Reducing false-positive 'appears' messages in heavily dynamic environment

2026-01-04 13:49:05 +00:00 · 2018-03-29 14:47:30 +02:00
parent cdb1e79370
commit ae8699f258
3 changed files with 7 additions and 3 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -514,6 +514,10 @@ def checkSqlInjection(place, parameter, value):
                                            kb.matchRatio = _
                                            logger.debug("adjusting match ratio for current parameter to %.3f" % kb.matchRatio)

+                                    # Reducing false-positive "appears" messages in heavily dynamic environment
+                                    if kb.heavyDynamic and not Request.queryPage(reqPayload, place, raise404=False):
+                                        continue
+
                                    injectable = True

                                elif threadData.lastComparisonRatio > UPPER_RATIO_BOUND and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.3.49"
+VERSION = "1.2.3.50"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)