mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 17:46:37 +03:00
Fix the logic used for --param-exclude
The current logic will skip all existing parameters if no param-exclude is defined. This breaks previous behaviour, makes it harder to use the tool and is quite confusing. The new logic will always check the parameter is set before running any other checks instead of shortcircuit an empoty(always true) regexp.
This commit is contained in:
parent
89bbf5284c
commit
025e9ac5b4
|
@ -470,7 +470,7 @@ def start():
|
|||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
||||
logger.info(infoMsg)
|
||||
|
||||
elif re.search(conf.paramExclude or "", parameter, re.I) or kb.postHint and re.search(conf.paramExclude or "", parameter.split(' ')[-1], re.I):
|
||||
elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):
|
||||
testSqlInj = False
|
||||
|
||||
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
|
||||
|
|
Loading…
Reference in New Issue
Block a user