mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2026-07-11 19:13:12 +00:00
Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
Minor bug fix to properly handle the case that no injections are found. Nicer display of injection vulnerabilities detected. Minor code refactoring.
This commit is contained in:
parent
7e3b24afe6
commit
472f4465a6
6 changed files with 33 additions and 20 deletions
|
|
@ -126,22 +126,23 @@ def __selectInjection():
|
|||
kb.injection = kb.injections[index]
|
||||
|
||||
def __formatInjection(inj):
|
||||
header = "Place: %s\n" % inj.place
|
||||
header += "Parameter: %s\n" % inj.parameter
|
||||
data = ""
|
||||
data = "Place: %s\n" % inj.place
|
||||
data += "Parameter: %s\n" % inj.parameter
|
||||
|
||||
for stype, sdata in inj.data.items():
|
||||
data += "Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
|
||||
data += "Payload: %s\n\n" % sdata[3]
|
||||
data += " Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
|
||||
data += " Payload: %s\n\n" % sdata[3]
|
||||
|
||||
return header, data
|
||||
return data
|
||||
|
||||
def __showInjections():
|
||||
dataToStdout("sqlmap identified the following injection points:\n")
|
||||
header = "sqlmap identified the following injection points"
|
||||
data = ""
|
||||
|
||||
for inj in kb.injections:
|
||||
header, data = __formatInjection(inj)
|
||||
dumper.technic(header, data)
|
||||
data += __formatInjection(inj)
|
||||
|
||||
dumper.technic(header, data)
|
||||
|
||||
def start():
|
||||
"""
|
||||
|
|
@ -318,9 +319,6 @@ def start():
|
|||
for parameter, value in paramDict.items():
|
||||
testSqlInj = True
|
||||
|
||||
# TODO: with the new detection engine, review this
|
||||
# part. Perhaps dynamicity test will not be of any
|
||||
# use
|
||||
paramKey = (conf.hostname, conf.path, place, parameter)
|
||||
|
||||
if paramKey in kb.testedParams:
|
||||
|
|
@ -337,7 +335,6 @@ def start():
|
|||
elif not checkDynParam(place, parameter, value):
|
||||
warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
|
||||
logger.warn(warnMsg)
|
||||
testSqlInj = False
|
||||
|
||||
else:
|
||||
logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue