diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 4733f178b..e54f8461a 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -203,7 +203,7 @@ def checkSqlInjection(place, parameter, value): continue match = re.search(r"(\d+)-(\d+)", test.request.columns) - if injection.data and match: + if match and injection.data: lower, upper = int(match.group(1)), int(match.group(2)) for _ in (lower, upper): if _ > 1: @@ -329,6 +329,22 @@ def checkSqlInjection(place, parameter, value): logger.debug(debugMsg) continue + match = re.search(r"(\d+)-(\d+)", test.request.columns) + if match and not injection.data: + _ = test.request.columns.split('-')[-1] + if conf.uCols is None and _.isdigit() and int(_) > 10: + if kb.futileUnion is None: + msg = "it is not recommended to perform " + msg += "extended UNION tests if there is not " + msg += "at least one other (potential) " + msg += "technique found. Do you want to skip? [Y/n] " + kb.futileUnion = not readInput(msg, default='Y', boolean=True) + + if kb.futileUnion is False: + debugMsg = "skipping test '%s'" % title + logger.debug(debugMsg) + continue + infoMsg = "testing '%s'" % title logger.info(infoMsg) @@ -653,18 +669,6 @@ def checkSqlInjection(place, parameter, value): infoMsg += "there is at least one other (potential) " infoMsg += "technique found" singleTimeLogMessage(infoMsg) - elif not injection.data: - _ = test.request.columns.split('-')[-1] - if _.isdigit() and int(_) > 10: - if kb.futileUnion is None: - msg = "it is not recommended to perform " - msg += "extended UNION tests if there is not " - msg += "at least one other (potential) " - msg += "technique found. Do you want to skip? [Y/n] " - - kb.futileUnion = not readInput(msg, default='Y', boolean=True) - if kb.futileUnion is False: - continue # Test for UNION query SQL injection reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix) diff --git a/lib/core/settings.py b/lib/core/settings.py index baf815e85..c32490965 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.3.32" +VERSION = "1.2.3.33" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 42c62007f..bd6de5e7a 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -21,7 +21,7 @@ c88d66597f4aab719bde4542b0a1a6e0 extra/shutils/regressiontest.py 1e5532ede194ac9c083891c2f02bca93 extra/sqlharvest/__init__.py b3e60ea4e18a65c48515d04aab28ff68 extra/sqlharvest/sqlharvest.py 0f581182871148b0456a691ae85b04c0 lib/controller/action.py -62a348c0ed32c7e67cd456680791cad5 lib/controller/checks.py +a6751962ab23d450857c11f7466dd43c lib/controller/checks.py 33689bb1b064d4eebc216934795a595f lib/controller/controller.py c7443613a0a2505b1faec931cee2a6ef lib/controller/handler.py 1e5532ede194ac9c083891c2f02bca93 lib/controller/__init__.py @@ -46,7 +46,7 @@ ffa5f01f39b17c8d73423acca6cfe86a lib/core/readlineng.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -17745353e1c638259aca7f77cf2d34b8 lib/core/settings.py +a719b1091a4864e59d43f003f8f0155b lib/core/settings.py 0dfc2ed40adf72e302291f6ecd4406f6 lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 12f8c42ed742581644f6476a7d80dcf8 lib/core/target.py