Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.

Minor bug fix to properly handle the case that no injections are found. Nicer display of injection vulnerabilities detected. Minor code refactoring.
2025-12-06 20:51:31 +00:00 · 2010-11-28 21:27:47 +00:00
parent 7e3b24afe6
commit 472f4465a6
6 changed files with 33 additions and 20 deletions
--- a/lib/controller/handler.py
+++ b/lib/controller/handler.py
@@ -63,15 +63,23 @@ def setHandler():
                ]

    if kb.htmlFp:
+        inferencedDbms = kb.htmlFp[-1]
+    elif hasattr(kb.injection, "dbms"):
+        inferencedDbms = kb.injection.dbms
+    else:
+        inferencedDbms = None
+
+    if inferencedDbms is not None:
        for i in xrange(len(dbmsMap)):
            dbmsAliases, _, _ = dbmsMap[i]
-            if kb.htmlFp[-1].lower() in dbmsAliases:
+
+            if inferencedDbms.lower() in dbmsAliases:
                if i > 0:
                    pushValue(dbmsMap[i])
                    dbmsMap.remove(dbmsMap[i])
                    dbmsMap.insert(0, popValue())
-                break

+                break

    for dbmsAliases, dbmsMap, dbmsConn in dbmsMap:
        if conf.dbms and conf.dbms not in dbmsAliases: