--technique can now be something like 123 which includes both techniques 1, 2 and 3

2024-11-26 03:23:48 +03:00 · 2011-02-17 21:39:16 +00:00 · 2011-02-17 21:39:16 +00:00 · 22cd49a217
commit 22cd49a217
parent 7ebc1ab90a
4 changed files with 13 additions and 11 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -93,10 +93,10 @@ def checkSqlInjection(place, parameter, value):
            # Skip test if the user's wants to test only for a specific
            # technique
-            if conf.technique and isinstance(conf.technique, int) and stype != conf.technique:
+            if isinstance(conf.technique, list) and stype not in conf.technique:
                debugMsg = "skipping test '%s' because the user " % title
                debugMsg += "specified to test only for "
-                debugMsg += "%s" % PAYLOAD.SQLINJECTION[conf.technique]
+                debugMsg += "%s" % ",".join(map(lambda x: PAYLOAD.SQLINJECTION[x], conf.technique))
                logger.debug(debugMsg)
                continue
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2147,7 +2147,7 @@ def isTechniqueAvailable(technique=None):
    technique specified
    """
-    if conf.technique and technique != conf.technique:
+    if isinstance(conf.technique, list) and technique not in conf.technique:
        return False
    else:
        return getTechniqueData(technique) is not None
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -581,10 +581,12 @@ def __setTechnique():
    if not isinstance(conf.technique, int):
        return
-    if conf.technique < 0 or conf.technique > 5:
+    techniques = []
-        errMsg = "the value of --technique must be an integer "
+    while conf.technique > 0:
-        errMsg += "between 0 and 5"
+        techniques.append(conf.technique % 10)
-        raise sqlmapSyntaxException, errMsg
+        conf.technique /= 10
    conf.technique = techniques
 def __setDBMS():
    """
--- a/lib/core/session.py
+++ b/lib/core/session.py
@ -13,6 +13,7 @@ from lib.core.common import Backend
 from lib.core.common import Format
 from lib.core.common import dataToSessionFile
 from lib.core.common import getFilteredPageContent
 from lib.core.common import intersect
 from lib.core.common import readInput
 from lib.core.convert import base64pickle
 from lib.core.convert import base64unpickle
@ -49,9 +50,8 @@ def setInjection(inj):
                  or ( kb.resumedQueries.has_key(conf.url) and
                  ( not kb.resumedQueries[conf.url].has_key("Injection data")
                  or ( kb.resumedQueries[conf.url].has_key("Injection data")
-                  and isinstance(conf.technique, int) and conf.technique > 0
+                  and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data,\
-                  and conf.technique not in
+                    inj.data.keys()) != inj.data.keys()
                  base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data
                ) ) ) )
    if condition:
@ -164,7 +164,7 @@ def resumeConfKb(expression, url, value):
        if injection.place in conf.paramDict and \
           injection.parameter in conf.paramDict[injection.place]:
-            if not conf.technique or ( conf.technique in injection.data ):
+            if not conf.technique or intersect(conf.technique, injection.data):
                kb.injections.append(injection)
        else:
            warnMsg = "there is an injection in %s parameter '%s' " % (injection.place, injection.parameter)