Minor update related to the last (error results in OR boolean-based blind should not be the same as True to be able to do proper comparison)

stamparm · stamparm · commit bdcf3fffbadf · 2016-01-14T13:40:50.000+01:00
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -446,10 +446,19 @@ def genCmpPayload():
                             truePage = threadData.lastComparisonPage or ""
 
                             if trueResult and not(truePage == falsePage and not kb.nullConnection):
+                                # Perform the test's False request
                                 falseResult = Request.queryPage(genCmpPayload(), place, raise404=False)
 
-                                # Perform the test's False request
                                 if not falseResult:
+                                    if kb.negativeLogic:
+                                        boundPayload = agent.prefixQuery(kb.data.randomStr, prefix, where, clause)
+                                        boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
+                                        errorPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
+
+                                        errorResult = Request.queryPage(errorPayload, place, raise404=False)
+                                        if errorResult:
+                                            continue
+
                                     infoMsg = "%s parameter '%s' seems to be '%s' injectable " % (paramType, parameter, title)
                                     logger.info(infoMsg)
 
