avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables

bdamele · bdamele · commit 4f939b571971 · 2015-02-20T18:36:34.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -650,9 +650,12 @@ def heuristicCheckDbms(injection):
 
     pushValue(kb.injection)
     kb.injection = injection
-    randStr1, randStr2 = randomStr(), randomStr()
 
     for dbms in getPublicTypeMembers(DBMS, True):
+        if not FROM_DUMMY_TABLE.get(dbms, ""):
+            continue
+
+        randStr1, randStr2 = randomStr(), randomStr()
         Backend.forceDbms(dbms)
 
         if checkBooleanExpression("(SELECT '%s'%s)='%s'" % (randStr1, FROM_DUMMY_TABLE.get(dbms, ""), randStr1)):
