Cosmetics and major bug fix

2025-03-03 19:55:47 +03:00 · 2011-04-21 21:15:23 +00:00 · 2011-04-21 21:15:23 +00:00 · edc2d75702
commit edc2d75702
parent 870f773d70
2 changed files with 9 additions and 1 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -198,9 +198,11 @@ def start():
            parseTargetUrl()

            testSqlInj = False
+
            if PLACE.GET in conf.parameters:
                for parameter in re.findall(r"([^=]+)=([^&]+&?|\Z)", conf.parameters[PLACE.GET]):
                    paramKey = (conf.hostname, conf.path, PLACE.GET, parameter[0])
+
                    if paramKey not in kb.testedParams:
                        testSqlInj = True
                        break
@ -218,6 +220,7 @@ def start():

            if conf.multipleTargets:
                hostCount += 1
+
                if conf.forms:
                    message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
                else:
@ -254,7 +257,7 @@ def start():

                        # we need to reinitialize environment as
                        # we are expecting changes in testing data
-                        initTargetEnv()
+                        #initTargetEnv()
                        parseTargetUrl()

                    elif test[0] in ("n", "N"):
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -92,13 +92,18 @@ def __setRequestParams():
        conf.parameters[PLACE.URI] = conf.url
        conf.paramDict[PLACE.URI] = {}
        parts = conf.url.split(URI_INJECTION_MARK_CHAR)
+
        for i in range(len(parts)-1):
            result = str()
+
            for j in range(len(parts)):
                result += parts[j]
+
                if i == j:
                    result += URI_INJECTION_MARK_CHAR
+
            conf.paramDict[PLACE.URI]["#%d%s" % (i+1, URI_INJECTION_MARK_CHAR)] = result
+
        conf.url = conf.url.replace(URI_INJECTION_MARK_CHAR, str())
        __testableParameters = True