Implementation for an #162

2025-03-03 11:45:46 +03:00 · 2012-08-22 16:50:01 +02:00 · 2012-08-22 16:50:01 +02:00 · e9ae44c6fc
commit e9ae44c6fc
parent 0ad3846451
3 changed files with 4 additions and 3 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -520,8 +520,7 @@ def checkSqlInjection(place, parameter, value):
                        break

                if injectable is True:
-                    # There is no need to perform this test with others
-                    # boundaries
+                    kb.vulnHosts.add(conf.hostname)
                    break

            # Reset forced back-end DBMS value
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -236,7 +236,7 @@ def start():
        action()
        return True

-    if conf.url and not any([conf.forms, conf.crawlDepth]):
+    if conf.url and not any((conf.forms, conf.crawlDepth)):
        kb.targetUrls.add((conf.url, conf.method, conf.data, conf.cookie))

    if conf.configFile and not kb.targetUrls:
@ -277,6 +277,7 @@ def start():
                    testSqlInj = True

            testSqlInj &= (conf.hostname, conf.path, None, None) not in kb.testedParams
+            testSqlInj &= conf.hostname not in kb.vulnHosts

            if not testSqlInj:
                infoMsg = "skipping '%s'" % targetUrl
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1569,6 +1569,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
        kb.testedParams = set()
        kb.userAgents = None
        kb.vainRun = True
+        kb.vulnHosts = set()
        kb.wordlists = None

 def __useWizardInterface():