Properly handle --technique at save/resume phase

2025-02-03 13:14:13 +03:00 · 2011-02-01 22:05:48 +00:00 · 2011-02-01 22:05:48 +00:00 · 2619e4895f
commit 2619e4895f
parent 3d966bd569
1 changed files with 13 additions and 8 deletions
--- a/lib/core/session.py
+++ b/lib/core/session.py
@ -44,12 +44,14 @@ def setInjection(inj):
    session file.
    """

-    condition = (
-                  ( not kb.resumedQueries
+    condition = ( not kb.resumedQueries
                  or ( kb.resumedQueries.has_key(conf.url) and
-                  not kb.resumedQueries[conf.url].has_key("Injection data")
-                  ) )
-                )
+                  ( not kb.resumedQueries[conf.url].has_key("Injection data")
+                  or ( kb.resumedQueries[conf.url].has_key("Injection data")
+                  and isinstance(conf.technique, int) and conf.technique > 0
+                  and conf.technique not in
+                  base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data
+                ) ) ) )

    if condition:
        dataToSessionFile("[%s][%s][%s][Injection data][%s]\n" % (conf.url, inj.place, safeFormatString(conf.parameters[inj.place]), base64pickle(inj)))
@ -154,11 +156,14 @@ def setRemoteTempPath():
 def resumeConfKb(expression, url, value):
    if expression == "Injection data" and url == conf.url:
        injection = base64unpickle(value[:-1])
+
        logMsg = "resuming injection data from session file"
        logger.info(logMsg)

        if injection.place in conf.paramDict and \
           injection.parameter in conf.paramDict[injection.place]:
+
+            if not conf.technique or ( conf.technique in injection.data ):
                kb.injections.append(injection)
        else:
            warnMsg = "there is an injection in %s parameter '%s' " % (injection.place, injection.parameter)