user can now choose if he wants to skip non-heuristic based DBMS tests

2025-01-23 15:54:24 +03:00 · 2011-01-01 23:38:11 +00:00 · 2011-01-01 23:38:11 +00:00 · 212035e64d
commit 212035e64d
parent ded9798e3d
2 changed files with 16 additions and 0 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -139,6 +139,21 @@ def checkSqlInjection(place, parameter, value):

                    continue

+                if kb.htmlFp and kb.htmlFp[-1] and kb.htmlFp[-1] != dbms\
+                  and kb.skipTests is None:
+                    message = "heuristic test showed that the back-end DBMS could be '%s'." % kb.htmlFp[-1]
+                    message += " do you want to skip test payloads specific for other DBMSes? [Y/n]"
+                    kb.skipTests = conf.realTest or readInput(message, default="Y") not in ("n", "N")
+
+                if kb.skipTests:
+                    debugMsg = "skipping test '%s' because " % title
+                    debugMsg += "the heuristic test showed that "
+                    debugMsg += "the back-end DBMS could be "
+                    debugMsg += "%s" % kb.htmlFp[-1]
+                    logger.debug(debugMsg)
+
+                    continue
+
            # Skip test if it is the same SQL injection type already
            # identified by another test
            if injection.data and stype in injection.data:
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1190,6 +1190,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.responseTimes   = []
    kb.resumedQueries  = {}
    kb.retriesCount    = 0
+    kb.skipTests       = None
    kb.technique       = None
    kb.testMode        = False
    kb.testQueryCount  = 0