added IGNORE_PARAMETERS to skip testing of state/session web server parameters

lib/controller/controller.py

@@ -44,6 +44,7 @@ from lib.core.exception import sqlmapValueException
 from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setInjection
 from lib.core.settings import EMPTY_FORM_FIELDS_REGEX
+from lib.core.settings import IGNORE_PARAMETERS
 from lib.core.settings import REFERER_ALIASES
 from lib.core.settings import USER_AGENT_ALIASES
 from lib.core.target import initTargetEnv
@@ -369,6 +370,12 @@ def start():
                             infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
                             logger.info(infoMsg)
 
+                        elif parameter.upper() in IGNORE_PARAMETERS:
+                            testSqlInj = False
+
+                            infoMsg = "ignoring %s parameter '%s'" % (place, parameter)
+                            logger.info(infoMsg)
+
                         # Avoid dinamicity test if the user provided the
                         # parameter manually
                         elif parameter in conf.testParameter or conf.realTest:

lib/core/settings.py

@@ -301,3 +301,6 @@ HASH_MOD_ITEM_DISPLAY = 1117
 
 # Maximum integer value
 MAX_INT = sys.maxint
+
+# Parameters to be ignored in detection phase
+IGNORE_PARAMETERS = ("__VIEWSTATE", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION")