Further decreasing number of testing payloads

stamparm · stamparm · commit 02470ea6832e · 2015-07-10T01:19:46.000+02:00
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -525,6 +525,17 @@ def genCmpPayload():
                                 infoMsg += "there is at least one other (potential) "
                                 infoMsg += "technique found"
                                 singleTimeLogMessage(infoMsg)
+                            elif not injection.data:
+                                _ = test.request.columns.split('-')[-1]
+                                if _.isdigit() and int(_) > 10:
+                                    if kb.futileUnion is None:
+                                        msg = "it is not recommended to perform "
+                                        msg += "extended UNION tests if there is not "
+                                        msg += "at least one other (potential) "
+                                        msg += "technique found. Do you want to skip? [Y/n] "
+                                        kb.futileUnion = readInput(msg, default="Y").strip().upper() == 'N'
+                                    if kb.futileUnion is False:
+                                        continue
 
                             # Test for UNION query SQL injection
                             reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix)
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1788,6 +1788,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.followSitemapRecursion = None
     kb.forcedDbms = None
     kb.forcePartialUnion = False
+    kb.futileUnion = None
     kb.headersFp = {}
     kb.heuristicDbms = None
     kb.heuristicMode = False
