sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2011-10-23 21:12:34 +00:00
parent 1f7d87c6a4
commit 4a469c3258
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/core/common.py
View File

@ -665,12 +665,13 @@ def paramToDict(place, parameters=None):
if condition: if condition:
testableParameters[parameter] = "=".join(elem[1:]) testableParameters[parameter] = "=".join(elem[1:])
if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]: if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\
or re.search(r'\A-[1-9]', testableParameters[parameter]):
errMsg = "you have provided tainted parameter values " errMsg = "you have provided tainted parameter values "
errMsg += "(%s) with most probably leftover " % element errMsg += "(%s) with most probably leftover " % element
errMsg += "chars from manual sql injection " errMsg += "chars from manual sql injection "
errMsg += "tests (%s). " % DUMMY_SQL_INJECTION_CHARS errMsg += "tests (%s) or negative numerical value. " % DUMMY_SQL_INJECTION_CHARS
errMsg += "please, always use only valid parameter values " errMsg += "Please, always use only valid parameter values "
errMsg += "so sqlmap could be able to do a valid run." errMsg += "so sqlmap could be able to do a valid run."
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
else: else: