Major bug fix for test on ORDER BY and GROUP BY clauses.

Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
2025-12-07 21:21:33 +00:00 · 2010-12-03 12:00:03 +00:00
parent 827a0aea05
commit 4dec049c22
3 changed files with 49 additions and 50 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -94,6 +94,7 @@ def checkSqlInjection(place, parameter, value):
    for test in conf.tests:
        title = test.title
        stype = test.stype
+        clause = test.clause

        # Skip test if the risk is higher than the provided (or default)
        # value
@@ -145,6 +146,22 @@ def checkSqlInjection(place, parameter, value):
            logger.debug(debugMsg)
            continue

+        # Skip test if it does not match the same SQL injection clause
+        # already identified by another test
+        # Parse test's <clause>
+        clauseMatch = False
+
+        for clauseTest in clause:
+            if injection.clause is not None and clauseTest in injection.clause:
+                clauseMatch = True
+                break
+
+        if clause != [ 0 ] and injection.clause and not clauseMatch:
+            debugMsg = "skipping test '%s' because the clause " % title
+            debugMsg += "differs from the clause already identified"
+            logger.debug(debugMsg)
+            continue
+
        infoMsg = "testing '%s'" % title
        logger.info(infoMsg)

@@ -340,6 +357,7 @@ def checkSqlInjection(place, parameter, value):
                        injection.ptype = ptype
                        injection.prefix = prefix
                        injection.suffix = suffix
+                        injection.clause = clause

                    if "epayload" in test:
                        epayload = "%s%s" % (test.epayload, comment)