Open walio opened 7 years ago
https://www.facebook.com/profile.php?id=100069654810948#!/usr/bin/python import requests import time import json from pprint import pprint
class AutoSqli(object):
def __init__(self, server='', target='',data = '',referer = '',cookie = ''):
super(AutoSqli, self).__init__()
self.server = server
if self.server[-1] != '/':
self.server = self.server + '/'
self.target = target
self.taskid = ''
self.engineid = ''
self.status = ''
self.data = data
self.referer = referer
self.cookie = cookie
self.start_time = time.time()
def task_new(self):
self.taskid = json.loads(requests.get(self.server + 'task/new').text)['taskid']
def task_delete(self):
if json.loads(requests.get(self.server + 'task/' + self.taskid + '/delete').text)['success']:
return True
return False
def scan_start(self):
headers = {'Content-Type': 'application/json'}
payload = {'url': self.target}
url = self.server + 'scan/' + self.taskid + '/start'
t = json.loads(requests.post(url, data=json.dumps(payload), headers=headers).text)
self.engineid = t['engineid']
def scan_status(self):
self.status = json.loads(
requests.get(self.server + 'scan/' + self.taskid + '/status').text)['status']
if self.status == 'running':
return 'running'
elif self.status == 'terminated':
return 'terminated'
else:
return 'error'
def scan_data(self):
self.data = json.loads(requests.get(self.server + 'scan/' + self.taskid + '/data').text)['data']
def option_set(self):
headers = {'Content-Type': 'application/json'}
option = {
"smart": True,
"crawlDepth" : 1
}
url = self.server + 'option/' + self.taskid + '/set'
requests.post(url, data=json.dumps(option), headers=headers)
def scan_stop(self):
requests.get(self.server + 'scan/' + self.taskid + '/stop')
def scan_kill(self):
requests.get(self.server + 'scan/' + self.taskid + '/kill')
def run(self):
self.task_new();
self.option_set()
self.scan_start();
while True:
if self.scan_status() == 'running':
time.sleep(1)
elif self.scan_status() == 'terminated':
break
else:
break
if time.time() - self.start_time > 3000:
error = True
self.scan_stop()
self.scan_kill()
break
self.scan_data()
self.task_delete()
for result in self.data:
if result['type']==0:
pprint(result)
if name == 'main': t = AutoSqli('http://127.0.0.1:8775', 'http://localhost/intro.php') t.run()
System information
Related webpages:
intro.php
test.php and test2.php are the same like:
Issue detail
I uses python sqlmapapi.py -s to start a server,and uses the following script to use crawl to detect injection:
The script start a new scan from intro.php and the crawldepth is 1.I expect to return the result of scanning test.php and test2.php because they are the same. but it only return the result of scanning test2.php:
Suggest Solution
When I comment the if in the write function of class StdDbOut in /lib/utils/api.py line 241 to line 244:
I found it can return the result as I expect
I guess this is not a good solution,but it worked just as well so far.I hope the problem can be really solved.