PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-24 16:39:04 +00:00
Code Issues Projects Releases Wiki Activity

Patch for #5994

Browse Source
This commit is contained in:
Miroslav Stampar
2025-12-22 12:22:46 +01:00
parent 09dfa568ae
commit d89a0bb9df
3 changed files with 13 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
lib/controller/checks.py
View File

@@ -1134,15 +1134,18 @@ def heuristicCheckSqlInjection(place, parameter):
if conf.beep:
beep()
for match in re.finditer(FI_ERROR_REGEX, page or ""):
if randStr1.lower() in match.group(0).lower():
infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
logger.info(infoMsg)
try:
for match in re.finditer(FI_ERROR_REGEX, page or ""):
if randStr1.lower() in match.group(0).lower():
infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter)
logger.info(infoMsg)
if conf.beep:
beep()
if conf.beep:
beep()
break
break
except (SystemError, RuntimeError) as ex:
logger.debug("Skipping FI heuristic due to regex failure: %s", getSafeExString(ex))
kb.disableHtmlDecoding = False
kb.heuristicMode = False