From a0b46963cb2122e7db7f79de92b9cbb3cd1a829a Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 9 Mar 2012 10:28:19 +0000 Subject: [PATCH] minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup) --- lib/controller/checks.py | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 0ae0e95fb..9549996a9 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -540,26 +540,29 @@ def checkFalsePositives(injection): infoMsg += "parameter '%s' is a false positive" % injection.parameter logger.info(infoMsg) + def _(): + return int(randomInt(2)) + 1 + kb.injection = injection - randInt1, randInt2 = int(randomInt(2)) + 1, int(randomInt(2)) + 1 + randInt1, randInt2, randInt3 = (_() for i in xrange(3)) # Just in case (also, they have to be different than 0 because of the last test) while randInt1 == randInt2: - randInt2 = int(randomInt(2)) + 1 + randInt2 = _() # Simple arithmetic operations which should show basic # arithmetic ability of the backend if it's really injectable if not checkBooleanExpression("(%d+%d)=%d" % (randInt1, randInt2, randInt1 + randInt2)): retVal = None - elif checkBooleanExpression("%d=%d" % (randInt1, randInt2)): + elif checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))): retVal = None - if not checkBooleanExpression("%d=(%d+%d)" % (randInt1 + randInt2, randInt1, randInt2)): + elif not checkBooleanExpression("%d=(%d+%d)" % (randInt1 + randInt2, randInt1, randInt2)): retVal = None - elif checkBooleanExpression("%d=%d" % (randInt2, randInt1)): + elif checkBooleanExpression("(%d+%d)>%d" % (randInt3, min(randInt1, randInt2), randInt1 + randInt2 + randInt3)): retVal = None if retVal is None: - warnMsg = "false positive injection point detected" + warnMsg = "false positive and/or unexploitable injection point detected" logger.warn(warnMsg) kb.injection = popValue()