kids, don't use this at home

2025-02-02 20:54:13 +03:00 · 2010-12-20 10:13:14 +00:00 · 2010-12-20 10:13:14 +00:00 · 10a7a2dfb2
commit 10a7a2dfb2
parent 13d5b2c0ff
3 changed files with 8 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -463,6 +463,8 @@ def heuristicCheckSqlInjection(place, parameter, value):
        infoMsg += "not be injectable"
        logger.warn(infoMsg)

+    return result
+
 def checkDynParam(place, parameter, value):
    """
    This function checks if the url parameter is dynamic. If it is
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -339,7 +339,9 @@ def start():
                        kb.testedParams.add(paramKey)

                        if testSqlInj:
-                            heuristicCheckSqlInjection(place, parameter, value)
+                            check = heuristicCheckSqlInjection(place, parameter, value)
+                            if not check and conf.scriptKiddie:
+                                continue

                            logMsg  = "testing sql injection on %s " % place
                            logMsg += "parameter '%s'" % parameter
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -532,6 +532,9 @@ def cmdLineParser():
        parser.add_option("--technique", dest="technique", type="int",
                          default=False, help=SUPPRESS_HELP)

+        parser.add_option("--script-kiddie", dest="scriptKiddie", action="store_true",
+                          default=False, help=SUPPRESS_HELP)
+
        parser.add_option_group(target)
        parser.add_option_group(request)
        parser.add_option_group(optimization)