diff --git a/lib/controller/action.py b/lib/controller/action.py index 8b18c3b2b..a7e82f92b 100644 --- a/lib/controller/action.py +++ b/lib/controller/action.py @@ -46,6 +46,9 @@ def action(): if htmlParsed and htmlParsed.lower() in SUPPORTED_DBMS: errMsg += ". Do not specify the back-end DBMS manually, " errMsg += "sqlmap will fingerprint the DBMS for you" + elif kb.nullConnection: + errMsg += ". You can try to rerun without using optimization " + errMsg += "switch '%s'" % ("-o" if conf.optimize else "--null-connection") else: errMsg += ". Support for this DBMS will be implemented at " errMsg += "some point" diff --git a/lib/controller/checks.py b/lib/controller/checks.py index cac433f54..7ee10918d 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -54,8 +54,6 @@ def checkSqlInjection(place, parameter, value, parenthesis): postfix = "" retVal = None - conf.matchRatio = None - if conf.prefix or conf.postfix: if conf.prefix: prefix = conf.prefix @@ -98,6 +96,12 @@ def checkSqlInjection(place, parameter, value, parenthesis): return retVal def heuristicCheckSqlInjection(place, parameter, value): + if kb.nullConnection: + debugMsg = "heuristic checking skipped " + debugMsg += "because NULL connection used" + logger.debug(debugMsg) + return + prefix = "" postfix = "" @@ -135,24 +139,19 @@ def checkDynParam(place, parameter, value): randInt = randomInt() payload = agent.payload(place, parameter, value, getUnicode(randInt)) - dynResult1 = Request.queryPage(payload, place) + dynResult = Request.queryPage(payload, place) - if True == dynResult1: + if True == dynResult: return False infoMsg = "confirming that %s parameter '%s' is dynamic" % (place, parameter) logger.info(infoMsg) - payload = agent.payload(place, parameter, value, "'%s" % randomStr()) - dynResult2 = Request.queryPage(payload, place) + randInt = randomInt() + payload = agent.payload(place, parameter, value, getUnicode(randInt)) + dynResult = Request.queryPage(payload, place) - payload = agent.payload(place, parameter, value, "\"%s" % randomStr()) - dynResult3 = Request.queryPage(payload, place) - - condition = True != dynResult2 - condition |= True != dynResult3 - - return condition + return not dynResult def checkDynamicContent(firstPage, secondPage): """ diff --git a/lib/controller/controller.py b/lib/controller/controller.py index c7b17c819..889fa91ad 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -209,6 +209,8 @@ def start(): checkStability() for place in conf.parameters.keys(): + conf.matchRatio = None + if not conf.paramDict.has_key(place): continue diff --git a/lib/request/comparison.py b/lib/request/comparison.py index 0aacf95c1..b3d02d89d 100644 --- a/lib/request/comparison.py +++ b/lib/request/comparison.py @@ -102,6 +102,9 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None): elif wasLastRequestError(): return False + elif ratio == 1: + return True + # If the url is not stable it returns sequence matcher between the # first untouched HTTP response page content and this content else: