Implementation for an #162

This commit is contained in:
Miroslav Stampar 2012-08-22 16:50:01 +02:00
parent 0ad3846451
commit e9ae44c6fc
3 changed files with 4 additions and 3 deletions

View File

@ -520,8 +520,7 @@ def checkSqlInjection(place, parameter, value):
break
if injectable is True:
# There is no need to perform this test with others
# boundaries
kb.vulnHosts.add(conf.hostname)
break
# Reset forced back-end DBMS value

View File

@ -236,7 +236,7 @@ def start():
action()
return True
if conf.url and not any([conf.forms, conf.crawlDepth]):
if conf.url and not any((conf.forms, conf.crawlDepth)):
kb.targetUrls.add((conf.url, conf.method, conf.data, conf.cookie))
if conf.configFile and not kb.targetUrls:
@ -277,6 +277,7 @@ def start():
testSqlInj = True
testSqlInj &= (conf.hostname, conf.path, None, None) not in kb.testedParams
testSqlInj &= conf.hostname not in kb.vulnHosts
if not testSqlInj:
infoMsg = "skipping '%s'" % targetUrl

View File

@ -1569,6 +1569,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.testedParams = set()
kb.userAgents = None
kb.vainRun = True
kb.vulnHosts = set()
kb.wordlists = None
def __useWizardInterface():