mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
fix for all that stable, dynamic mambo jambo :)
This commit is contained in:
parent
f1f7e0bfe0
commit
e1cec8c02b
|
@ -52,6 +52,9 @@ def checkSqlInjection(place, parameter, value, parenthesis):
|
||||||
randStr = randomStr()
|
randStr = randomStr()
|
||||||
prefix = ""
|
prefix = ""
|
||||||
postfix = ""
|
postfix = ""
|
||||||
|
retVal = None
|
||||||
|
|
||||||
|
conf.matchRatio = None
|
||||||
|
|
||||||
if conf.prefix or conf.postfix:
|
if conf.prefix or conf.postfix:
|
||||||
if conf.prefix:
|
if conf.prefix:
|
||||||
|
@ -87,9 +90,12 @@ def checkSqlInjection(place, parameter, value, parenthesis):
|
||||||
if conf.beep:
|
if conf.beep:
|
||||||
beep()
|
beep()
|
||||||
|
|
||||||
return case.name
|
retVal = case.name
|
||||||
|
break
|
||||||
|
|
||||||
return None
|
kb.paramMatchRatio[(place, parameter)] = conf.matchRatio
|
||||||
|
|
||||||
|
return retVal
|
||||||
|
|
||||||
def heuristicCheckSqlInjection(place, parameter, value):
|
def heuristicCheckSqlInjection(place, parameter, value):
|
||||||
prefix = ""
|
prefix = ""
|
||||||
|
|
|
@ -30,6 +30,7 @@ from lib.core.exception import sqlmapNotVulnerableException
|
||||||
from lib.core.exception import sqlmapSilentQuitException
|
from lib.core.exception import sqlmapSilentQuitException
|
||||||
from lib.core.exception import sqlmapUserQuitException
|
from lib.core.exception import sqlmapUserQuitException
|
||||||
from lib.core.session import setInjection
|
from lib.core.session import setInjection
|
||||||
|
from lib.core.session import setMatchRatio
|
||||||
from lib.core.target import initTargetEnv
|
from lib.core.target import initTargetEnv
|
||||||
from lib.core.target import setupTargetEnv
|
from lib.core.target import setupTargetEnv
|
||||||
from lib.core.target import findPageForms
|
from lib.core.target import findPageForms
|
||||||
|
@ -290,6 +291,8 @@ def start():
|
||||||
condition = True
|
condition = True
|
||||||
|
|
||||||
if condition:
|
if condition:
|
||||||
|
conf.matchRatio = kb.paramMatchRatio[(kb.injPlace, kb.injParameter)]
|
||||||
|
setMatchRatio()
|
||||||
checkForParenthesis()
|
checkForParenthesis()
|
||||||
action()
|
action()
|
||||||
|
|
||||||
|
|
|
@ -1098,6 +1098,7 @@ def __setKnowledgeBaseAttributes():
|
||||||
kb.osSP = None
|
kb.osSP = None
|
||||||
|
|
||||||
kb.pageStable = None
|
kb.pageStable = None
|
||||||
|
kb.paramMatchRatio = {}
|
||||||
kb.parenthesis = None
|
kb.parenthesis = None
|
||||||
kb.partRun = None
|
kb.partRun = None
|
||||||
kb.proxyAuthHeader = None
|
kb.proxyAuthHeader = None
|
||||||
|
|
|
@ -300,6 +300,7 @@ def initTargetEnv():
|
||||||
kb.nullConnection = None
|
kb.nullConnection = None
|
||||||
kb.pageStable = None
|
kb.pageStable = None
|
||||||
kb.parenthesis = None
|
kb.parenthesis = None
|
||||||
|
kb.paramMatchRatio = {}
|
||||||
kb.proxyAuthHeader = None
|
kb.proxyAuthHeader = None
|
||||||
kb.stackedTest = None
|
kb.stackedTest = None
|
||||||
kb.timeTest = None
|
kb.timeTest = None
|
||||||
|
|
|
@ -15,7 +15,6 @@ from lib.core.common import wasLastRequestError
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.session import setMatchRatio
|
|
||||||
|
|
||||||
def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
|
def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
|
||||||
if page is None and pageLength is None:
|
if page is None and pageLength is None:
|
||||||
|
@ -94,9 +93,6 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
|
||||||
logger.debug("setting match ratio to default value 0.900")
|
logger.debug("setting match ratio to default value 0.900")
|
||||||
conf.matchRatio = 0.900
|
conf.matchRatio = 0.900
|
||||||
|
|
||||||
if conf.matchRatio is not None:
|
|
||||||
setMatchRatio()
|
|
||||||
|
|
||||||
# If it has been requested to return the ratio and not a comparison
|
# If it has been requested to return the ratio and not a comparison
|
||||||
# response
|
# response
|
||||||
if getSeqMatcher:
|
if getSeqMatcher:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user