improvement of heuristic check (now original value is included too)

stamparm · stamparm · commit 84849316b35d · 2010-11-12T23:06:01.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -125,7 +125,7 @@ def heuristicCheckSqlInjection(place, parameter, value):
         if conf.postfix:
             postfix = conf.postfix
 
-    payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
+    payload = "%s%s%s%s" % (value, prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), postfix)
     payload = agent.payload(place, parameter, value, payload)
     Request.queryPage(payload, place, raise404=False)
     result = wasLastRequestError()
