speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)

lib/controller/checks.py

@@ -26,6 +26,7 @@ from lib.core.common import getSortedInjectionTests
 from lib.core.common import getUnicode
 from lib.core.common import intersect
 from lib.core.common import listToStrValue
+from lib.core.common import parseFilePaths
 from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.common import randomInt
@@ -589,7 +590,9 @@ def heuristicCheckSqlInjection(place, parameter):
 
     payload = "%s%s%s" % (prefix, randomStr(length=10, alphabet=['"', '\'', ')', '(']), suffix)
     payload = agent.payload(place, parameter, newValue=payload)
-    Request.queryPage(payload, place, content=True, raise404=False)
+    page, _ = Request.queryPage(payload, place, content=True, raise404=False)
+
+    parseFilePaths(page)
 
     result = wasLastRequestDBMSError()
 

lib/controller/controller.py

@@ -31,7 +31,9 @@ from lib.core.common import paramToDict
 from lib.core.common import parseTargetUrl
 from lib.core.common import randomStr
 from lib.core.common import readInput
+from lib.core.common import serializeObject
 from lib.core.common import showHttpErrorCodes
+from lib.core.common import unserializeObject
 from lib.core.convert import urlencode
 from lib.core.convert import urldecode
 from lib.core.data import conf
@@ -172,6 +174,12 @@ def __saveToSessionFile():
 
         setInjection(inj)
 
+def __saveAbsFilePaths():
+    key = "kb.absFilePaths"
+    value = unserializeObject(conf.hashDB.retrieve(key)) or set()
+    value.update(kb.absFilePaths)
+    conf.hashDB.write(key, serializeObject(value))
+
 def __saveToResultsFile():
     if not conf.resultsFP:
         return
@@ -553,6 +561,7 @@ def start():
 
                 __saveToSessionFile()
                 __saveToResultsFile()
+                __saveAbsFilePaths()
                 __showInjections()
                 __selectInjection()