Implementation for an Issue #155

2025-01-24 00:04:23 +03:00 · 2012-08-20 12:14:01 +02:00 · 2012-08-20 12:14:01 +02:00 · 6f450ac8bf
commit 6f450ac8bf
parent 823dde73ab
2 changed files with 16 additions and 6 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -635,6 +635,15 @@ def heuristicCheckSqlInjection(place, parameter):

    kb.heuristicTest = result

+    if not result and kb.dynamicParameter:
+        _ = conf.paramDict[place][parameter]
+
+        if _.isdigit():
+            randInt = int(randomInt())
+            payload = "%s%s%s" % (prefix, "%s-%s" % (int(_) + randInt, randInt), suffix)
+            payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE)
+            result = Request.queryPage(payload, place, raise404=False)
+
    if result:
        infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION)
        logger.info(infoMsg)
@ -675,10 +684,10 @@ def checkDynParam(place, parameter, value):
    except sqlmapConnectionException:
        pass

-    if dynResult is None:
-        return None
-    else:
-        return not dynResult
+    result = None if dynResult is None else not dynResult
+    kb.dynamicParameter = result
+
+    return result

 def checkDynamicContent(firstPage, secondPage):
    """
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -438,8 +438,9 @@ def start():
                            logger.info(infoMsg)

                        elif PAYLOAD.TECHNIQUE.BOOLEAN in conf.tech:
-                                kb.dynamicParameter = checkDynParam(place, parameter, value)
-                                if not kb.dynamicParameter:
+                                check = checkDynParam(place, parameter, value)
+
+                                if not check:
                                    warnMsg = "%s parameter '%s' appears to be not dynamic" % (place, parameter)
                                    logger.warn(warnMsg)