diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 5fd550dc1..4f46e23eb 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -1141,10 +1141,17 @@ def heuristicCheckSqlInjection(place, parameter): infoMsg = "heuristic (XSS) test shows that %sparameter '%s' might be vulnerable to cross-site scripting (XSS) attacks" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) + if conf.beep: + beep() + for match in re.finditer(FI_ERROR_REGEX, page or ""): if randStr1.lower() in match.group(0).lower(): infoMsg = "heuristic (FI) test shows that %sparameter '%s' might be vulnerable to file inclusion (FI) attacks" % ("%s " % paramType if paramType != parameter else "", parameter) logger.info(infoMsg) + + if conf.beep: + beep() + break kb.disableHtmlDecoding = False diff --git a/lib/core/settings.py b/lib/core/settings.py index d399a75ed..ff3039862 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.12.4" +VERSION = "1.4.12.5" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index fba62acff..3eb4846fa 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -728,7 +728,7 @@ def cmdLineParser(argv=None): help="Run host OS command(s) when SQL injection is found") miscellaneous.add_argument("--beep", dest="beep", action="store_true", - help="Beep on question and/or when SQL injection is found") + help="Beep on question and/or when SQLi/XSS/FI is found") miscellaneous.add_argument("--dependencies", dest="dependencies", action="store_true", help="Check for missing (optional) sqlmap dependencies")