diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index ca9be0f1f..85534f375 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -17,6 +17,8 @@ from lib.core.agent import agent
 from lib.core.common import beep
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import getUnicode
+from lib.core.common import popValue
+from lib.core.common import pushValue
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.common import readInput
@@ -92,6 +94,9 @@ def checkSqlInjection(place, parameter, value):
     # successfully inject
     injection = injectionDict()
 
+    # Clear cookies after each query page attempt
+    kb.flushCookies = True
+
     for test in conf.tests:
         title = test.title
         stype = test.stype
@@ -259,6 +264,10 @@ def checkSqlInjection(place, parameter, value):
                     origValue = value
                 elif where == 2:
                     origValue = "-%s" % randomInt()
+
+                    # Save old page template and replace with new one
+                    pushValue(kb.pageTemplate)
+                    kb.pageTemplate = Request.queryPage(agent.payload(place, parameter, value, origValue), place, content=True)[0]
                 elif where == 3:
                     origValue = ""
 
@@ -347,6 +356,10 @@ def checkSqlInjection(place, parameter, value):
 
                             injectable = True
 
+                # Restore page template
+                if where == 2:
+                    kb.pageTemplate = popValue()
+
                 # If the injection test was successful feed the injection
                 # object with the test's details
                 if injectable is True:
@@ -400,6 +413,9 @@ def checkSqlInjection(place, parameter, value):
                 # boundaries
                 break
 
+    # Flush the flag
+    kb.flushCookies = False
+
     # Return the injection object
     if injection.place is not None and injection.parameter is not None:
         return injection
diff --git a/lib/core/option.py b/lib/core/option.py
index 0e03667a1..7a8b38e59 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1117,6 +1117,7 @@ def __setKnowledgeBaseAttributes():
     kb.cache.content   = {}
     kb.cache.regex     = {}
 
+    kb.flushCookies    = False
     kb.commonOutputs   = None
 
     kb.data            = advancedDict()
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 28bb60bfd..fb65a8e71 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -407,6 +407,9 @@ class Connect:
         if conf.textOnly:
             page = getFilteredPageContent(page)
 
+        if kb.flushCookies and conf.cj:
+            conf.cj.clear()
+
         if content or response:
             return page, headers
         elif getSeqMatcher:
diff --git a/xml/payloads.xml b/xml/payloads.xml
index 0361a1863..1f371bd1d 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -416,12 +416,12 @@ Formats:
         <level>4</level>
         <risk>3</risk>
         <clause>1</clause>
-        <where>1</where>
+        <where>2</where>
         <request>
-            <payload>OR [RANDNUM]=[RANDNUM]</payload>
+            <payload>OR [RANDNUM]=[RANDNUM1]</payload>
         </request>
         <response>
-            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
+            <comparison>OR [RANDNUM]=[RANDNUM]</comparison>
         </response>
     </test>