From 3abcd6910ab596e087b79796a00b984e1ce2150a Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 22 Mar 2012 00:06:50 +0000
Subject: [PATCH] strange combination of "Set-Cookie" and interleaved pattern
 of True/False like responses can result in bypassing of the ABAB test

---
 lib/controller/checks.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index d6b3a723f..c47f7a2f7 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -556,10 +556,10 @@ def checkFalsePositives(injection):
             retVal = None
         elif checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))):
             retVal = None
-        elif not checkBooleanExpression("%d=(%d+%d)" % (randInt1 + randInt2, randInt1, randInt2)):
-            retVal = None
         elif checkBooleanExpression("(%d+%d)>%d" % (randInt3, min(randInt1, randInt2), randInt1 + randInt2 + randInt3)):
             retVal = None
+        elif not checkBooleanExpression("%d=(%d+%d)" % (randInt1 + randInt2, randInt1, randInt2)):
+            retVal = None
 
         if retVal is None:
             warnMsg = "false positive or unexploitable injection point detected"