From fef60d5cb754685d71c423c7e6cd4953ac66493c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 9 Nov 2010 22:32:05 +0000
Subject: [PATCH] some fixes :)
---
lib/controller/checks.py | 12 ++++++++++++
lib/controller/controller.py | 2 --
lib/core/settings.py | 3 +++
lib/request/comparison.py | 5 +++--
4 files changed, 18 insertions(+), 4 deletions(-)
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 3672b4600..1c721c8c5 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -63,6 +63,8 @@ def checkSqlInjection(place, parameter, value, parenthesis):
postfix = conf.postfix
for case in kb.injections.root.case:
+ conf.matchRatio = None
+
positive = case.test.positive
negative = case.test.negative
@@ -73,12 +75,22 @@ def checkSqlInjection(place, parameter, value, parenthesis):
infoMsg += "on %s parameter '%s'" % (place, parameter)
logger.info(infoMsg)
+ payload = agent.payload(place, parameter, value, negative.format % eval(negative.params))
+ _ = Request.queryPage(payload, place)
+
payload = agent.payload(place, parameter, value, positive.format % eval(positive.params))
trueResult = Request.queryPage(payload, place)
if trueResult is True:
+ infoMsg = "confirming %s (%s) injection " % (case.desc, logic)
+ infoMsg += "on %s parameter '%s'" % (place, parameter)
+ logger.info(infoMsg)
+
payload = agent.payload(place, parameter, value, negative.format % eval(negative.params))
+ randInt = randomInt()
+ randStr = randomStr()
+
falseResult = Request.queryPage(payload, place)
if falseResult is False:
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
index 28dae21f3..143beceee 100644
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -254,8 +254,6 @@ def start():
if testSqlInj:
heuristicCheckSqlInjection(place, parameter, value)
- conf.matchRatio = None
-
for parenthesis in range(0, 4):
logMsg = "testing sql injection on %s " % place
logMsg += "parameter '%s' with " % parameter
diff --git a/lib/core/settings.py b/lib/core/settings.py
index da762061d..7cb170ded 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -21,6 +21,9 @@ VERSION_STRING = "sqlmap/%s" % VERSION
DESCRIPTION = "automatic SQL injection and database takeover tool"
SITE = "http://sqlmap.sourceforge.net"
+# minimum distance of ratio from conf.matchRatio to result in True
+ETA = 0.05
+
# sqlmap logger
logging.addLevelName(9, "PAYLOAD")
logging.addLevelName(8, "TRAFFIC OUT")
diff --git a/lib/request/comparison.py b/lib/request/comparison.py
index 922411857..7d838fab3 100644
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -15,6 +15,7 @@ from lib.core.common import wasLastRequestError
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
+from lib.core.settings import ETA
def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
if page is None and pageLength is None:
@@ -97,7 +98,7 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
conf.matchRatio = conf.thold
elif kb.pageStable and ratio > 0.6 and ratio < 1:
- conf.matchRatio = min(ratio, 0.950)
+ conf.matchRatio = ratio
logger.debug("setting match ratio for current parameter to %.3f" % conf.matchRatio)
elif not kb.pageStable or ( kb.pageStable and ratio < 0.6 ):
@@ -115,4 +116,4 @@ def comparison(page, headers=None, getSeqMatcher=False, pageLength=None):
# If the url is not stable it returns sequence matcher between the
# first untouched HTTP response page content and this content
else:
- return ratio > conf.matchRatio
+ return (ratio - conf.matchRatio) > ETA