Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit fd5b665

Browse files
stamparmstamparm
committed
Removing arithmetic operations from false positive checking to minimize affect of character filtering ('>' and '=' have to stay because those are minimal requirements)
1 parent 0355e29 commit fd5b665

1 file changed

Lines changed: 13 additions & 6 deletions

File tree

lib/controller/checks.py

Lines changed: 13 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -651,25 +651,32 @@ def _():
651651
for i in xrange(1 + conf.level / 2):
652652
randInt1, randInt2, randInt3 = (_() for j in xrange(3))
653653

654-
# Just in case (also, they have to be different than 0 because of the last test)
655-
while randInt1 == randInt2:
654+
randInt1 = min(randInt1, randInt2, randInt3)
655+
randInt3 = max(randInt1, randInt2, randInt3)
656+
657+
while randInt1 >= randInt2:
656658
randInt2 = _()
657659

658-
if not checkBooleanExpression("(%d+%d)=%d" % (randInt1, randInt2, randInt1 + randInt2)):
660+
while randInt2 >= randInt3:
661+
randInt3 = _()
662+
663+
if not checkBooleanExpression("%d=%d" % (randInt1, randInt1)):
659664
retVal = None
660665
break
661666

662667
# Just in case if DBMS hasn't properly recovered from previous delayed request
663668
if PAYLOAD.TECHNIQUE.BOOLEAN not in injection.data:
664669
checkBooleanExpression("%d=%d" % (randInt1, randInt2))
665670

666-
if checkBooleanExpression("%d>(%d+%d)" % (min(randInt1, randInt2), randInt3, max(randInt1, randInt2))):
671+
if checkBooleanExpression("%d>%d" % (randInt1, randInt2)):
667672
retVal = None
668673
break
669-
elif checkBooleanExpression("(%d+%d)>%d" % (randInt3, min(randInt1, randInt2), randInt1 + randInt2 + randInt3)):
674+
675+
elif checkBooleanExpression("%d>%d" % (randInt2, randInt3)):
670676
retVal = None
671677
break
672-
elif not checkBooleanExpression("%d=(%d+%d)" % (randInt1 + randInt2, randInt1, randInt2)):
678+
679+
elif not checkBooleanExpression("%d>%d" % (randInt3, randInt1)):
673680
retVal = None
674681
break
675682

0 commit comments

Comments
 (0)