diff --git a/lib/controller/checks.py b/lib/controller/checks.py index f80cdfd27..997abb3dc 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -10,7 +10,6 @@ import logging import random import re import socket -import subprocess import time from extra.beep.beep import beep @@ -783,22 +782,8 @@ def checkSqlInjection(place, parameter, value): injection.conf.regexp = conf.regexp injection.conf.optimize = conf.optimize - if not kb.alerted: - if conf.beep: - beep() - - if conf.alert: - infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert - logger.info(infoMsg) - - try: - process = subprocess.Popen(conf.alert, shell=True) - process.wait() - except Exception as ex: - errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex)) - logger.error(errMsg) - - kb.alerted = True + if conf.beep: + beep() # There is no need to perform this test for other # tags @@ -859,10 +844,8 @@ def checkSqlInjection(place, parameter, value): if not checkFalsePositives(injection): if conf.hostname in kb.vulnHosts: kb.vulnHosts.remove(conf.hostname) - if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE not in injection.notes: injection.notes.append(NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE) - else: injection = None diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 47e7ef865..929a7c982 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -9,6 +9,7 @@ from __future__ import division import os import re +import subprocess import time from lib.controller.action import action @@ -598,6 +599,19 @@ def start(): kb.injections.append(injection) + if not kb.alerted: + if conf.alert: + infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert + logger.info(infoMsg) + try: + process = subprocess.Popen(conf.alert, shell=True) + process.wait() + except Exception as ex: + errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex)) + logger.error(errMsg) + + kb.alerted = True + # In case when user wants to end detection phase (Ctrl+C) if not proceed: break diff --git a/lib/core/settings.py b/lib/core/settings.py index 53069c175..6aaf6d599 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -20,7 +20,7 @@ from thirdparty import six from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.6.11.5" +VERSION = "1.6.11.6" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)