bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)

2025-04-22 18:12:04 +03:00 · 2010-12-23 11:28:13 +00:00 · 2010-12-23 11:28:13 +00:00 · 73f33c1999
commit 73f33c1999
parent 5a0aef0f33
2 changed files with 4 additions and 1 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -183,6 +183,7 @@ def start():
                if paramKey not in kb.testedParams:
                    testSqlInj = True

+            testSqlInj &= (conf.hostname, conf.path, None, None) not in kb.testedParams
            if not testSqlInj:
                infoMsg = "skipping '%s'" % targetUrl
                logger.info(infoMsg)
@ -366,6 +367,8 @@ def start():

                                if test[0] in ("n", "N"):
                                    proceed = False
+                                    paramKey = (conf.hostname, conf.path, None, None)
+                                    kb.testedParams.add(paramKey)
                                    break
                            else:
                                warnMsg  = "%s parameter '%s' is not " % (place, parameter)
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1192,7 +1192,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.responseTimes   = []
    kb.resumedQueries  = {}
    kb.retriesCount    = 0
-    kb.testedParams    = set()
    kb.technique       = None
    kb.testMode        = False
    kb.testQueryCount  = 0
@ -1208,6 +1207,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
        kb.keywords        = set(getFileItems(paths.SQL_KEYWORDS))
        kb.tamperFunctions = []
        kb.targetUrls      = set()
+        kb.testedParams    = set()
        kb.userAgents      = None

 def __saveCmdline():