Implementation for an Issue #507

2024-11-25 19:13:48 +03:00 · 2013-08-13 18:55:23 +02:00 · 2013-08-13 18:55:23 +02:00 · 52a71546d0
commit 52a71546d0
parent 4929cff0c0
2 changed files with 8 additions and 1 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -287,7 +287,13 @@ def start():
                if paramKey not in kb.testedParams:
                    testSqlInj = True

-            testSqlInj &= conf.hostname not in kb.vulnHosts
+            if testSqlInj and conf.hostname in kb.vulnHosts:
+                if kb.skipVulnHost is None:
+                    message = "vulnerability has already been detected "
+                    message += "against '%s'. Do you want to skip " % conf.hostname
+                    message += "further tests involving it? [Y/n]"
+                    kb.skipVulnHost = readInput(message, default="Y").upper() != 'N'
+                testSqlInj = not kb.skipVulnHost

            if not testSqlInj:
                infoMsg = "skipping '%s'" % targetUrl
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1673,6 +1673,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.resumeValues = True
    kb.safeCharEncode = False
    kb.singleLogFlags = set()
+    kb.skipVulnHost = None
    kb.reduceTests = None
    kb.stickyDBMS = False
    kb.stickyLevel = None