From bdcf3fffbadfab196a6e563d28f6e70c5d2b2c09 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 14 Jan 2016 13:40:50 +0100 Subject: [PATCH] Minor update related to the last (error results in OR boolean-based blind should not be the same as True to be able to do proper comparison) --- lib/controller/checks.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index e4c597f8f..2476cd5ba 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -446,10 +446,19 @@ def checkSqlInjection(place, parameter, value): truePage = threadData.lastComparisonPage or "" if trueResult and not(truePage == falsePage and not kb.nullConnection): + # Perform the test's False request falseResult = Request.queryPage(genCmpPayload(), place, raise404=False) - # Perform the test's False request if not falseResult: + if kb.negativeLogic: + boundPayload = agent.prefixQuery(kb.data.randomStr, prefix, where, clause) + boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where) + errorPayload = agent.payload(place, parameter, newValue=boundPayload, where=where) + + errorResult = Request.queryPage(errorPayload, place, raise404=False) + if errorResult: + continue + infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (paramType, parameter, title) logger.info(infoMsg)