From 6d07dddf60630c25306b592a59fc39e1a485ec4a Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Thu, 21 Apr 2011 21:53:35 +0000 Subject: [PATCH] updated doc and minor layout adjustments --- doc/THANKS | 3 +++ lib/controller/controller.py | 7 +++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/doc/THANKS b/doc/THANKS index b2fb55cb4..04550454b 100644 --- a/doc/THANKS +++ b/doc/THANKS @@ -30,6 +30,9 @@ Daniele Bellucci for starting sqlmap project and developing it between July and August 2006 +Anthony Boynes + for reporting a bug + Velky Brat for suggesting a minor enhancement to the bisection algorithm diff --git a/lib/controller/controller.py b/lib/controller/controller.py index c03e78fe4..27d12c956 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -322,6 +322,7 @@ def start(): if (len(kb.injections) == 0 or (len(kb.injections) == 1 and kb.injections[0].place is None)) \ and (kb.injection.place is None or kb.injection.parameter is None): + if not conf.string and not conf.regexp: # NOTE: this is not needed anymore, leaving only to display # a warning message to the user in case the page is not stable @@ -359,6 +360,7 @@ def start(): continue paramDict = conf.paramDict[place] + for parameter, value in paramDict.items(): if not proceed: break @@ -396,8 +398,9 @@ def start(): if testSqlInj: check = heuristicCheckSqlInjection(place, parameter) - if not check and conf.realTest and\ - not simpletonCheckSqlInjection(place, parameter, value): + + if not check and conf.realTest and \ + not simpletonCheckSqlInjection(place, parameter, value): continue logMsg = "testing sql injection on %s " % place