mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
fix for Feature #187 (Skip duplicates parameters in -g)
This commit is contained in:
Miroslav Stampar
parent
6a6ff09c9a
commit
28d9115373
|
|
@ -199,21 +199,26 @@ def start():
|
||||||
|
|
||||||
for parameter, value in paramDict.items():
|
for parameter, value in paramDict.items():
|
||||||
testSqlInj = True
|
testSqlInj = True
|
||||||
|
paramKey = (conf.hostname, place, parameter)
|
||||||
|
|
||||||
|
if paramKey in kb.testedParams:
|
||||||
|
warnMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
|
||||||
|
logger.warn(warnMsg)
|
||||||
|
testSqlInj = False
|
||||||
# Avoid dinamicity test if the user provided the
|
# Avoid dinamicity test if the user provided the
|
||||||
# parameter manually
|
# parameter manually
|
||||||
if parameter in conf.testParameter:
|
elif parameter in conf.testParameter:
|
||||||
pass
|
pass
|
||||||
|
|
||||||
elif not checkDynParam(place, parameter, value):
|
elif not checkDynParam(place, parameter, value):
|
||||||
warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
|
warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
testSqlInj = False
|
testSqlInj = False
|
||||||
|
|
||||||
else:
|
else:
|
||||||
logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
|
logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
|
||||||
logger.info(logMsg)
|
logger.info(logMsg)
|
||||||
|
|
||||||
|
kb.testedParams.add(paramKey)
|
||||||
|
|
||||||
if testSqlInj:
|
if testSqlInj:
|
||||||
for parenthesis in range(0, 4):
|
for parenthesis in range(0, 4):
|
||||||
logMsg = "testing sql injection on %s " % place
|
logMsg = "testing sql injection on %s " % place
|
||||||
|
|
|
||||||
|
|
@ -89,7 +89,7 @@ def __urllib2Opener():
|
||||||
|
|
||||||
debugMsg = "creating HTTP requests opener object"
|
debugMsg = "creating HTTP requests opener object"
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
handlers = [proxyHandler, authHandler, redirectHandler]
|
handlers = [proxyHandler, authHandler, redirectHandler]
|
||||||
|
|
||||||
if not conf.dropSetCookie:
|
if not conf.dropSetCookie:
|
||||||
|
|
@ -258,11 +258,11 @@ def __setRequestFromFile():
|
||||||
|
|
||||||
if not conf.requestFile:
|
if not conf.requestFile:
|
||||||
return
|
return
|
||||||
|
|
||||||
addedTargetUrls = set()
|
addedTargetUrls = set()
|
||||||
|
|
||||||
conf.requestFile = os.path.expanduser(conf.requestFile)
|
conf.requestFile = os.path.expanduser(conf.requestFile)
|
||||||
|
|
||||||
infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
|
infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
|
||||||
logger.info(infoMsg)
|
logger.info(infoMsg)
|
||||||
|
|
||||||
|
|
@ -272,7 +272,7 @@ def __setRequestFromFile():
|
||||||
raise sqlmapFilePathException, errMsg
|
raise sqlmapFilePathException, errMsg
|
||||||
|
|
||||||
__feedTargetsDict(conf.requestFile, addedTargetUrls)
|
__feedTargetsDict(conf.requestFile, addedTargetUrls)
|
||||||
|
|
||||||
def __setGoogleDorking():
|
def __setGoogleDorking():
|
||||||
"""
|
"""
|
||||||
This function checks if the way to request testable hosts is through
|
This function checks if the way to request testable hosts is through
|
||||||
|
|
@ -657,13 +657,13 @@ def __setHTTPAuthentication():
|
||||||
|
|
||||||
authUsername = aCredRegExp.group(1)
|
authUsername = aCredRegExp.group(1)
|
||||||
authPassword = aCredRegExp.group(2)
|
authPassword = aCredRegExp.group(2)
|
||||||
|
|
||||||
passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
|
passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
|
||||||
passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), authUsername, authPassword)
|
passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), authUsername, authPassword)
|
||||||
|
|
