diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 5bc2bd572..6d645a47e 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -95,7 +95,7 @@ def checkSqlInjection(place, parameter, value): injection = injectionDict() # Clear cookies after each query page attempt - kb.flushCookies = True + kb.testMode = True for test in conf.tests: title = test.title @@ -269,7 +269,6 @@ def checkSqlInjection(place, parameter, value): # as we are changing parameters value, which will result # most definitely with a different content kb.pageTemplate, _ = Request.queryPage(agent.payload(place, parameter, value, origValue), place, content=True) - kb.testCount += 1 elif where == 3: origValue = "" kb.pageTemplate = kb.originalPage @@ -307,15 +306,12 @@ def checkSqlInjection(place, parameter, value): # the False response content conf.matchRatio = None _ = Request.queryPage(cmpPayload, place) - kb.testCount += 1 # Compare True and False response contents trueResult = Request.queryPage(reqPayload, place) - kb.testCount += 1 if trueResult: falseResult = Request.queryPage(cmpPayload, place) - kb.testCount += 1 if not falseResult: infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) @@ -329,7 +325,6 @@ def checkSqlInjection(place, parameter, value): # Perform the test's request and grep the response # body for the test's regular expression reqBody, _ = Request.queryPage(reqPayload, place, content=True) - kb.testCount += 1 output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE) if output: @@ -354,9 +349,7 @@ def checkSqlInjection(place, parameter, value): # Perform the test's request and check how long # it takes to get the response back start = time.time() - _ = Request.queryPage(reqPayload, place) - kb.testCount += 1 duration = calculateDeltaSeconds(start) # Threat sleep and delayed (heavy query) differently @@ -429,7 +422,7 @@ def checkSqlInjection(place, parameter, value): break # Flush the flag - kb.flushCookies = False + kb.testMode = False # Return the injection object if injection.place is not None and injection.parameter is not None: diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 6e2e2c112..c5a245294 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -115,7 +115,7 @@ def __formatInjection(inj): def __showInjections(): header = "sqlmap identified the following injection points " - header += "with %d HTTP(s) requests" % kb.testCount + header += "with %d HTTP(s) requests" % kb.testQueryCount data = "" for inj in kb.injections: diff --git a/lib/core/option.py b/lib/core/option.py index 28820ff38..5d8a5fdee 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1117,7 +1117,6 @@ def __setKnowledgeBaseAttributes(): kb.cache.content = {} kb.cache.regex = {} - kb.flushCookies = False kb.commonOutputs = None kb.data = advancedDict() @@ -1172,6 +1171,7 @@ def __setKnowledgeBaseAttributes(): kb.partRun = None kb.proxyAuthHeader = None kb.queryCounter = 0 + kb.redirectSetCookie = None kb.responseTime = 0 kb.resumedQueries = {} kb.retriesCount = 0 @@ -1179,14 +1179,14 @@ def __setKnowledgeBaseAttributes(): kb.targetUrls = set() kb.testedParams = set() kb.technique = None + kb.testMode = False + kb.testQueryCount = 0 kb.unionComment = "" kb.unionCount = None kb.unionPosition = None kb.unionNegative = False kb.userAgents = None kb.valueStack = [] - kb.redirectSetCookie = None - kb.testCount = 0 def __saveCmdline(): """ diff --git a/lib/request/connect.py b/lib/request/connect.py index fb65a8e71..c0332f753 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -407,8 +407,10 @@ class Connect: if conf.textOnly: page = getFilteredPageContent(page) - if kb.flushCookies and conf.cj: - conf.cj.clear() + if kb.testMode: + kb.testQueryCount += 1 + if conf.cj: + conf.cj.clear() if content or response: return page, headers