some updates

2025-01-23 15:54:24 +03:00 · 2010-12-04 15:47:02 +00:00 · 2010-12-04 15:47:02 +00:00 · 9e5f933ace
commit 9e5f933ace
parent 3f9450b9dc
4 changed files with 23 additions and 3 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -17,6 +17,8 @@ from lib.core.agent import agent
 from lib.core.common import beep
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import getUnicode
+from lib.core.common import popValue
+from lib.core.common import pushValue
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.common import readInput
@ -92,6 +94,9 @@ def checkSqlInjection(place, parameter, value):
    # successfully inject
    injection = injectionDict()

+    # Clear cookies after each query page attempt
+    kb.flushCookies = True
+
    for test in conf.tests:
        title = test.title
        stype = test.stype
@ -259,6 +264,10 @@ def checkSqlInjection(place, parameter, value):
                    origValue = value
                elif where == 2:
                    origValue = "-%s" % randomInt()
+
+                    # Save old page template and replace with new one
+                    pushValue(kb.pageTemplate)
+                    kb.pageTemplate = Request.queryPage(agent.payload(place, parameter, value, origValue), place, content=True)[0]
                elif where == 3:
                    origValue = ""

@ -347,6 +356,10 @@ def checkSqlInjection(place, parameter, value):

                            injectable = True

+                # Restore page template
+                if where == 2:
+                    kb.pageTemplate = popValue()
+
                # If the injection test was successful feed the injection
                # object with the test's details
                if injectable is True:
@ -400,6 +413,9 @@ def checkSqlInjection(place, parameter, value):
                # boundaries
                break

+    # Flush the flag
+    kb.flushCookies = False
+
    # Return the injection object
    if injection.place is not None and injection.parameter is not None:
        return injection
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1117,6 +1117,7 @@ def __setKnowledgeBaseAttributes():
    kb.cache.content   = {}
    kb.cache.regex     = {}

+    kb.flushCookies    = False
    kb.commonOutputs   = None

    kb.data            = advancedDict()
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -407,6 +407,9 @@ class Connect:
        if conf.textOnly:
            page = getFilteredPageContent(page)

+        if kb.flushCookies and conf.cj:
+            conf.cj.clear()
+
        if content or response:
            return page, headers
        elif getSeqMatcher:
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@ -416,12 +416,12 @@ Formats:
        <level>4</level>
        <risk>3</risk>
        <clause>1</clause>
-        <where>1</where>
+        <where>2</where>
        <request>
-            <payload>OR [RANDNUM]=[RANDNUM]</payload>
+            <payload>OR [RANDNUM]=[RANDNUM1]</payload>
        </request>
        <response>
-            <comparison>OR [RANDNUM]=[RANDNUM1]</comparison>
+            <comparison>OR [RANDNUM]=[RANDNUM]</comparison>
        </response>
    </test>