From 73f33c199920a1b92563590a003be4eada13cc26 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 23 Dec 2010 11:28:13 +0000 Subject: [PATCH] bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped) --- lib/controller/controller.py | 3 +++ lib/core/option.py | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 0b68c907f..8ba50c1d6 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -183,6 +183,7 @@ def start(): if paramKey not in kb.testedParams: testSqlInj = True + testSqlInj &= (conf.hostname, conf.path, None, None) not in kb.testedParams if not testSqlInj: infoMsg = "skipping '%s'" % targetUrl logger.info(infoMsg) @@ -366,6 +367,8 @@ def start(): if test[0] in ("n", "N"): proceed = False + paramKey = (conf.hostname, conf.path, None, None) + kb.testedParams.add(paramKey) break else: warnMsg = "%s parameter '%s' is not " % (place, parameter) diff --git a/lib/core/option.py b/lib/core/option.py index d6b33b6f2..3a02d133c 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1192,7 +1192,6 @@ def __setKnowledgeBaseAttributes(flushAll=True): kb.responseTimes = [] kb.resumedQueries = {} kb.retriesCount = 0 - kb.testedParams = set() kb.technique = None kb.testMode = False kb.testQueryCount = 0 @@ -1208,6 +1207,7 @@ def __setKnowledgeBaseAttributes(flushAll=True): kb.keywords = set(getFileItems(paths.SQL_KEYWORDS)) kb.tamperFunctions = [] kb.targetUrls = set() + kb.testedParams = set() kb.userAgents = None def __saveCmdline():