Fixes #177 - Don't exit at exception if in "multiple targets" mode (-l or -g)

2024-11-22 01:26:42 +03:00 · 2010-03-16 12:14:02 +00:00 · 2010-03-16 12:14:02 +00:00 · 323cf2b7f2
commit 323cf2b7f2
parent 6d0ea86414
4 changed files with 153 additions and 155 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -302,11 +302,11 @@ def checkStability():
            logMsg  = "url is stable"
            logger.info(logMsg)
        else:
-            exceptionMsg   = "there was an error checking the stability of page "
-            exceptionMsg  += "because of lack of content. please check the "
-            exceptionMsg  += "page request results (and probable errors) by "
-            exceptionMsg  += "using higher verbosity levels"
-            raise sqlmapNoneDataException, exceptionMsg
+            errMsg  = "there was an error checking the stability of page "
+            errMsg += "because of lack of content. please check the "
+            errMsg += "page request results (and probable errors) by "
+            errMsg += "using higher verbosity levels"
+            raise sqlmapNoneDataException, errMsg

    elif not condition:
        warnMsg  = "url is not stable, sqlmap will base the page "
@ -387,15 +387,8 @@ def checkConnection():
        page, _ = Request.getPage()
        conf.seqMatcher.set_seq1(page)

-    except sqlmapConnectionException, exceptionMsg:
-        exceptionMsg = str(exceptionMsg)
-
-        if conf.multipleTargets:
-            exceptionMsg += ", skipping to next url"
-            logger.warn(exceptionMsg)
-
-            return False
-        else:
-            raise sqlmapConnectionException, exceptionMsg
+    except sqlmapConnectionException, errMsg:
+        errMsg = str(errMsg)
+        raise sqlmapConnectionException, errMsg

    return True
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -35,6 +35,7 @@ from lib.core.common import readInput
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.exception import exceptionsTuple
 from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.session import setInjection
 from lib.core.target import initTargetEnv
@ -88,6 +89,9 @@ def start():
    check if they are dynamic and SQL injection affected
    """

+    if not conf.start:
+        return
+
    if conf.url:
        kb.targetUrls.add(( conf.url, conf.method, conf.data, conf.cookie ))

@ -105,6 +109,7 @@ def start():
    setCookieAsInjectable   = True

    for targetUrl, targetMethod, targetData, targetCookie in kb.targetUrls:
+        try:
            conf.url    = targetUrl
            conf.method = targetMethod
            conf.data   = targetData
@ -230,10 +235,8 @@ def start():
                elif len(injData) > 1:
                    injDataSelected = __selectInjection(injData)

-            elif conf.multipleTargets:
-                continue
-
                else:
+                    raise sqlmapNotVulnerableException, "all parameters are not injectable"
                    return

                if injDataSelected == "Quit":
@ -243,8 +246,6 @@ def start():
                    kb.injPlace, kb.injParameter, kb.injType = injDataSelected
                    setInjection()

-        if not conf.multipleTargets and ( not kb.injPlace or not kb.injParameter or not kb.injType ):
-            raise sqlmapNotVulnerableException, "all parameters are not injectable"
            elif kb.injPlace and kb.injParameter and kb.injType:
                if conf.multipleTargets:
                    message = "do you want to exploit this SQL injection? [Y/n] "
@ -258,5 +259,15 @@ def start():
                    checkForParenthesis()
                    action()

+        except exceptionsTuple, e:
+            e = str(e)
+
+            if conf.multipleTargets:
+                e += ", skipping to next url"
+                logger.error(e)
+            else:
+                logger.error(e)
+                return
+
    if conf.loggedToOut:
        logger.info("Fetched data logged to text files under '%s'" % conf.outputPath)
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -178,12 +178,12 @@ class Connect:

        except urllib2.HTTPError, e:
            if e.code == 401:
-                exceptionMsg  = "not authorized, try to provide right HTTP "
-                exceptionMsg += "authentication type and valid credentials"
-                raise sqlmapConnectionException, exceptionMsg
+                errMsg  = "not authorized, try to provide right HTTP "
+                errMsg += "authentication type and valid credentials"
+                raise sqlmapConnectionException, errMsg
            elif e.code == 404 and raise404:
-                exceptionMsg = "page not found"
-                raise sqlmapConnectionException, exceptionMsg
+                errMsg = "page not found"
+                raise sqlmapConnectionException, errMsg
            else:
                page = e.read()
                code = e.code
@ -210,12 +210,6 @@ class Connect:
            if "BadStatusLine" not in tbMsg:
                warnMsg += " or proxy"

-            if conf.multipleTargets:
-                warnMsg += ", skipping to next url"
-                logger.warn(warnMsg)
-
-                return None, None
-
            if silent:
                return None, None
            elif conf.retriesCount < conf.retries:
--- a/sqlmap.py
+++ b/sqlmap.py
@ -72,11 +72,10 @@ def main():

    try:
        init(cmdLineOptions)
-
-        if conf.start:
        start()

    except exceptionsTuple, e:
+        e = str(e)
        logger.error(e)

    except KeyboardInterrupt:
@ -90,6 +89,7 @@ def main():
        logger.error(errMsg)

    except:
+        print
        errMsg = unhandledException()
        logger.error(errMsg)
        traceback.print_exc()