minor update regarding last commit

This commit is contained in:
Miroslav Stampar 2011-03-17 09:23:46 +00:00
parent beba69faa9
commit 970cde5a8a

View File

@ -67,6 +67,9 @@ def checkSqlInjection(place, parameter, value):
# successfully inject # successfully inject
injection = injectionDict() injection = injectionDict()
# Localized thread data needed for some methods
threadData = getCurrentThreadData()
# Set the flag for sql injection test mode # Set the flag for sql injection test mode
kb.testMode = True kb.testMode = True
@ -335,7 +338,10 @@ def checkSqlInjection(place, parameter, value):
page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False) page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \ output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
or extractRegexResult(check, listToStrValue(headers.headers \ or extractRegexResult(check, listToStrValue(headers.headers \
if headers else None), re.DOTALL | re.IGNORECASE) if headers else None), re.DOTALL | re.IGNORECASE) \
or extractRegexResult(check, threadData.lastRedirectMsg[1] \
if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \
threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)
if output: if output:
result = output.replace(kb.misc.space, " ") == "1" result = output.replace(kb.misc.space, " ") == "1"