From d0df8cdac94cfb90ab6c3d21f0fb2414cadd2df1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 15 Oct 2010 00:34:16 +0000 Subject: [PATCH] fix for that duplicates --- lib/controller/controller.py | 33 ++++++++++++++++++++++++++------- lib/core/target.py | 8 ++++++++ 2 files changed, 34 insertions(+), 7 deletions(-) diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 7849aea7d..69d86441e 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -7,6 +7,8 @@ Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/) See the file 'doc/COPYING' for copying permission """ +import re + from lib.controller.action import action from lib.controller.checks import checkSqlInjection from lib.controller.checks import heuristicCheckSqlInjection @@ -116,6 +118,21 @@ def start(): conf.data = targetData conf.cookie = targetCookie injData = [] + + initTargetEnv() + parseTargetUrl() + + testSqlInj = False + if "GET" in conf.parameters: + for parameter in re.findall(r"([^=]+)=[^&]+&?", conf.parameters["GET"]): + paramKey = (conf.hostname, conf.path, "GET", parameter) + if paramKey not in kb.testedParams: + testSqlInj = True + break + if not testSqlInj: + infoMsg = "skipping '%s'" % targetUrl + logger.info(infoMsg) + continue if conf.multipleTargets: hostCount += 1 @@ -140,8 +157,6 @@ def start(): logMsg = "testing url %s" % targetUrl logger.info(logMsg) - initTargetEnv() - parseTargetUrl() setupTargetEnv() if not checkConnection() or not checkString() or not checkRegexp(): @@ -192,23 +207,26 @@ def start(): continue paramDict = conf.paramDict[place] - for parameter, value in paramDict.items(): testSqlInj = True - paramKey = (conf.hostname, place, parameter) + paramKey = (conf.hostname, conf.path, place, parameter) if paramKey in kb.testedParams: - warnMsg = "skipping previously processed %s parameter '%s'" % (place, parameter) - logger.warn(warnMsg) testSqlInj = False + + infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter) + logger.info(infoMsg) + # Avoid dinamicity test if the user provided the # parameter manually elif parameter in conf.testParameter: pass + elif not checkDynParam(place, parameter, value): warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter) logger.warn(warnMsg) testSqlInj = False + else: logMsg = "%s parameter '%s' is dynamic" % (place, parameter) logger.info(logMsg) @@ -217,6 +235,7 @@ def start(): if testSqlInj: heuristicCheckSqlInjection(place, parameter, value) + for parenthesis in range(0, 4): logMsg = "testing sql injection on %s " % place logMsg += "parameter '%s' with " % parameter @@ -227,8 +246,8 @@ def start(): if injType: injData.append((place, parameter, injType)) - break + else: infoMsg = "%s parameter '%s' is not " % (place, parameter) infoMsg += "injectable with %d parenthesis" % parenthesis diff --git a/lib/core/target.py b/lib/core/target.py index 4ac500d16..a6204effd 100644 --- a/lib/core/target.py +++ b/lib/core/target.py @@ -124,20 +124,26 @@ def __setRequestParams(): def __findPageForms(): infoMsg = "searching for forms" logger.info(infoMsg) + response, _ = Request.queryPage(response=True) forms = ParseResponse(response, backwards_compat=False) + count = 1 for form in forms: request = form.click() + url = request.get_full_url() method = request.get_method() data = request.get_data() if request.has_data() else None + message = "(#%d) Do you want to test form '%s' (%s, %s%s) [Y/n] " % (count, form.name, method, url, ", %s" % repr(data) if data else "") test = readInput(message, default="Y") + if not test or test[0] in ("y", "Y"): if method == "POST": message = " Edit POST data [default: %s]: " % (data if data else "") test = readInput(message, default=data) + elif method == "GET": if url.find("?") > -1: firstPart = url[:url.find("?")] @@ -145,7 +151,9 @@ def __findPageForms(): message = " Edit GET data [default: %s]: " % secondPart test = readInput(message, default=secondPart) url = "%s?%s" % (firstPart, test) + kb.targetUrls.add((url, method, data, conf.cookie)) + count +=1 def __setOutputResume():