diff --git a/lib/controller/checks.py b/lib/controller/checks.py index de16f522a..ea4ad640d 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -41,6 +41,7 @@ from lib.core.data import kb from lib.core.data import logger from lib.core.datatype import AttribDict from lib.core.datatype import InjectionDict +from lib.core.enums import HEURISTIC_TEST from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPMETHOD from lib.core.enums import NULLCONNECTION @@ -648,8 +649,6 @@ def heuristicCheckSqlInjection(place, parameter): payload = agent.payload(place, parameter, newValue=payload, where=PAYLOAD.WHERE.REPLACE) casting = Request.queryPage(payload, place, raise404=False) - kb.heuristicTest = result - if result: infoMsg += "be injectable (possible DBMS: %s)" % (Format.getErrorParsedDBMSes() or UNKNOWN_DBMS_VERSION) logger.info(infoMsg) @@ -666,7 +665,9 @@ def heuristicCheckSqlInjection(place, parameter): message = "do you want to skip those kind of cases (and save scanning time)? [Y/n] " kb.ignoreCasted = readInput(message, default='Y').upper() != 'N' - return result + kb.heuristicTest = HEURISTIC_TEST.CASTED if casting else HEURISTIC_TEST.NEGATIVE if not result else HEURISTIC_TEST.POSITIVE + + return kb.heuristicTest def checkDynParam(place, parameter, value): """ diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 5506f5b81..760e21e46 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -36,6 +36,7 @@ from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger from lib.core.enums import HASHDB_KEYS +from lib.core.enums import HEURISTIC_TEST from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPMETHOD from lib.core.enums import PAYLOAD @@ -453,8 +454,8 @@ def start(): if testSqlInj: check = heuristicCheckSqlInjection(place, parameter) - if not check: - if conf.smart or kb.ignoreCasted: + if check != HEURISTIC_TEST.POSITIVE: + if conf.smart or (kb.ignoreCasted and check == HEURISTIC_TEST.CASTED): infoMsg = "skipping %s parameter '%s'" % (place, parameter) logger.info(infoMsg) continue @@ -517,7 +518,7 @@ def start(): errMsg += "of comparison engine to detect at least " errMsg += "one dynamic parameter)." - if kb.heuristicTest: + if kb.heuristicTest == HEURISTIC_TEST.POSITIVE: errMsg += " As heuristic test turned out positive you are " errMsg += "strongly advised to continue on with the tests. " errMsg += "Please, consider usage of tampering scripts as " diff --git a/lib/core/common.py b/lib/core/common.py index 0ac0815dd..a4777ba48 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -61,6 +61,7 @@ from lib.core.dicts import SQL_STATEMENTS from lib.core.enums import CHARSET_TYPE from lib.core.enums import DBMS from lib.core.enums import EXPECTED +from lib.core.enums import HEURISTIC_TEST from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPMETHOD from lib.core.enums import OS @@ -197,7 +198,7 @@ class Format: htmlParsed = None - if len(kb.htmlFp) == 0 or kb.heuristicTest is None: + if len(kb.htmlFp) == 0 or kb.heuristicTest != HEURISTIC_TEST.POSITIVE: pass elif len(kb.htmlFp) == 1: htmlParsed = kb.htmlFp[0] diff --git a/lib/core/enums.py b/lib/core/enums.py index 1c0ddcd26..f645b0733 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -86,6 +86,11 @@ class CHARSET_TYPE: ALPHA = 4, ALPHANUM = 5 +class HEURISTIC_TEST: + CASTED = 1, + NEGATIVE = 2, + POSITIVE = 3 + class HASH: MYSQL = r'(?i)\A\*[0-9a-f]{40}\Z' MYSQL_OLD = r'(?i)\A(?![0-9]+\Z)[0-9a-f]{16}\Z'