fix for all that stable, dynamic mambo jambo :)

2024-11-22 09:36:35 +03:00 · 2010-11-04 16:44:34 +00:00 · 2010-11-04 16:44:34 +00:00 · e1cec8c02b
commit e1cec8c02b
parent f1f7e0bfe0
5 changed files with 13 additions and 6 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -52,6 +52,9 @@ def checkSqlInjection(place, parameter, value, parenthesis):
    randStr = randomStr()
    prefix = ""
    postfix = ""
+    retVal = None
+
+    conf.matchRatio = None

    if conf.prefix or conf.postfix:
        if conf.prefix:
@ -87,9 +90,12 @@ def checkSqlInjection(place, parameter, value, parenthesis):
                if conf.beep:
                    beep()

-                return case.name
+                retVal = case.name
+                break

-    return None
+    kb.paramMatchRatio[(place, parameter)] = conf.matchRatio
+
+    return retVal

 def heuristicCheckSqlInjection(place, parameter, value):
    prefix = ""
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -30,6 +30,7 @@ from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.exception import sqlmapSilentQuitException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setInjection
+from lib.core.session import setMatchRatio
 from lib.core.target import initTargetEnv
 from lib.core.target import setupTargetEnv
 from lib.core.target import findPageForms
@ -290,6 +291,8 @@ def start():
                    condition = True

                if condition:
+                    conf.matchRatio = kb.paramMatchRatio[(kb.injPlace, kb.injParameter)]
+                    setMatchRatio()
                    checkForParenthesis()
                    action()

--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1098,6 +1098,7 @@ def __setKnowledgeBaseAttributes():
    kb.osSP            = None

    kb.pageStable      = None
+    kb.paramMatchRatio = {}
    kb.parenthesis     = None
    kb.partRun         = None
    kb.proxyAuthHeader = None
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -300,6 +300,7 @@ def initTargetEnv():
        kb.nullConnection  = None
        kb.pageStable      = None
        kb.parenthesis     = None
+        kb.paramMatchRatio = {}
        kb.proxyAuthHeader = None
        kb.stackedTest     = None
        kb.timeTest        = None
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -15,7 +15,6 @@ from lib.core.common import wasLastRequestError
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
-from lib.core.session import setMatchRatio

 def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
    if page is None and pageLength is None:
@ -94,9 +93,6 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
            logger.debug("setting match ratio to default value 0.900")
            conf.matchRatio = 0.900

-        if conf.matchRatio is not None:
-            setMatchRatio()
-
    # If it has been requested to return the ratio and not a comparison
    # response
    if getSeqMatcher: