Ahead with the improvements to the comparison algorithm.

Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments.

lib/request/comparison.py

@@ -68,15 +68,13 @@ def comparison(page, headers=None, content=False):
             return False
 
     # By default it returns the page content MD5 hash
-    if not conf.equalLines and not conf.contentLengths:
+    if not conf.equalLines and not conf.pageLengths:
         return md5.new(page).hexdigest()
 
-    # TODO: go ahead from here
-
-    # Comparison algorithm based on Content-Length header value
-    elif conf.contentLengths:
-        minValue = conf.contentLengths[0] - 10
-        maxValue = conf.contentLengths[1] + 10
+    # Comparison algorithm based on page length value
+    elif conf.pageLengths:
+        minValue = conf.pageLengths[0]
+        maxValue = conf.pageLengths[1]
 
         if len(page) >= minValue and len(page) <= maxValue:
             return True

lib/request/inject.py

@@ -336,6 +336,8 @@ def goStacked(expression):
     TODO: write description
     """
 
+    expression = cleanQuery(expression)
+
     comment = queries[kb.dbms].comment
     query   = agent.prefixQuery("; %s" % expression)
     query   = agent.postfixQuery("%s;%s" % (query, comment))