sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-10 00:20:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

kids, don't use this at home

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-20 10:13:14 +00:00
parent 13d5b2c0ff
commit 10a7a2dfb2
3 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -463,6 +463,8 @@ def heuristicCheckSqlInjection(place, parameter, value):
infoMsg += "not be injectable" infoMsg += "not be injectable"
logger.warn(infoMsg) logger.warn(infoMsg)
return result
def checkDynParam(place, parameter, value): def checkDynParam(place, parameter, value):
""" """
This function checks if the url parameter is dynamic. If it is This function checks if the url parameter is dynamic. If it is

4
lib/controller/controller.py
View File

@ -339,7 +339,9 @@ def start():
kb.testedParams.add(paramKey) kb.testedParams.add(paramKey)
if testSqlInj: if testSqlInj:
heuristicCheckSqlInjection(place, parameter, value) check = heuristicCheckSqlInjection(place, parameter, value)
if not check and conf.scriptKiddie:
continue
logMsg = "testing sql injection on %s " % place logMsg = "testing sql injection on %s " % place
logMsg += "parameter '%s'" % parameter logMsg += "parameter '%s'" % parameter

3
lib/parse/cmdline.py
View File

@ -532,6 +532,9 @@ def cmdLineParser():
parser.add_option("--technique", dest="technique", type="int", parser.add_option("--technique", dest="technique", type="int",
default=False, help=SUPPRESS_HELP) default=False, help=SUPPRESS_HELP)
parser.add_option("--script-kiddie", dest="scriptKiddie", action="store_true",
default=False, help=SUPPRESS_HELP)
parser.add_option_group(target) parser.add_option_group(target)
parser.add_option_group(request) parser.add_option_group(request)
parser.add_option_group(optimization) parser.add_option_group(optimization)