From 8b6603a9b66cc5b7a4edfdc0f798dd5a42fadd54 Mon Sep 17 00:00:00 2001 From: Jenna Magius Date: Sat, 14 Jan 2017 23:25:50 -0700 Subject: [PATCH 1/2] Update FI_ERROR_REGEX to fix performance on strings without newlines. --- lib/core/settings.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 15f52a2f4..92ccfabf6 100755 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -587,7 +587,7 @@ BANNER = re.sub(r"\[.\]", lambda _: "[\033[01;41m%s\033[01;49m]" % random.sample DUMMY_NON_SQLI_CHECK_APPENDIX = "<'\">" # Regular expression used for recognition of file inclusion errors -FI_ERROR_REGEX = "(?i)[^\n]*(no such file|failed (to )?open)[^\n]*" +FI_ERROR_REGEX = "(?i)(no such file|failed (to )?open)" # Length of prefix and suffix used in non-SQLI heuristic checks NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH = 6 From 9e19c28a359f0ca0f99459194275accef3cec669 Mon Sep 17 00:00:00 2001 From: Jenna Magius Date: Sun, 15 Jan 2017 00:07:48 -0700 Subject: [PATCH 2/2] Improve FI heuristic logic --- lib/controller/checks.py | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index ab020b93c..378e27218 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1005,11 +1005,10 @@ def heuristicCheckSqlInjection(place, parameter): logger.info(infoMsg) for match in re.finditer(FI_ERROR_REGEX, page or ""): - if randStr1.lower() in match.group(0).lower(): - infoMsg = "heuristic (FI) test shows that %s parameter " % paramType - infoMsg += "'%s' might be vulnerable to file inclusion attacks" % parameter - logger.info(infoMsg) - break + infoMsg = "heuristic (FI) test shows that %s parameter " % paramType + infoMsg += "'%s' might be vulnerable to file inclusion attacks" % parameter + logger.info(infoMsg) + break kb.heuristicMode = False