We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
d7015281-f355-4f23-9d36-3c4a5ec68458
你好,这个插件63行好像有点问题,pureInt = str.MatchAllOfRegexp(paramValue, \d+) 如果在request请求中参数的值是sms-123456 这类字母+数字的混合,正则也能匹配到,之后放到generateIntCastCheckingExpr函数的paramInt = atoi(i)~时就会报错。 看起来应该用^\d+$来匹配纯数字;但跟写的代码进行数字型注入的检测逻辑有点不一样,还是需要匹配出(字符串+数字),只对数字部分进行"+2"请求后的相识度比对来判断是否是数字型注入。
\d+
^\d+$
The text was updated successfully, but these errors were encountered:
好的,感谢师傅反馈~
Sorry, something went wrong.
Successfully merging a pull request may close this issue.
d7015281-f355-4f23-9d36-3c4a5ec68458
你好,这个插件63行好像有点问题,pureInt = str.MatchAllOfRegexp(paramValue,
\d+
)如果在request请求中参数的值是sms-123456 这类字母+数字的混合,正则也能匹配到,之后放到generateIntCastCheckingExpr函数的paramInt = atoi(i)~时就会报错。
看起来应该用
^\d+$
来匹配纯数字;但跟写的代码进行数字型注入的检测逻辑有点不一样,还是需要匹配出(字符串+数字),只对数字部分进行"+2"请求后的相识度比对来判断是否是数字型注入。The text was updated successfully, but these errors were encountered: