diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 0c4820e41..e744aa0b7 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -502,7 +502,7 @@ def checkSqlInjection(place, parameter, value): def checkFalsePositives(injection): """ - Checks for false positives + Checks for false positives (only in single special cases) """ retVal = injection @@ -521,7 +521,8 @@ def checkFalsePositives(injection): while randInt1 == randInt2: randInt2 = int(randomInt(2)) + 1 - # simple arithmetic operations like in Turing tests + # simple arithmetic operations which should show basic + # arithmetic ability of the backend if it's really injectable if not checkBooleanExpression("(%d+%d)=%d" % (randInt1, randInt2, randInt1 + randInt2)): retVal = None elif checkBooleanExpression("%d=%d" % (randInt1, randInt2)): diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 5deab175f..ad4032653 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -48,6 +48,7 @@ from lib.core.exception import sqlmapUserQuitException from lib.core.session import setInjection from lib.core.settings import EMPTY_FORM_FIELDS_REGEX from lib.core.settings import IGNORE_PARAMETERS +from lib.core.settings import LOW_TEXT_PERCENT from lib.core.settings import REFERER_ALIASES from lib.core.settings import USER_AGENT_ALIASES from lib.core.target import initTargetEnv @@ -424,6 +425,8 @@ def start(): logger.warn(warnMsg) else: + kb.foundDynamicParameter = True + infoMsg = "%s parameter '%s' is dynamic" % (place, parameter) logger.info(infoMsg) @@ -469,7 +472,7 @@ def start(): errMsg += "(e.g. GET parameter 'id' in 'www.site.com/index.php?id=1')" raise sqlmapNoneDataException, errMsg elif not conf.realTest: - errMsg = "all parameters are not injectable." + errMsg = "all parameters appear to be not injectable." if conf.level < 5 or conf.risk < 3: errMsg += " Try to increase --level/--risk values " @@ -480,10 +483,19 @@ def start(): if not conf.textOnly and kb.originalPage: percent = (100.0 * len(getFilteredPageContent(kb.originalPage)) / len(kb.originalPage)) - errMsg += " Give it a go with the --text-only switch " - errMsg += "if the target page has a low percentage of " - errMsg += "textual content (~%.2f%% of " % percent - errMsg += "page content is text)." + + if kb.dynamicParameters: + errMsg += " Give it a go with the --text-only switch " + errMsg += "if the target page has a low percentage of " + errMsg += "textual content (~%.2f%% of " % percent + errMsg += "page content is text)." + elif percent < LOW_TEXT_PERCENT: + errMsg = " Please retry with the --text-only switch " + errMsg += "as this case looks like a perfect candidate " + errMsg += "(low textual content along with inability " + errMsg += "of comparison engine to detect at least " + errMsg += "one dynamic parameter)." + raise sqlmapNoneDataException, errMsg if not conf.string and not conf.regexp: errMsg += " Rerun by providing either a valid --string " diff --git a/lib/core/option.py b/lib/core/option.py index 1c7a8ee5f..dd1c212d4 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1341,6 +1341,7 @@ def __setKnowledgeBaseAttributes(flushAll=True): kb.dep = None kb.docRoot = None kb.dynamicMarkings = [] + kb.dynamicParameters = False kb.endDetection = False kb.httpErrorCodes = {} kb.errorIsNone = True diff --git a/lib/core/settings.py b/lib/core/settings.py index 672b5596c..bf71f1774 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -339,3 +339,6 @@ LOCALHOST = "127.0.0.1" # Default ports used in Tor proxy bundles DEFAULT_TOR_PORTS = (8118, 8123) + +# Percentage below which comparison engine could have problems +LOW_TEXT_PERCENT = 20