Closed ciscon closed 4 years ago
fyi, here's a quick fix by switching over to the list options method:
diff --git a/lib/hunter/task.rb b/lib/hunter/task.rb
index 105389f..dbe92a1 100644
--- a/lib/hunter/task.rb
+++ b/lib/hunter/task.rb
@@ -35,14 +35,10 @@ module Hunter
end
def option_get(option)
- path = "/option/#{@task_id}/get"
- options = {
- option: option
- }
- res = Typhoeus.post(@host + path, headers: @headers, body: JSON.dump(options))
-
- result = JSON.load(res.body)
- result['success'] ? result[option] : false
+ path = "/option/#{@task_id}/list"
+ res = Typhoeus.get(@host + path, headers: @headers)
+ result = JSON.load(res.body)['options']
+ result[option] ? result[option] : false
end
def option_set(options)
Thank you for reporting, I will check at this issue quickly.
fyi, here's a quick fix by switching over to the list options method:
diff --git a/lib/hunter/task.rb b/lib/hunter/task.rb index 105389f..dbe92a1 100644 --- a/lib/hunter/task.rb +++ b/lib/hunter/task.rb @@ -35,14 +35,10 @@ module Hunter end def option_get(option) - path = "/option/#{@task_id}/get" - options = { - option: option - } - res = Typhoeus.post(@host + path, headers: @headers, body: JSON.dump(options)) - - result = JSON.load(res.body) - result['success'] ? result[option] : false + path = "/option/#{@task_id}/list" + res = Typhoeus.get(@host + path, headers: @headers) + result = JSON.load(res.body)['options'] + result[option] ? result[option] : false end def option_set(options)
@ciscon Thank you for reporting, this issue was fixed
when presented with the message that a vulnerability has been found, the message does not include the path to the request file anymore: [13:13:43] [986bb890c31af76f] Task vulnerable, use "sqlmap -r false" to exploit