This commit is contained in:
Miroslav Stampar 2022-11-21 00:37:48 +01:00
parent 55b2b43f0e
commit b8fa0edea6
3 changed files with 17 additions and 20 deletions

View File

@ -10,7 +10,6 @@ import logging
import random
import re
import socket
import subprocess
import time
from extra.beep.beep import beep
@ -783,23 +782,9 @@ def checkSqlInjection(place, parameter, value):
injection.conf.regexp = conf.regexp
injection.conf.optimize = conf.optimize
if not kb.alerted:
if conf.beep:
beep()
if conf.alert:
infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
logger.info(infoMsg)
try:
process = subprocess.Popen(conf.alert, shell=True)
process.wait()
except Exception as ex:
errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex))
logger.error(errMsg)
kb.alerted = True
# There is no need to perform this test for other
# <where> tags
break
@ -859,10 +844,8 @@ def checkSqlInjection(place, parameter, value):
if not checkFalsePositives(injection):
if conf.hostname in kb.vulnHosts:
kb.vulnHosts.remove(conf.hostname)
if NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE not in injection.notes:
injection.notes.append(NOTE.FALSE_POSITIVE_OR_UNEXPLOITABLE)
else:
injection = None

View File

@ -9,6 +9,7 @@ from __future__ import division
import os
import re
import subprocess
import time
from lib.controller.action import action
@ -598,6 +599,19 @@ def start():
kb.injections.append(injection)
if not kb.alerted:
if conf.alert:
infoMsg = "executing alerting shell command(s) ('%s')" % conf.alert
logger.info(infoMsg)
try:
process = subprocess.Popen(conf.alert, shell=True)
process.wait()
except Exception as ex:
errMsg = "error occurred while executing '%s' ('%s')" % (conf.alert, getSafeExString(ex))
logger.error(errMsg)
kb.alerted = True
# In case when user wants to end detection phase (Ctrl+C)
if not proceed:
break

View File

@ -20,7 +20,7 @@ from thirdparty import six
from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.6.11.5"
VERSION = "1.6.11.6"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)