From 96327b6701eb8605c27b85d27fa1c008e2714aef Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 5 Jul 2015 01:47:01 +0200 Subject: [PATCH] Fixes #1290 --- lib/controller/checks.py | 9 ++++++--- lib/core/agent.py | 2 +- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 718b4e17f..aa4ee4f29 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -386,9 +386,12 @@ def checkSqlInjection(place, parameter, value): # Forge request payload by prepending with boundary's # prefix and appending the boundary's suffix to the # test's ' ' string - boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause) - boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where) - reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where) + if fstPayload: + boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause) + boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where) + reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where) + else: + reqPayload = None # Perform the test's request and check whether or not the # payload was successful diff --git a/lib/core/agent.py b/lib/core/agent.py index ad812f217..59c361455 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -68,7 +68,7 @@ class Agent(object): return query - def payload(self, place=None, parameter=None, value=None, newValue="", where=None): + def payload(self, place=None, parameter=None, value=None, newValue=None, where=None): """ This method replaces the affected parameter with the SQL injection statement to request