diff --git a/lib/controller/checks.py b/lib/controller/checks.py index fbd41751d..925d46ed4 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -80,6 +80,7 @@ def checkSqlInjection(place, parameter, value): if kb.endDetection: break + proceed = True title = test.title stype = test.stype clause = test.clause @@ -202,6 +203,21 @@ def checkSqlInjection(place, parameter, value): logger.debug(debugMsg) continue + if len(kb.injections) > 0: + for resumedInj in kb.injections: + if resumedInj.place == place and resumedInj.parameter \ + == parameter and stype in resumedInj.data: + debugMsg = "skipping test '%s' because this " % title + debugMsg += "technique has already been detected " + debugMsg += "in a previous run" + logger.debug(debugMsg) + + proceed = False + break + + if not proceed: + continue + infoMsg = "testing '%s'" % title logger.info(infoMsg) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 2de852809..1a4e7c459 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -317,9 +317,18 @@ def start(): # TODO: consider the following line in __setRequestParams() # __testableParameters = True - if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \ - and (kb.injection.place is None or kb.injection.parameter is None): + proceed = False + if len(kb.injections) > 0: + for resumedInj in kb.injections: + for tech in conf.tech: + if tech not in resumedInj.data: + proceed = True + break + else: + proceed = True + + if proceed: if not conf.string and not conf.regexp: # NOTE: this is not needed anymore, leaving only to display # a warning message to the user in case the page is not stable