sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-11-09 19:14:55 +00:00
parent 726825ca70
commit cee888b613
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/controller/checks.py
View File

@ -76,12 +76,12 @@ def checkSqlInjection(place, parameter, value, parenthesis):
payload = agent.payload(place, parameter, value, positive.format % eval(positive.params))
trueResult = Request.queryPage(payload, place)
if trueResult:
if trueResult == True:
payload = agent.payload(place, parameter, value, negative.format % eval(negative.params))
falseResult = Request.queryPage(payload, place)
if not falseResult:
if falseResult == False:
infoMsg = "%s parameter '%s' is %s (%s) injectable " % (place, parameter, case.desc, logic)
infoMsg += "with %d parenthesis" % parenthesis
logger.info(infoMsg)
@ -122,7 +122,7 @@ def heuristicCheckSqlInjection(place, parameter, value):
infoMsg += "parameter '%s' is " % parameter
if result:
infoMsg += "injectable (possible DBMS: %s)" % kb.htmlFp[-1]
infoMsg += "injectable (possible DBMS: %s)" % (kb.htmlFp[-1] if kb.htmlFp else 'Unknown')
logger.info(infoMsg)
else:
infoMsg += "not injectable"