Fixes sqlmapproject#1290

stamparm · stamparm · commit 96327b6701eb · 2015-07-05T01:47:01.000+02:00
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -386,9 +386,12 @@ def checkSqlInjection(place, parameter, value):
                     # Forge request payload by prepending with boundary's
                     # prefix and appending the boundary's suffix to the
                     # test's ' <payload><comment> ' string
-                    boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
-                    boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
-                    reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
+                    if fstPayload:
+                        boundPayload = agent.prefixQuery(fstPayload, prefix, where, clause)
+                        boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
+                        reqPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
+                    else:
+                        reqPayload = None
 
                     # Perform the test's request and check whether or not the
                     # payload was successful
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -68,7 +68,7 @@ def payloadDirect(self, query):
 
         return query
 
-    def payload(self, place=None, parameter=None, value=None, newValue="", where=None):
+    def payload(self, place=None, parameter=None, value=None, newValue=None, where=None):
         """
         This method replaces the affected parameter with the SQL
         injection statement to request
