Fix for an Issue #433

lib/core/data.py

@@ -14,6 +14,9 @@ paths = AttribDict()
 # object to store original command line options
 cmdLineOptions = AttribDict()
 
+# object to store merged options (command line, configuration file and default options)
+mergedOptions = AttribDict()
+
 # object to share within function and classes command
 # line options and settings
 conf = AttribDict()

lib/core/option.py

@@ -57,6 +57,7 @@ from lib.core.convert import base64unpickle
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.data import mergedOptions
 from lib.core.data import queries
 from lib.core.datatype import AttribDict
 from lib.core.datatype import InjectionDict
@@ -1854,6 +1855,8 @@ def _mergeOptions(inputOptions, overrideOptions):
         if hasattr(conf, key) and conf[key] is None:
             conf[key] = value
 
+    mergedOptions.update(conf)
+
 def _setTrafficOutputFP():
     if conf.trafficFile:
         infoMsg = "setting file for logging HTTP traffic"

lib/core/settings.py

@@ -319,6 +319,9 @@ HASH_MOD_ITEM_DISPLAY = 11
 # Maximum integer value
 MAX_INT = sys.maxint
 
+# Options that need to be restored in multiple targets run mode
+RESTORE_MERGED_OPTIONS = ("col", "db", "dnsName", "privEsc", "tbl", "regexp", "string", "textOnly", "threads", "timeSec", "tmpPath", "uChar", "user")
+
 # Parameters to be ignored in detection phase (upper case)
 IGNORE_PARAMETERS = ("__VIEWSTATE", "__VIEWSTATEENCRYPTED", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN")
 

lib/core/target.py

@@ -20,10 +20,10 @@ from lib.core.common import paramToDict
 from lib.core.common import readInput
 from lib.core.common import resetCookieJar
 from lib.core.common import urldecode
-from lib.core.data import cmdLineOptions
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.data import mergedOptions
 from lib.core.data import paths
 from lib.core.dicts import DBMS_DICT
 from lib.core.dump import dumper
@@ -47,6 +47,7 @@ from lib.core.settings import JSON_RECOGNITION_REGEX
 from lib.core.settings import MULTIPART_RECOGNITION_REGEX
 from lib.core.settings import PROBLEMATIC_CUSTOM_INJECTION_PATTERNS
 from lib.core.settings import REFERER_ALIASES
+from lib.core.settings import RESTORE_MERGED_OPTIONS
 from lib.core.settings import RESULTS_FILE_FORMAT
 from lib.core.settings import SOAP_RECOGNITION_REGEX
 from lib.core.settings import SUPPORTED_DBMS
@@ -511,25 +512,14 @@ def _createTargetDirs():
     _createFilesDir()
     _configureDumper()
 
-def _restoreCmdLineOptions():
+def _restoreMergedOptions():
     """
-    Restore command line options that could be possibly
+    Restore merged options (command line, configuration file and default values)
-    changed during the testing of previous target.
+    that could be possibly changed during the testing of previous target.
     """
 
-    conf.col = cmdLineOptions.col
+    for option in RESTORE_MERGED_OPTIONS:
-    conf.db = cmdLineOptions.db
+        conf[option] = mergedOptions[option]
-    conf.dnsName = cmdLineOptions.dnsName
-    conf.privEsc = cmdLineOptions.privEsc
-    conf.tbl = cmdLineOptions.tbl
-    conf.regexp = cmdLineOptions.regexp
-    conf.string = cmdLineOptions.string
-    conf.textOnly = cmdLineOptions.textOnly
-    conf.threads = cmdLineOptions.threads
-    conf.timeSec = cmdLineOptions.timeSec
-    conf.tmpPath = cmdLineOptions.tmpPath
-    conf.uChar = cmdLineOptions.uChar
-    conf.user = cmdLineOptions.user
 
 def initTargetEnv():
     """
@@ -548,7 +538,7 @@ def initTargetEnv():
         conf.hashDBFile = None
 
         _setKnowledgeBaseAttributes(False)
-        _restoreCmdLineOptions()
+        _restoreMergedOptions()
         _setDBMS()
 
     if conf.data: