conf.md5hash thrown out

2024-11-22 17:46:37 +03:00 · 2010-10-25 13:52:21 +00:00 · 2010-10-25 13:52:21 +00:00 · 9c94a233a1
commit 9c94a233a1
parent 9a3879feba
4 changed files with 9 additions and 17 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -22,7 +22,6 @@ from lib.core.common import randomStr
 from lib.core.common import readInput
 from lib.core.common import showStaticWords
 from lib.core.common import DynamicContentItem
-from lib.core.convert import md5hash
 from lib.core.convert import urlencode
 from lib.core.data import conf
 from lib.core.data import kb
@ -202,11 +201,10 @@ def checkStability():
    time.sleep(1)
    secondPage, _ = Request.queryPage(content=True)

-    condition = (firstPage == secondPage)
+    kb.pageStable = (firstPage == secondPage)

-    if condition:
+    if kb.pageStable:
        if firstPage:
-            conf.md5hash = md5hash(firstPage)
            logMsg  = "url is stable"
            logger.info(logMsg)
        else:
@ -216,7 +214,7 @@ def checkStability():
            errMsg += "using higher verbosity levels"
            raise sqlmapNoneDataException, errMsg

-    elif not condition:
+    else:
        warnMsg  = "url is not stable, sqlmap will base the page "
        warnMsg += "comparison on a sequence matcher. If no dynamic nor "
        warnMsg += "injectable parameters are detected, or in case of "
@ -253,7 +251,7 @@ def checkStability():
        else:
            checkDynamicContent(firstPage, secondPage)

-    return condition
+    return kb.pageStable

 def checkString():
    if not conf.string:
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1014,7 +1014,6 @@ def __setConfAttributes():
    conf.loggedToOut      = None
    conf.logic            = "AND"
    conf.matchRatio       = None
-    conf.md5hash          = None
    conf.multipleTargets  = False
    conf.outputPath       = None
    conf.paramDict        = {}
@ -1083,6 +1082,7 @@ def __setKnowledgeBaseAttributes():
    kb.osVersion       = None
    kb.osSP            = None

+    kb.pageStable      = None
    kb.parenthesis     = None
    kb.partRun         = None
    kb.proxyAuthHeader = None
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -298,6 +298,7 @@ def initTargetEnv():
        kb.injPlace        = None
        kb.injType         = None
        kb.nullConnection  = None
+        kb.pageStable      = None
        kb.parenthesis     = None
        kb.proxyAuthHeader = None
        kb.stackedTest     = None
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -77,11 +77,11 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
        if conf.thold:
            conf.matchRatio = conf.thold

-        elif conf.md5hash is not None and ratio > 0.6 and ratio < 1:
+        elif kb.pageStable and ratio > 0.6 and ratio < 1:
            logger.debug("setting match ratio to %.3f" % ratio)
            conf.matchRatio = ratio

-        elif conf.md5hash is None or ( conf.md5hash is not None and ratio < 0.6 ):
+        elif not kb.pageStable or ( kb.pageStable and ratio < 0.6 ):
            logger.debug("setting match ratio to default value 0.900")
            conf.matchRatio = 0.900

@ -93,13 +93,6 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
    if getSeqMatcher:
        return ratio

-    # If the url is stable it returns True if the page has the same MD5
-    # hash of the original one
-    # NOTE: old implementation, it did not handle automatically the fact
-    # that the url could be not stable (due to VIEWSTATE, counter, etc.)
-    #elif conf.md5hash is not None:
-    #    return conf.md5hash == md5hash(page)
-
    # In case of an DBMS error page return False
    elif conf.errorComparison and kb.lastErrorPage and kb.lastErrorPage[0]==kb.lastRequestUID:
        return False