sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-05-08 17:53:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Properly handle --technique at save/resume phase

Browse Source
This commit is contained in:
Bernardo Damele 2011-02-01 22:05:48 +00:00
parent 3d966bd569
commit 2619e4895f
1 changed files with 13 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
lib/core/session.py
View File

@ -44,12 +44,14 @@ def setInjection(inj):
session file. session file.
""" """
condition = ( condition = ( not kb.resumedQueries
( not kb.resumedQueries
or ( kb.resumedQueries.has_key(conf.url) and or ( kb.resumedQueries.has_key(conf.url) and
not kb.resumedQueries[conf.url].has_key("Injection data") ( not kb.resumedQueries[conf.url].has_key("Injection data")
) ) or ( kb.resumedQueries[conf.url].has_key("Injection data")
) and isinstance(conf.technique, int) and conf.technique > 0
and conf.technique not in
base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data
) ) ) )
if condition: if condition:
dataToSessionFile("[%s][%s][%s][Injection data][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), base64pickle(inj))) dataToSessionFile("[%s][%s][%s][Injection data][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), base64pickle(inj)))
@ -154,12 +156,15 @@ def setRemoteTempPath():
def resumeConfKb(expression, url, value): def resumeConfKb(expression, url, value):
if expression == "Injection data" and url == conf.url: if expression == "Injection data" and url == conf.url:
injection = base64unpickle(value[:-1]) injection = base64unpickle(value[:-1])
logMsg = "resuming injection data from session file" logMsg = "resuming injection data from session file"
logger.info(logMsg) logger.info(logMsg)
if injection.place in conf.paramDict and\ if injection.place in conf.paramDict and \
injection.parameter in conf.paramDict[injection.place]: injection.parameter in conf.paramDict[injection.place]:
kb.injections.append(injection)
if not conf.technique or ( conf.technique in injection.data ):
kb.injections.append(injection)
else: else:
warnMsg = "there is an injection in %s parameter '%s' " % (injection.place, injection.parameter) warnMsg = "there is an injection in %s parameter '%s' " % (injection.place, injection.parameter)
warnMsg += "but you did not provided it this time" warnMsg += "but you did not provided it this time"