Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).

Minor layout adjustments.
2025-12-07 13:11:29 +00:00 · 2010-03-26 23:23:25 +00:00
parent 4ca1adba2c
commit 1416cd0d86
32 changed files with 791 additions and 122 deletions
--- a/lib/core/target.py
+++ b/lib/core/target.py
@@ -43,6 +43,10 @@ def __setRequestParams():
    HTTP method POST.
    """

+    if conf.direct:
+        conf.parameters[None] = "direct connection"
+        return
+
    __testableParameters = False

    # Perform checks on GET parameters