Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit f398699

Browse files
stamparmstamparm
committed
Fixes #4275 
1 parent e910fc6 commit f398699

2 files changed

Lines changed: 7 additions & 6 deletions

File tree

lib/controller/checks.py

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -501,6 +501,7 @@ def genCmpPayload():
501501
# Useful to set kb.matchRatio at first based on False response content
502502
kb.matchRatio = None
503503
kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE)
504+
suggestion = None
504505
Request.queryPage(genCmpPayload(), place, raise404=False)
505506
falsePage, falseHeaders, falseCode = threadData.lastComparisonPage or "", threadData.lastComparisonHeaders, threadData.lastComparisonCode
506507
falseRawResponse = "%s%s" % (falseHeaders, falsePage)
@@ -568,7 +569,7 @@ def genCmpPayload():
568569
candidates = sorted(candidates, key=len)
569570
for candidate in candidates:
570571
if re.match(r"\A[\w.,! ]+\Z", candidate) and ' ' in candidate and candidate.strip() and len(candidate) > CANDIDATE_SENTENCE_MIN_LENGTH:
571-
conf.string = candidate
572+
suggestion = conf.string = candidate
572573
injectable = True
573574

574575
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.string).lstrip('u').strip("'"))
@@ -579,7 +580,7 @@ def genCmpPayload():
579580
if injectable:
580581
if kb.pageStable and not any((conf.string, conf.notString, conf.regexp, conf.code, kb.nullConnection)):
581582
if all((falseCode, trueCode)) and falseCode != trueCode:
582-
conf.code = trueCode
583+
suggestion = conf.code = trueCode
583584

584585
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --code=%d)" % ("%s " % paramType if paramType != parameter else "", parameter, title, conf.code)
585586
logger.info(infoMsg)
@@ -604,7 +605,7 @@ def genCmpPayload():
604605
if re.match(r"\A\w{2,}\Z", candidate): # Note: length of 1 (e.g. --string=5) could cause trouble, especially in error message pages with partially reflected payload content
605606
break
606607

607-
conf.string = candidate
608+
suggestion = conf.string = candidate
608609

609610
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.string).lstrip('u').strip("'"))
610611
logger.info(infoMsg)
@@ -618,12 +619,12 @@ def genCmpPayload():
618619
if re.match(r"\A\w+\Z", candidate):
619620
break
620621

621-
conf.notString = candidate
622+
suggestion = conf.notString = candidate
622623

623624
infoMsg = "%sparameter '%s' appears to be '%s' injectable (with --not-string=\"%s\")" % ("%s " % paramType if paramType != parameter else "", parameter, title, repr(conf.notString).lstrip('u').strip("'"))
624625
logger.info(infoMsg)
625626

626-
if not any((conf.string, conf.notString, conf.code)):
627+
if not suggestion:
627628
infoMsg = "%sparameter '%s' appears to be '%s' injectable " % ("%s " % paramType if paramType != parameter else "", parameter, title)
628629
singleTimeLogMessage(infoMsg)
629630

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty.six import unichr as _unichr
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.4.7.12"
21+
VERSION = "1.4.7.13"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

0 commit comments

Comments
 (0)