PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 04:31:30 +00:00
Code Issues Projects Releases Wiki Activity

Update of --beep (including XSS/FI)

Browse Source
This commit is contained in:
Miroslav Stampar
2020-12-01 23:10:53 +01:00
parent 33a8db9596
commit be0f7a9e07
3 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/controller/checks.py
View File

@@ -1141,10 +1141,17 @@ def heuristicCheckSqlInjection(place, parameter):
infoMsg = "heuristic (XSS) test shows that %sparameter '%s' might be vulnerable to cross-site scripting (XSS) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
logger.info(infoMsg)
if conf.beep:
beep()
for match in re.finditer(FI_ERROR_REGEX, page or ""):
if randStr1.lower() in match.group(0).lower():
infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
logger.info(infoMsg)
if conf.beep:
beep()
break
kb.disableHtmlDecoding = False