conf.md5hash thrown out

lib/controller/checks.py

@@ -22,7 +22,6 @@ from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import showStaticWords
 from lib.core.common import DynamicContentItem
-from lib.core.convert import md5hash
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
@@ -202,11 +201,10 @@ def checkStability():
     time.sleep(1)
     secondPage, _ = Request.queryPage(content=True)
 
-    condition = (firstPage == secondPage)
+    kb.pageStable = (firstPage == secondPage)
 
-    if condition:
+    if kb.pageStable:
         if firstPage:
-            conf.md5hash = md5hash(firstPage)
             logMsg  = "url is stable"
             logger.info(logMsg)
         else:
@@ -216,7 +214,7 @@ def checkStability():
             errMsg += "using higher verbosity levels"
             raise sqlmapNoneDataException, errMsg
 
-    elif not condition:
+    else:
         warnMsg  = "url is not stable, sqlmap will base the page "
         warnMsg += "comparison on a sequence matcher. If no dynamic nor "
         warnMsg += "injectable parameters are detected, or in case of "
@@ -253,7 +251,7 @@ def checkStability():
         else:
             checkDynamicContent(firstPage, secondPage)
 
-    return condition
+    return kb.pageStable
 
 def checkString():
     if not conf.string:

lib/core/option.py

@@ -1014,7 +1014,6 @@ def __setConfAttributes():
     conf.loggedToOut      = None
     conf.logic            = "AND"
     conf.matchRatio       = None
-    conf.md5hash          = None
     conf.multipleTargets  = False
     conf.outputPath       = None
     conf.paramDict        = {}
@@ -1083,6 +1082,7 @@ def __setKnowledgeBaseAttributes():
     kb.osVersion       = None
     kb.osSP            = None
 
+    kb.pageStable      = None
     kb.parenthesis     = None
     kb.partRun         = None
     kb.proxyAuthHeader = None

lib/core/target.py

@@ -298,6 +298,7 @@ def initTargetEnv():
         kb.injPlace        = None
         kb.injType         = None
         kb.nullConnection  = None
+        kb.pageStable      = None
         kb.parenthesis     = None
         kb.proxyAuthHeader = None
         kb.stackedTest     = None

lib/request/comparison.py

@@ -77,11 +77,11 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
         if conf.thold:
             conf.matchRatio = conf.thold
 
-        elif conf.md5hash is not None and ratio > 0.6 and ratio < 1:
+        elif kb.pageStable and ratio > 0.6 and ratio < 1:
             logger.debug("setting match ratio to %.3f" % ratio)
             conf.matchRatio = ratio
 
-        elif conf.md5hash is None or ( conf.md5hash is not None and ratio < 0.6 ):
+        elif not kb.pageStable or ( kb.pageStable and ratio < 0.6 ):
             logger.debug("setting match ratio to default value 0.900")
             conf.matchRatio = 0.900
 
@@ -93,13 +93,6 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
     if getSeqMatcher:
         return ratio
 
-    # If the url is stable it returns True if the page has the same MD5
-    # hash of the original one
-    # NOTE: old implementation, it did not handle automatically the fact
-    # that the url could be not stable (due to VIEWSTATE, counter, etc.)
-    #elif conf.md5hash is not None:
-    #    return conf.md5hash == md5hash(page)
-
     # In case of an DBMS error page return False
     elif conf.errorComparison and kb.lastErrorPage and kb.lastErrorPage[0]==kb.lastRequestUID:
         return False