some fixes :)

2025-02-02 20:54:13 +03:00 · 2010-11-09 22:32:05 +00:00 · 2010-11-09 22:32:05 +00:00 · fef60d5cb7
commit fef60d5cb7
parent 1cc99e2247
4 changed files with 18 additions and 4 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -63,6 +63,8 @@ def checkSqlInjection(place, parameter, value, parenthesis):
            postfix = conf.postfix

    for case in kb.injections.root.case:
+        conf.matchRatio = None
+
        positive = case.test.positive
        negative = case.test.negative

@ -73,12 +75,22 @@ def checkSqlInjection(place, parameter, value, parenthesis):
        infoMsg += "on %s parameter '%s'" % (place, parameter)
        logger.info(infoMsg)

+        payload = agent.payload(place, parameter, value, negative.format % eval(negative.params))
+        _ = Request.queryPage(payload, place)
+
        payload = agent.payload(place, parameter, value, positive.format % eval(positive.params))
        trueResult = Request.queryPage(payload, place)

        if trueResult is True:
+            infoMsg  = "confirming %s (%s) injection " % (case.desc, logic)
+            infoMsg += "on %s parameter '%s'" % (place, parameter)
+            logger.info(infoMsg)
+
            payload = agent.payload(place, parameter, value, negative.format % eval(negative.params))

+            randInt = randomInt()
+            randStr = randomStr()
+
            falseResult = Request.queryPage(payload, place)

            if falseResult is False:
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -254,8 +254,6 @@ def start():
                        if testSqlInj:
                            heuristicCheckSqlInjection(place, parameter, value)

-                            conf.matchRatio = None
-
                            for parenthesis in range(0, 4):
                                logMsg  = "testing sql injection on %s " % place
                                logMsg += "parameter '%s' with " % parameter
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -21,6 +21,9 @@ VERSION_STRING     = "sqlmap/%s" % VERSION
 DESCRIPTION        = "automatic SQL injection and database takeover tool"
 SITE               = "http://sqlmap.sourceforge.net"

+# minimum distance of ratio from conf.matchRatio to result in True
+ETA                = 0.05
+
 # sqlmap logger
 logging.addLevelName(9, "PAYLOAD")
 logging.addLevelName(8, "TRAFFIC OUT")
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -15,6 +15,7 @@ from lib.core.common import wasLastRequestError
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
+from lib.core.settings import ETA

 def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
    if page is None and pageLength is None:
@ -97,7 +98,7 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
            conf.matchRatio = conf.thold

        elif kb.pageStable and ratio > 0.6 and ratio < 1:
-            conf.matchRatio = min(ratio, 0.950)
+            conf.matchRatio = ratio
            logger.debug("setting match ratio for current parameter to %.3f" % conf.matchRatio)

        elif not kb.pageStable or ( kb.pageStable and ratio < 0.6 ):
@ -115,4 +116,4 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
    # If the url is not stable it returns sequence matcher between the
    # first untouched HTTP response page content and this content
    else:
-        return ratio > conf.matchRatio
+        return (ratio - conf.matchRatio) > ETA