sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-08 01:33:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

Minor adjustment

Browse Source
This commit is contained in:
Miroslav Stampar 2014-10-01 13:42:10 +02:00
parent a9454fbb43
commit f67a38dba9
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/checks.py
View File

@ -851,11 +851,12 @@ def heuristicCheckSqlInjection(place, parameter):
kb.heuristicMode = True kb.heuristicMode = True
payload = "%s%s%s" % (prefix, "%s'%s%s" % (randomStr(), DUMMY_XSS_CHECK_APPENDIX, randomStr()), suffix) value = "%s%s%s" % (randomStr(), DUMMY_XSS_CHECK_APPENDIX, randomStr())
payload = "%s%s%s" % (prefix, "'%s" % value, suffix)
payload = agent.payload(place, parameter, newValue=payload) payload = agent.payload(place, parameter, newValue=payload)
page, _ = Request.queryPage(payload, place, content=True, raise404=False) page, _ = Request.queryPage(payload, place, content=True, raise404=False)
if DUMMY_XSS_CHECK_APPENDIX in (page or ""): if value in (page or ""):
infoMsg = "heuristic (XSS) test shows that %s " % place infoMsg = "heuristic (XSS) test shows that %s " % place
infoMsg += "parameter '%s' might " % parameter infoMsg += "parameter '%s' might " % parameter
infoMsg += "be vulnerable to XSS attacks" infoMsg += "be vulnerable to XSS attacks"