Fixes #5232

2024-11-21 17:16:35 +03:00 · 2022-11-21 00:37:48 +01:00 · 2022-11-21 00:37:48 +01:00 · b8fa0edea6
commit b8fa0edea6
parent 55b2b43f0e
3 changed files with 17 additions and 20 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -10,7 +10,6 @@ import logging
 import random
 import re
 import socket
-import subprocess
 import time

 from extra.beep.beep import beep
@ -783,22 +782,8 @@ def checkSqlInjection(place, parameter, value):
                        injection.conf.regexp = conf.regexp
                        injection.conf.optimize = conf.optimize

-                        if not kb.alerted:
-                            if conf.beep:
-                                beep()
-
-                            if conf.alert:
-                                infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
-                                logger.info(infoMsg)
-
-                                try:
-                                    process = subprocess.Popen(conf.alert, shell=True)
-                                    process.wait()
-                                except Exception as ex:
-                                    errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex))
-                                    logger.error(errMsg)
-
-                            kb.alerted = True
+                        if conf.beep:
+                            beep()

                        # There is no need to perform this test for other
                        # <where> tags
@ -859,10 +844,8 @@ def checkSqlInjection(place, parameter, value):
        if not checkFalsePositives(injection):
            if conf.hostname in kb.vulnHosts:
                kb.vulnHosts.remove(conf.hostname)
-
            if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE not in injection.notes:
                injection.notes.append(NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE)
-
    else:
        injection = None

--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -9,6 +9,7 @@ from __future__ import division

 import os
 import re
+import subprocess
 import time

 from lib.controller.action import action
@ -598,6 +599,19 @@ def start():

                                        kb.injections.append(injection)

+                                        if not kb.alerted:
+                                            if conf.alert:
+                                                infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
+                                                logger.info(infoMsg)
+                                                try:
+                                                    process = subprocess.Popen(conf.alert, shell=True)
+                                                    process.wait()
+                                                except Exception as ex:
+                                                    errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex))
+                                                    logger.error(errMsg)
+
+                                            kb.alerted = True
+
                                        # In case when user wants to end detection phase (Ctrl+C)
                                        if not proceed:
                                            break
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -20,7 +20,7 @@ from thirdparty import six
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.6.11.5"
+VERSION = "1.6.11.6"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)