From a82206cec470306f4d6d908ba10f55dcad529b50 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 10 Apr 2012 21:57:00 +0000 Subject: [PATCH] minor cosmetics --- lib/controller/checks.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index c07930ef6..39ad8c6bf 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -345,14 +345,16 @@ def checkSqlInjection(place, parameter, value): logger.info(infoMsg) injectable = True - else: + + elif not conf.string: trueSet = set(extractTextTagContent(truePage)) falseSet = set(extractTextTagContent(falsePage)) candidate = reduce(lambda x, y: x or (y.strip() if y.strip() in (kb.pageTemplate or "") else None), (trueSet - falseSet), None) if candidate: conf.string = candidate - infoMsg = "%s parameter '%s' is '%s' injectable (with --string='%s')" % (place, parameter, title, candidate) + infoMsg = "%s parameter '%s' seems to be '%s' injectable (with --string=%s)" % (place, parameter, title, repr(candidate).lstrip('u')) logger.info(infoMsg) + injectable = True # In case of error-based SQL injection