Implementation for an #162

stamparm · stamparm · commit e9ae44c6fcb3 · 2012-08-22T16:50:01.000+02:00
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -520,8 +520,7 @@ def genCmpPayload():
                         break
 
                 if injectable is True:
-                    # There is no need to perform this test with others
-                    # boundaries
+                    kb.vulnHosts.add(conf.hostname)
                     break
 
             # Reset forced back-end DBMS value
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -236,7 +236,7 @@ def start():
         action()
         return True
 
-    if conf.url and not any([conf.forms, conf.crawlDepth]):
+    if conf.url and not any((conf.forms, conf.crawlDepth)):
         kb.targetUrls.add((conf.url, conf.method, conf.data, conf.cookie))
 
     if conf.configFile and not kb.targetUrls:
@@ -277,6 +277,7 @@ def start():
                     testSqlInj = True
 
             testSqlInj &= (conf.hostname, conf.path, None, None) not in kb.testedParams
+            testSqlInj &= conf.hostname not in kb.vulnHosts
 
             if not testSqlInj:
                 infoMsg = "skipping '%s'" % targetUrl
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1569,6 +1569,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
         kb.testedParams = set()
         kb.userAgents = None
         kb.vainRun = True
+        kb.vulnHosts = set()
         kb.wordlists = None
 
 def __useWizardInterface():
