299a4ee67c738995 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 22 Dec 2010 19:12:46 +0000 Subject: [PATCH] lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called. --- lib/controller/checks.py | 3 ++- lib/request/connect.py | 1 + xml/errors.xml | 1 + 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index e8c87c26a..07a5d2101 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -444,7 +444,8 @@ def heuristicCheckSqlInjection(place, parameter, value): payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), suffix) payload = agent.payload(place, parameter, value, payload) - page, _ = Request.queryPage(payload, place, content=True, raise404=False) + Request.queryPage(payload, place, content=False, raise404=False) + result = wasLastRequestDBMSError() infoMsg = "heuristic test shows that %s " % place diff --git a/lib/request/connect.py b/lib/request/connect.py index 3d587d62c..aead487d6 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -266,6 +266,7 @@ class Connect: else: debugMsg = "got HTTP error code: %d (%s)" % (code, status) logger.debug(debugMsg) + parseResponse(page, responseHeaders) return page, responseHeaders except (urllib2.URLError, socket.error, socket.timeout, httplib.BadStatusLine, httplib.IncompleteRead), e: diff --git a/xml/errors.xml b/xml/errors.xml index a53a212d3..a2de84174 100644 --- a/xml/errors.xml +++ b/xml/errors.xml @@ -23,6 +23,7 @@ +