sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Implements #3549

Browse Source
This commit is contained in:
Miroslav Stampar 2019-05-17 11:00:51 +02:00
parent aa5645c71a
commit 519538a1d3
6 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@ -466,6 +466,8 @@ def start():
skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None)) skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None))
skip |= (place == PLACE.HOST and intersect(PLACE.HOST, conf.skip, True) not in ([], None)) skip |= (place == PLACE.HOST and intersect(PLACE.HOST, conf.skip, True) not in ([], None))
skip |= (conf.paramFilter and place.upper() not in conf.paramFilter)
skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True)) skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True)) skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True))
skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True)) skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True))

5
lib/core/option.py
View File

@ -1590,6 +1590,11 @@ def _cleanupOptions():
else: else:
conf.testParameter = [] conf.testParameter = []
if conf.paramFilter:
conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())]
else:
conf.paramFilter = []
if conf.base64Parameter: if conf.base64Parameter:
conf.base64Parameter = urldecode(conf.base64Parameter) conf.base64Parameter = urldecode(conf.base64Parameter)
conf.base64Parameter = conf.base64Parameter.replace(" ", "") conf.base64Parameter = conf.base64Parameter.replace(" ", "")

1
lib/core/optiondict.py
View File

@ -79,6 +79,7 @@ optDict = {
"skip": "string", "skip": "string",
"skipStatic": "boolean", "skipStatic": "boolean",
"paramExclude": "string", "paramExclude": "string",
"paramFilter": "string",
"dbms": "string", "dbms": "string",
"dbmsCred": "string", "dbmsCred": "string",
"os": "string", "os": "string",

2
lib/core/settings.py
View File

@ -18,7 +18,7 @@ from lib.core.enums import OS
from thirdparty.six import unichr as _unichr from thirdparty.six import unichr as _unichr
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.3.5.102" VERSION = "1.3.5.103"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

3
lib/parse/cmdline.py
View File

@ -261,6 +261,9 @@ def cmdLineParser(argv=None):
injection.add_option("--param-exclude", dest="paramExclude", injection.add_option("--param-exclude", dest="paramExclude",
help="Regexp to exclude parameters from testing (e.g. \"ses\")") help="Regexp to exclude parameters from testing (e.g. \"ses\")")
injection.add_option("--param-filter", dest="paramFilter",
help="Select testable parameter(s) by place (e.g. \"POST\")")
injection.add_option("--dbms", dest="dbms", injection.add_option("--dbms", dest="dbms",
help="Force back-end DBMS to provided value") help="Force back-end DBMS to provided value")

3
sqlmap.conf
View File

@ -245,6 +245,9 @@ skipStatic = False
# Regexp to exclude parameters from testing (e.g. "ses"). # Regexp to exclude parameters from testing (e.g. "ses").
paramExclude = paramExclude =
# Select testable parameter(s) by place (e.g. "POST").
paramFilter =
# Force back-end DBMS to provided value. If this option is set, the back-end # Force back-end DBMS to provided value. If this option is set, the back-end
# DBMS identification process will be minimized as needed. # DBMS identification process will be minimized as needed.
# If not set, sqlmap will detect back-end DBMS automatically by default. # If not set, sqlmap will detect back-end DBMS automatically by default.