Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 28d9115

Browse files
stamparmstamparm
committed
fix for Feature #187 (Skip duplicates parameters in -g)
1 parent 6a6ff09 commit 28d9115

2 files changed

Lines changed: 23 additions & 17 deletions

File tree

lib/controller/controller.py

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -199,21 +199,26 @@ def start():
199199

200200
for parameter, value in paramDict.items():
201201
testSqlInj = True
202+
paramKey = (conf.hostname, place, parameter)
202203

204+
if paramKey in kb.testedParams:
205+
warnMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
206+
logger.warn(warnMsg)
207+
testSqlInj = False
203208
# Avoid dinamicity test if the user provided the
204209
# parameter manually
205-
if parameter in conf.testParameter:
210+
elif parameter in conf.testParameter:
206211
pass
207-
208212
elif not checkDynParam(place, parameter, value):
209213
warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
210214
logger.warn(warnMsg)
211215
testSqlInj = False
212-
213216
else:
214217
logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
215218
logger.info(logMsg)
216219

220+
kb.testedParams.add(paramKey)
221+
217222
if testSqlInj:
218223
for parenthesis in range(0, 4):
219224
logMsg = "testing sql injection on %s " % place

lib/core/option.py

Lines changed: 15 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -89,7 +89,7 @@ def __urllib2Opener():
8989

9090
debugMsg = "creating HTTP requests opener object"
9191
logger.debug(debugMsg)
92-
92+
9393
handlers = [proxyHandler, authHandler, redirectHandler]
9494

9595
if not conf.dropSetCookie:
@@ -258,11 +258,11 @@ def __setRequestFromFile():
258258

259259
if not conf.requestFile:
260260
return
261-
261+
262262
addedTargetUrls = set()
263263

264264
conf.requestFile = os.path.expanduser(conf.requestFile)
265-
265+
266266
infoMsg = "parsing HTTP request from '%s'" % conf.requestFile
267267
logger.info(infoMsg)
268268

@@ -272,7 +272,7 @@ def __setRequestFromFile():
272272
raise sqlmapFilePathException, errMsg
273273

274274
__feedTargetsDict(conf.requestFile, addedTargetUrls)
275-
275+
276276
def __setGoogleDorking():
277277
"""
278278
This function checks if the way to request testable hosts is through
@@ -657,13 +657,13 @@ def __setHTTPAuthentication():
657657

658658
authUsername = aCredRegExp.group(1)
659659
authPassword = aCredRegExp.group(2)
660-
660+
661661
passwordMgr = urllib2.HTTPPasswordMgrWithDefaultRealm()
662662
passwordMgr.add_password(None, "%s://%s" % (conf.scheme, conf.hostname), authUsername, authPassword)
663-
663+
664664
if aTypeLower == "basic":
665665
authHandler = urllib2.HTTPBasicAuthHandler(passwordMgr)
666-
666+
667667
elif aTypeLower == "digest":
668668
authHandler = urllib2.HTTPDigestAuthHandler(passwordMgr)
669669

@@ -675,28 +675,28 @@ def __setHTTPAuthentication():
675675
errMsg += "in order to authenticate via NTLM, "
676676
errMsg += "http://code.google.com/p/python-ntlm/"
677677
raise sqlmapMissingDependence, errMsg
678-
678+
679679
authHandler = HTTPNtlmAuthHandler.HTTPNtlmAuthHandler(passwordMgr)
680680
else:
681681
debugMsg = "setting the HTTP(s) authentication certificate"
682682
logger.debug(debugMsg)
683-
683+
684684
aCertRegExp = re.search("^(.+?),\s*(.+?)$", conf.aCert)
685-
685+
686686
if not aCertRegExp:
687687
errMsg = "HTTP authentication certificate option "
688688
errMsg += "must be in format key_file,cert_file"
689689
raise sqlmapSyntaxException, errMsg
690-
690+
691691
#os.path.expanduser for support of paths with ~
692692
key_file = os.path.expanduser(aCertRegExp.group(1))
693693
cert_file = os.path.expanduser(aCertRegExp.group(2))
694-
694+
695695
for ifile in (key_file, cert_file):
696696
if not os.path.exists(ifile):
697697
errMsg = "File '%s' does not exist" % ifile
698698
raise sqlmapSyntaxException, errMsg
699-
699+
700700
authHandler = HTTPSCertAuthHandler(key_file, cert_file)
701701

702702
def __setHTTPMethod():
@@ -1011,6 +1011,7 @@ def __setKnowledgeBaseAttributes():
10111011
kb.resumedQueries = {}
10121012
kb.stackedTest = None
10131013
kb.targetUrls = set()
1014+
kb.testedParams = set()
10141015
kb.timeTest = None
10151016
kb.unionComment = ""
10161017
kb.unionCount = None
@@ -1129,7 +1130,7 @@ def __basicOptionValidation():
11291130
conf.limitStop is not None and isinstance(conf.limitStop, int) and conf.limitStop > 0 and conf.limitStop <= conf.limitStart:
11301131
errMsg = "value for --start (limitStart) option must be smaller than value for --stop (limitStop) option"
11311132
raise sqlmapSyntaxException, errMsg
1132-
1133+
11331134
if conf.cpuThrottle is not None and isinstance(conf.cpuThrottle, int) and (conf.cpuThrottle > 100 or\
11341135
conf.cpuThrottle < 0):
11351136
errMsg = "value for --cpu-throttle (cpuThrottle) option must be in range [0,100]"

0 commit comments

Comments
 (0)