sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix for Feature #187 (Skip duplicates parameters in -g)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-07-29 20:01:04 +00:00
parent 6a6ff09c9a
commit 28d9115373
2 changed files with 23 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/controller/controller.py
View File

@ -199,21 +199,26 @@ def start():
for parameter, value in paramDict.items():
testSqlInj = True
paramKey = (conf.hostname, place, parameter)
if paramKey in kb.testedParams:
warnMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
logger.warn(warnMsg)
testSqlInj = False
# Avoid dinamicity test if the user provided the
# parameter manually
if parameter in conf.testParameter:
elif parameter in conf.testParameter:
pass
elif not checkDynParam(place, parameter, value):
warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
logger.warn(warnMsg)
testSqlInj = False
else:
logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
logger.info(logMsg)
kb.testedParams.add(paramKey)
if testSqlInj:
for parenthesis in range(0, 4):
logMsg = "testing sql injection on %s " % place

29
lib/core/option.py
View File

@ -89,7 +89,7 @@ def __urllib2Opener():
debugMsg = "creating HTTP requests opener object"
logger.debug(debugMsg)
handlers = [proxyHandler, authHandler, redirectHandler]
if not conf.dropSetCookie:
@ -258,11 +258,11 @@ def __setRequestFromFile():
if not conf.requestFile:
return
addedTargetUrls = set()
conf.requestFile = os.path.expanduser(conf.requestFile)
infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
logger.info(infoMsg)
@ -272,7 +272,7 @@ def __setRequestFromFile():
raise sqlmapFilePathException, errMsg
__feedTargetsDict(conf.requestFile, addedTargetUrls)
def __setGoogleDorking():
"""
This function checks if the way to request testable hosts is through
@ -657,13 +657,13 @@ def __setHTTPAuthentication():
authUsername = aCredRegExp.group(1)
authPassword = aCredRegExp.group(2)
passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), authUsername, authPassword)
if aTypeLower == "basic":
authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
elif aTypeLower == "digest":
authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
@ -675,28 +675,28 @@ def __setHTTPAuthentication():
errMsg += "in order to authenticate via NTLM, "
errMsg += "http://code.google.com/p/python-ntlm/"
raise sqlmapMissingDependence, errMsg
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
else:
debugMsg = "setting the HTTP(s) authentication certificate"
logger.debug(debugMsg)
aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
if not aCertRegExp:
errMsg = "HTTP authentication certificate option "
errMsg += "must be in format key_file,cert_file"
raise sqlmapSyntaxException, errMsg
#os.path.expanduser for support of paths with ~
key_file = os.path.expanduser(aCertRegExp.group(1))
cert_file = os.path.expanduser(aCertRegExp.group(2))
for ifile in (key_file, cert_file):
if not os.path.exists(ifile):
errMsg = "File '%s' does not exist" % ifile
raise sqlmapSyntaxException, errMsg
authHandler = HTTPSCertAuthHandler(key_file, cert_file)
def __setHTTPMethod():
@ -1011,6 +1011,7 @@ def __setKnowledgeBaseAttributes():
kb.resumedQueries = {}
kb.stackedTest = None
kb.targetUrls = set()
kb.testedParams = set()
kb.timeTest = None
kb.unionComment = ""
kb.unionCount = None
@ -1129,7 +1130,7 @@ def __basicOptionValidation():
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop > 0 and conf.limitStop <= conf.limitStart:
errMsg = "value for --start (limitStart) option must be smaller than value for --stop (limitStop) option"
raise sqlmapSyntaxException, errMsg
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or\
conf.cpuThrottle < 0):
errMsg = "value for --cpu-throttle (cpuThrottle) option must be in range [0,100]"