Major bug fix for default boolean-based vector still work and minor adjustments

2025-02-02 20:54:13 +03:00 · 2010-12-03 14:31:11 +00:00 · 2010-12-03 14:31:11 +00:00 · bb40ab9fb0
commit bb40ab9fb0
parent 612ee08a0b
1 changed files with 9 additions and 5 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -148,7 +148,6 @@ def checkSqlInjection(place, parameter, value):

        # Skip test if it does not match the same SQL injection clause
        # already identified by another test
-        # Parse test's <clause>
        clauseMatch = False

        for clauseTest in clause:
@ -157,7 +156,7 @@ def checkSqlInjection(place, parameter, value):
                break

        if clause != [ 0 ] and injection.clause and not clauseMatch:
-            debugMsg = "skipping test '%s' because the clause " % title
+            debugMsg = "skipping test '%s' because the clauses " % title
            debugMsg += "differs from the clause already identified"
            logger.debug(debugMsg)
            continue
@ -171,6 +170,11 @@ def checkSqlInjection(place, parameter, value):
        fstPayload = unescapeDbms(fstPayload, injection, dbms)
        fstPayload = "%s%s" % (fstPayload, comment)

+        if stype != 4 and clause != [2, 3] and clause != [ 2 ]:
+            space = " "
+        else:
+            space = ""
+
        if conf.prefix is not None and conf.suffix is not None:
            # Create a custom boundary object for user's supplied prefix
            # and suffix
@ -260,7 +264,7 @@ def checkSqlInjection(place, parameter, value):
                # Forge request payload by prepending with boundary's
                # prefix and appending the boundary's suffix to the
                # test's ' <payload><comment> ' string
-                boundPayload = "%s%s%s%s %s" % (origValue, prefix, (" " if stype != 4 else ""), fstPayload, suffix)
+                boundPayload = "%s%s%s%s %s" % (origValue, prefix, space, fstPayload, suffix)
                boundPayload = boundPayload.strip()
                boundPayload = agent.cleanupPayload(boundPayload, value)
                reqPayload = agent.payload(place, parameter, value, boundPayload)
@ -281,7 +285,7 @@ def checkSqlInjection(place, parameter, value):
                        # boundary's prefix and appending the boundary's
                        # suffix to the test's ' <payload><comment> '
                        # string
-                        boundPayload = "%s%s%s%s %s" % (origValue, prefix, (" " if stype != 4 else ""), sndPayload, suffix)
+                        boundPayload = "%s%s%s%s %s" % (origValue, prefix, space, sndPayload, suffix)
                        boundPayload = boundPayload.strip()
                        boundPayload = agent.cleanupPayload(boundPayload, value)
                        cmpPayload = agent.payload(place, parameter, value, boundPayload)
@ -359,7 +363,7 @@ def checkSqlInjection(place, parameter, value):
                        injection.suffix = suffix
                        injection.clause = clause

-                    if "epayload" in test:
+                    if "epayload" in test and test.epayload is not None:
                        epayload = "%s%s" % (test.epayload, comment)
                    else:
                        epayload = None