Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.

Minor bug fix to properly handle the case that no injections are found. Nicer display of injection vulnerabilities detected. Minor code refactoring.
2025-12-08 21:51:29 +00:00 · 2010-11-28 21:27:47 +00:00
parent 7e3b24afe6
commit 472f4465a6
6 changed files with 33 additions and 20 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -306,7 +306,10 @@ def checkSqlInjection(place, parameter, value):

                break

-    return injection
+    if injection.place is not None and injection.parameter is not None:
+        return injection
+    else:
+        return None

 def heuristicCheckSqlInjection(place, parameter, value):
    if kb.nullConnection:
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -126,22 +126,23 @@ def __selectInjection():
        kb.injection = kb.injections[index]

 def __formatInjection(inj):
-    header = "Place: %s\n" % inj.place
-    header += "Parameter: %s\n" % inj.parameter
-    data = ""
+    data = "Place: %s\n" % inj.place
+    data += "Parameter: %s\n" % inj.parameter

    for stype, sdata in inj.data.items():
-        data += "Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
-        data += "Payload: %s\n\n" % sdata[3]
+        data += "    Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
+        data += "    Payload: %s\n\n" % sdata[3]

-    return header, data
+    return data

 def __showInjections():
-    dataToStdout("sqlmap identified the following injection points:\n")
+    header = "sqlmap identified the following injection points"
+    data = ""

    for inj in kb.injections:
-        header, data = __formatInjection(inj)
-        dumper.technic(header, data)
+        data += __formatInjection(inj)
+
+    dumper.technic(header, data)

 def start():
    """
@@ -318,9 +319,6 @@ def start():
                    for parameter, value in paramDict.items():
                        testSqlInj = True

-                        # TODO: with the new detection engine, review this
-                        # part. Perhaps dynamicity test will not be of any
-                        # use
                        paramKey = (conf.hostname, conf.path, place, parameter)

                        if paramKey in kb.testedParams:
@@ -337,7 +335,6 @@ def start():
                        elif not checkDynParam(place, parameter, value):
                            warnMsg = "%s parameter '%s' is not dynamic" % (place, parameter)
                            logger.warn(warnMsg)
-                            testSqlInj = False

                        else:
                            logMsg = "%s parameter '%s' is dynamic" % (place, parameter)
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -63,15 +63,23 @@ def setHandler():
                ]

    if kb.htmlFp:
+        inferencedDbms = kb.htmlFp[-1]
+    elif hasattr(kb.injection, "dbms"):
+        inferencedDbms = kb.injection.dbms
+    else:
+        inferencedDbms = None
+
+    if inferencedDbms is not None:
        for i in xrange(len(dbmsMap)):
            dbmsAliases, _, _ = dbmsMap[i]
-            if kb.htmlFp[-1].lower() in dbmsAliases:
+
+            if inferencedDbms.lower() in dbmsAliases:
                if i > 0:
                    pushValue(dbmsMap[i])
                    dbmsMap.remove(dbmsMap[i])
                    dbmsMap.insert(0, popValue())
-                break

+                break

    for dbmsAliases, dbmsMap, dbmsConn in dbmsMap:
        if conf.dbms and conf.dbms not in dbmsAliases: