mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-22 09:36:35 +03:00
minor update
This commit is contained in:
parent
1f7d87c6a4
commit
4a469c3258
|
@ -665,12 +665,13 @@ def paramToDict(place, parameters=None):
|
|||
|
||||
if condition:
|
||||
testableParameters[parameter] = "=".join(elem[1:])
|
||||
if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]:
|
||||
if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\
|
||||
or re.search(r'\A-[1-9]', testableParameters[parameter]):
|
||||
errMsg = "you have provided tainted parameter values "
|
||||
errMsg += "(%s) with most probably leftover " % element
|
||||
errMsg += "chars from manual sql injection "
|
||||
errMsg += "tests (%s). " % DUMMY_SQL_INJECTION_CHARS
|
||||
errMsg += "please, always use only valid parameter values "
|
||||
errMsg += "tests (%s) or negative numerical value. " % DUMMY_SQL_INJECTION_CHARS
|
||||
errMsg += "Please, always use only valid parameter values "
|
||||
errMsg += "so sqlmap could be able to do a valid run."
|
||||
raise sqlmapSyntaxException, errMsg
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue
Block a user