From 10a7a2dfb29770434a74e3cb7253ab0eb262556e Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 20 Dec 2010 10:13:14 +0000 Subject: [PATCH] kids, don't use this at home --- lib/controller/checks.py | 2 ++ lib/controller/controller.py | 4 +++- lib/parse/cmdline.py | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 986e134ff..8c4761d1d 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -463,6 +463,8 @@ def heuristicCheckSqlInjection(place, parameter, value): infoMsg += "not be injectable" logger.warn(infoMsg) + return result + def checkDynParam(place, parameter, value): """ This function checks if the url parameter is dynamic. If it is diff --git a/lib/controller/controller.py b/lib/controller/controller.py index 2c43ab482..e837e40e5 100644 --- a/lib/controller/controller.py +++ b/lib/controller/controller.py @@ -339,7 +339,9 @@ def start(): kb.testedParams.add(paramKey) if testSqlInj: - heuristicCheckSqlInjection(place, parameter, value) + check = heuristicCheckSqlInjection(place, parameter, value) + if not check and conf.scriptKiddie: + continue logMsg = "testing sql injection on %s " % place logMsg += "parameter '%s'" % parameter diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index dc22891fb..eeba9f0ce 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -532,6 +532,9 @@ def cmdLineParser(): parser.add_option("--technique", dest="technique", type="int", default=False, help=SUPPRESS_HELP) + parser.add_option("--script-kiddie", dest="scriptKiddie", action="store_true", + default=False, help=SUPPRESS_HELP) + parser.add_option_group(target) parser.add_option_group(request) parser.add_option_group(optimization)