mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Implements #3549
This commit is contained in:
parent
aa5645c71a
commit
519538a1d3
|
@ -466,6 +466,8 @@ def start():
|
|||
skip |= (place == PLACE.COOKIE and intersect(PLACE.COOKIE, conf.skip, True) not in ([], None))
|
||||
skip |= (place == PLACE.HOST and intersect(PLACE.HOST, conf.skip, True) not in ([], None))
|
||||
|
||||
skip |= (conf.paramFilter and place.upper() not in conf.paramFilter)
|
||||
|
||||
skip &= not (place == PLACE.USER_AGENT and intersect(USER_AGENT_ALIASES, conf.testParameter, True))
|
||||
skip &= not (place == PLACE.REFERER and intersect(REFERER_ALIASES, conf.testParameter, True))
|
||||
skip &= not (place == PLACE.HOST and intersect(HOST_ALIASES, conf.testParameter, True))
|
||||
|
|
|
@ -1590,6 +1590,11 @@ def _cleanupOptions():
|
|||
else:
|
||||
conf.testParameter = []
|
||||
|
||||
if conf.paramFilter:
|
||||
conf.paramFilter = [_.strip() for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.paramFilter.upper())]
|
||||
else:
|
||||
conf.paramFilter = []
|
||||
|
||||
if conf.base64Parameter:
|
||||
conf.base64Parameter = urldecode(conf.base64Parameter)
|
||||
conf.base64Parameter = conf.base64Parameter.replace(" ", "")
|
||||
|
|
|
@ -79,6 +79,7 @@ optDict = {
|
|||
"skip": "string",
|
||||
"skipStatic": "boolean",
|
||||
"paramExclude": "string",
|
||||
"paramFilter": "string",
|
||||
"dbms": "string",
|
||||
"dbmsCred": "string",
|
||||
"os": "string",
|
||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
|||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.3.5.102"
|
||||
VERSION = "1.3.5.103"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -261,6 +261,9 @@ def cmdLineParser(argv=None):
|
|||
injection.add_option("--param-exclude", dest="paramExclude",
|
||||
help="Regexp to exclude parameters from testing (e.g. \"ses\")")
|
||||
|
||||
injection.add_option("--param-filter", dest="paramFilter",
|
||||
help="Select testable parameter(s) by place (e.g. \"POST\")")
|
||||
|
||||
injection.add_option("--dbms", dest="dbms",
|
||||
help="Force back-end DBMS to provided value")
|
||||
|
||||
|
|
|
@ -245,6 +245,9 @@ skipStatic = False
|
|||
# Regexp to exclude parameters from testing (e.g. "ses").
|
||||
paramExclude =
|
||||
|
||||
# Select testable parameter(s) by place (e.g. "POST").
|
||||
paramFilter =
|
||||
|
||||
# Force back-end DBMS to provided value. If this option is set, the back-end
|
||||
# DBMS identification process will be minimized as needed.
|
||||
# If not set, sqlmap will detect back-end DBMS automatically by default.
|
||||
|
|
Loading…
Reference in New Issue
Block a user