|
16 | 16 | from lib.core.common import extractRegexResult |
17 | 17 | from lib.core.common import findDynamicContent |
18 | 18 | from lib.core.common import getCompiledRegex |
| 19 | +from lib.core.common import getErrorParsedDBMS |
19 | 20 | from lib.core.common import getInjectionTests |
20 | 21 | from lib.core.common import getUnicode |
21 | 22 | from lib.core.common import popValue |
@@ -139,17 +140,17 @@ def checkSqlInjection(place, parameter, value): |
139 | 140 |
|
140 | 141 | continue |
141 | 142 |
|
142 | | - if kb.htmlFp and kb.htmlFp[-1] and kb.htmlFp[-1] != dbms\ |
| 143 | + if getErrorParsedDBMS() and getErrorParsedDBMS() != dbms\ |
143 | 144 | and kb.skipTests is None: |
144 | | - message = "heuristic test showed that the back-end DBMS could be '%s'." % kb.htmlFp[-1] |
| 145 | + message = "heuristic test showed that the back-end DBMS could be '%s'." % getErrorParsedDBMS() |
145 | 146 | message += " do you want to skip test payloads specific for other DBMSes? [Y/n]" |
146 | 147 | kb.skipTests = conf.realTest or readInput(message, default="Y") not in ("n", "N") |
147 | 148 |
|
148 | 149 | if kb.skipTests: |
149 | 150 | debugMsg = "skipping test '%s' because " % title |
150 | 151 | debugMsg += "the heuristic test showed that " |
151 | 152 | debugMsg += "the back-end DBMS could be " |
152 | | - debugMsg += "%s" % kb.htmlFp[-1] |
| 153 | + debugMsg += "%s" % getErrorParsedDBMS() |
153 | 154 | logger.debug(debugMsg) |
154 | 155 |
|
155 | 156 | continue |
@@ -472,7 +473,7 @@ def heuristicCheckSqlInjection(place, parameter, value): |
472 | 473 | infoMsg += "parameter '%s' might " % parameter |
473 | 474 |
|
474 | 475 | if result: |
475 | | - infoMsg += "be injectable (possible DBMS: %s)" % (kb.htmlFp[-1] if kb.htmlFp else 'Unknown') |
| 476 | + infoMsg += "be injectable (possible DBMS: %s)" % (getErrorParsedDBMS() or 'Unknown') |
476 | 477 | logger.info(infoMsg) |
477 | 478 | else: |
478 | 479 | infoMsg += "not be injectable" |
|
0 commit comments