Further decreasing number of testing payloads

2024-11-22 09:36:35 +03:00 · 2015-07-10 01:19:46 +02:00 · 2015-07-10 01:19:46 +02:00 · 02470ea683
commit 02470ea683
parent 48b627f3ff
2 changed files with 12 additions and 0 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -525,6 +525,17 @@ def checkSqlInjection(place, parameter, value):
                                infoMsg += "there is at least one other (potential) "
                                infoMsg += "technique found"
                                singleTimeLogMessage(infoMsg)
+                            elif not injection.data:
+                                _ = test.request.columns.split('-')[-1]
+                                if _.isdigit() and int(_) > 10:
+                                    if kb.futileUnion is None:
+                                        msg = "it is not recommended to perform "
+                                        msg += "extended UNION tests if there is not "
+                                        msg += "at least one other (potential) "
+                                        msg += "technique found. Do you want to skip? [Y/n] "
+                                        kb.futileUnion = readInput(msg, default="Y").strip().upper() == 'N'
+                                    if kb.futileUnion is False:
+                                        continue

                            # Test for UNION query SQL injection
                            reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1788,6 +1788,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.followSitemapRecursion = None
    kb.forcedDbms = None
    kb.forcePartialUnion = False
+    kb.futileUnion = None
    kb.headersFp = {}
    kb.heuristicDbms = None
    kb.heuristicMode = False