From 7460b87f1dca84d58135f963bce69cfd3a750f00 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 23 Sep 2020 15:22:07 +0200
Subject: [PATCH] Update for #4353

---
 lib/core/settings.py         | 2 +-
 plugins/generic/databases.py | 3 +++
 plugins/generic/search.py    | 8 +++++---
 3 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 54954554e..ad5e89d11 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.4.9.17"
+VERSION = "1.4.9.18"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py
index cc8b89730..7a3dfe4dd 100644
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@@ -525,6 +525,9 @@ class Databases(object):
             else:
                 return kb.data.cachedColumns
 
+        if conf.exclude:
+            tblList = [_ for _ in tblList if re.search(conf.exclude, _, re.I) is None]
+
         tblList = filterNone(safeSQLIdentificatorNaming(_, True) for _ in tblList)
 
         if bruteForce is None:
diff --git a/plugins/generic/search.py b/plugins/generic/search.py
index 6e4a0e2a4..42afd3cfe 100644
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@@ -410,9 +410,11 @@ class Search(object):
 
             if tblCond:
                 if conf.tbl:
-                    _ = conf.tbl.split(',')
-                    whereTblsQuery = " AND (" + " OR ".join("%s = '%s'" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in _) + ")"
-                    infoMsgTbl = " for table%s '%s'" % ("s" if len(_) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(tbl) for tbl in _))
+                    tbls = conf.tbl.split(',')
+                    if conf.exclude:
+                        tbls = [_ for _ in tbls if re.search(conf.exclude, _, re.I) is None]
+                    whereTblsQuery = " AND (" + " OR ".join("%s = '%s'" % (tblCond, unsafeSQLIdentificatorNaming(tbl)) for tbl in tbls) + ")"
+                    infoMsgTbl = " for table%s '%s'" % ("s" if len(tbls) > 1 else "", ", ".join(unsafeSQLIdentificatorNaming(tbl) for tbl in tbls))
 
             if conf.db == CURRENT_DB:
                 conf.db = self.getCurrentDb()