Fixes #4503

2025-12-06 04:31:30 +00:00 · 2020-12-31 12:09:15 +01:00
parent 2cf2dd9a2c
commit ab0df2a85c
2 changed files with 3 additions and 2 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -1137,7 +1137,8 @@ def heuristicCheckSqlInjection(place, parameter):

    paramType = conf.method if conf.method not in (None, HTTPMETHOD.GET, HTTPMETHOD.POST) else place

-    if value.lower() in (page or "").lower():
+    # Reference: https://bugs.python.org/issue18183
+    if value.upper() in (page or "").upper():
        infoMsg = "heuristic (XSS) test shows that %sparameter '%s' might be vulnerable to cross-site scripting (XSS) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
        logger.info(infoMsg)