||||||
if aTypeLower == "basic":
|
if aTypeLower == "basic":
|
||||||
authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
|
authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
|
||||||
|
|
||||||
elif aTypeLower == "digest":
|
elif aTypeLower == "digest":
|
||||||
authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
|
authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
|
||||||
|
|
||||||
|
|
@ -675,28 +675,28 @@ def __setHTTPAuthentication():
|
||||||
errMsg += "in order to authenticate via NTLM, "
|
errMsg += "in order to authenticate via NTLM, "
|
||||||
errMsg += "http://code.google.com/p/python-ntlm/"
|
errMsg += "http://code.google.com/p/python-ntlm/"
|
||||||
raise sqlmapMissingDependence, errMsg
|
raise sqlmapMissingDependence, errMsg
|
||||||
|
|
||||||
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
|
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
|
||||||
else:
|
else:
|
||||||
debugMsg = "setting the HTTP(s) authentication certificate"
|
debugMsg = "setting the HTTP(s) authentication certificate"
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
|
aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
|
||||||
|
|
||||||
if not aCertRegExp:
|
if not aCertRegExp:
|
||||||
errMsg = "HTTP authentication certificate option "
|
errMsg = "HTTP authentication certificate option "
|
||||||
errMsg += "must be in format key_file,cert_file"
|
errMsg += "must be in format key_file,cert_file"
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
#os.path.expanduser for support of paths with ~
|
#os.path.expanduser for support of paths with ~
|
||||||
key_file = os.path.expanduser(aCertRegExp.group(1))
|
key_file = os.path.expanduser(aCertRegExp.group(1))
|
||||||
cert_file = os.path.expanduser(aCertRegExp.group(2))
|
cert_file = os.path.expanduser(aCertRegExp.group(2))
|
||||||
|
|
||||||
for ifile in (key_file, cert_file):
|
for ifile in (key_file, cert_file):
|
||||||
if not os.path.exists(ifile):
|
if not os.path.exists(ifile):
|
||||||
errMsg = "File '%s' does not exist" % ifile
|
errMsg = "File '%s' does not exist" % ifile
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
authHandler = HTTPSCertAuthHandler(key_file, cert_file)
|
authHandler = HTTPSCertAuthHandler(key_file, cert_file)
|
||||||
|
|
||||||
def __setHTTPMethod():
|
def __setHTTPMethod():
|
||||||
|
|
@ -1011,6 +1011,7 @@ def __setKnowledgeBaseAttributes():
|
||||||
kb.resumedQueries = {}
|
kb.resumedQueries = {}
|
||||||
kb.stackedTest = None
|
kb.stackedTest = None
|
||||||
kb.targetUrls = set()
|
kb.targetUrls = set()
|
||||||
|
kb.testedParams = set()
|
||||||
kb.timeTest = None
|
kb.timeTest = None
|
||||||
kb.unionComment = ""
|
kb.unionComment = ""
|
||||||
kb.unionCount = None
|
kb.unionCount = None
|
||||||
|
|
@ -1129,7 +1130,7 @@ def __basicOptionValidation():
|
||||||
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop > 0 and conf.limitStop <= conf.limitStart:
|
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop > 0 and conf.limitStop <= conf.limitStart:
|
||||||
errMsg = "value for --start (limitStart) option must be smaller than value for --stop (limitStop) option"
|
errMsg = "value for --start (limitStart) option must be smaller than value for --stop (limitStop) option"
|
||||||
raise sqlmapSyntaxException, errMsg
|
raise sqlmapSyntaxException, errMsg
|
||||||
|
|
||||||
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or\
|
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or\
|
||||||
conf.cpuThrottle < 0):
|
conf.cpuThrottle < 0):
|
||||||
errMsg = "value for --cpu-throttle (cpuThrottle) option must be in range [0,100]"
|
errMsg = "value for --cpu-throttle (cpuThrottle) option must be in range [0,100]"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user