PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 04:31:30 +00:00
Code Issues Projects Releases Wiki Activity

Bug fix (disable HTML decoding in XSS checks)

Browse Source
This commit is contained in:
Miroslav Stampar
2019-11-18 11:40:07 +01:00
parent f550a2281f
commit 0977f6df61
4 changed files with 35 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@@ -1104,6 +1104,7 @@ def heuristicCheckSqlInjection(place, parameter):
logger.warn(infoMsg)
kb.heuristicMode = True
kb.disableHtmlDecoding = True
randStr1, randStr2 = randomStr(NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH), randomStr(NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH)
value = "%s%s%s" % (randStr1, DUMMY_NON_SQLI_CHECK_APPENDIX, randStr2)
@@ -1123,6 +1124,7 @@ def heuristicCheckSqlInjection(place, parameter):
logger.info(infoMsg)
break
kb.disableHtmlDecoding = False
kb.heuristicMode = False
return kb.heuristicTest