sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

Adding new option --param-exclude on private request

Browse Source
This commit is contained in:
Miroslav Stampar 2016-12-25 23:16:44 +01:00
parent 44b00d629d
commit 89bbf5284c
6 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/controller/controller.py
View File

@ -470,6 +470,12 @@ def start():
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter) infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
logger.info(infoMsg) logger.info(infoMsg)
elif re.search(conf.paramExclude or "", parameter, re.I) or kb.postHint and re.search(conf.paramExclude or "", parameter.split(' ')[-1], re.I):
testSqlInj = False
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
logger.info(infoMsg)
elif parameter == conf.csrfToken: elif parameter == conf.csrfToken:
testSqlInj = False testSqlInj = False

3
lib/core/optiondict.py
View File

@ -77,7 +77,8 @@ optDict = {
"testParameter": "string", "testParameter": "string",
"skip": "string", "skip": "string",
"skipStatic": "boolean", "skipStatic": "boolean",
"dbms": "string", "skip": "string",
"paramExclude": "string",
"dbmsCred": "string", "dbmsCred": "string",
"os": "string", "os": "string",
"invalidBignum": "boolean", "invalidBignum": "boolean",

2
lib/core/settings.py
View File

@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
from lib.core.enums import OS from lib.core.enums import OS
# sqlmap version (<major>.<minor>.<month>.<monthly commit>) # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
VERSION = "1.0.12.14" VERSION = "1.0.12.15"
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

3
lib/parse/cmdline.py
View File

@ -269,6 +269,9 @@ def cmdLineParser(argv=None):
injection.add_option("--skip-static", dest="skipStatic", action="store_true", injection.add_option("--skip-static", dest="skipStatic", action="store_true",
help="Skip testing parameters that not appear to be dynamic") help="Skip testing parameters that not appear to be dynamic")
injection.add_option("--param-exclude", dest="paramExclude",
help="Regexp to exclude parameters from testing (e.g. \"ses\")")
injection.add_option("--dbms", dest="dbms", injection.add_option("--dbms", dest="dbms",
help="Force back-end DBMS to this value") help="Force back-end DBMS to this value")

3
sqlmap.conf
View File

@ -238,6 +238,9 @@ skip =
# Valid: True or False # Valid: True or False
skipStatic = False skipStatic = False
# Regexp to exclude parameters from testing (e.g. "ses").
paramExclude =
# Force back-end DBMS to this value. If this option is set, the back-end # Force back-end DBMS to this value. If this option is set, the back-end
# DBMS identification process will be minimized as needed. # DBMS identification process will be minimized as needed.
# If not set, sqlmap will detect back-end DBMS automatically by default. # If not set, sqlmap will detect back-end DBMS automatically by default.

8
txt/checksum.md5
View File

@ -21,7 +21,7 @@ cc9c82cfffd8ee9b25ba3af6284f057e extra/sqlharvest/__init__.py
4f2f817596540d82f9fcc0c5b2228beb extra/sqlharvest/sqlharvest.py 4f2f817596540d82f9fcc0c5b2228beb extra/sqlharvest/sqlharvest.py
2daa39e4d59526acb4772b6c47eb315f lib/controller/action.py 2daa39e4d59526acb4772b6c47eb315f lib/controller/action.py
eb36e67d0f698384978486d9b16591c5 lib/controller/checks.py eb36e67d0f698384978486d9b16591c5 lib/controller/checks.py
f5183cfef62974889db81beb0adbf8fd lib/controller/controller.py 531365e625d740ffed1fe97d8318979c lib/controller/controller.py
ec007a1424da78cfdae90da6ae49ed9b lib/controller/handler.py ec007a1424da78cfdae90da6ae49ed9b lib/controller/handler.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/controller/__init__.py
cdffff6260c40ccb4e4092fc21d9d63f lib/core/agent.py cdffff6260c40ccb4e4092fc21d9d63f lib/core/agent.py
@ -38,14 +38,14 @@ b218e03ef7426fb0414881b05add1092 lib/core/enums.py
e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py e4aec2b11c1ad6039d0c3dbbfbc5eb1a lib/core/exception.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/core/__init__.py
91c514013daa796e2cdd940389354eac lib/core/log.py 91c514013daa796e2cdd940389354eac lib/core/log.py
86c86d2ee9e0eb74b13c16797b7dfc51 lib/core/optiondict.py ea5b08cac48cf538fb4bce31438b387b lib/core/optiondict.py
5d530c06c9720626ef6bf9e0a3decd2a lib/core/option.py 5d530c06c9720626ef6bf9e0a3decd2a lib/core/option.py
7af487340c138f7b5dbd443161cbb428 lib/core/profiling.py 7af487340c138f7b5dbd443161cbb428 lib/core/profiling.py
e60456db5380840a586654344003d4e6 lib/core/readlineng.py e60456db5380840a586654344003d4e6 lib/core/readlineng.py
b3a62d41a5af6cd7fa733b6227febb0c lib/core/replication.py b3a62d41a5af6cd7fa733b6227febb0c lib/core/replication.py
dfb664b223ac3585d51e58839b777d9b lib/core/revision.py dfb664b223ac3585d51e58839b777d9b lib/core/revision.py
7c15dd2777af4dac2c89cab6df17462e lib/core/session.py 7c15dd2777af4dac2c89cab6df17462e lib/core/session.py
f6750f9990821025ee93de4561b534bc lib/core/settings.py d686c45c24eaa2519bc7e942fa8a2743 lib/core/settings.py
7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py 7af83e4f18cab6dff5e67840eb65be80 lib/core/shell.py
23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py 23657cd7d924e3c6d225719865855827 lib/core/subprocessng.py
c3ace7874a536d801f308cf1fd03df99 lib/core/target.py c3ace7874a536d801f308cf1fd03df99 lib/core/target.py
@ -56,7 +56,7 @@ d43f059747ffd48952922c94152e2a07 lib/core/testing.py
8485a3cd94c0a5af2718bad60c5f1ae5 lib/core/wordlist.py 8485a3cd94c0a5af2718bad60c5f1ae5 lib/core/wordlist.py
cc9c82cfffd8ee9b25ba3af6284f057e lib/__init__.py cc9c82cfffd8ee9b25ba3af6284f057e lib/__init__.py
c1288bc4ce5651dbdd82d4a9435fdc03 lib/parse/banner.py c1288bc4ce5651dbdd82d4a9435fdc03 lib/parse/banner.py
ba4c9a57e87f54c647ca29a14fa82f9c lib/parse/cmdline.py 16c1928161aa64e7c98d42116369459c lib/parse/cmdline.py
8ec4d4f02634834701f8258726f2e511 lib/parse/configfile.py 8ec4d4f02634834701f8258726f2e511 lib/parse/configfile.py
fe4e2152292587928edb94c9a4d311ff lib/parse/handler.py fe4e2152292587928edb94c9a4d311ff lib/parse/handler.py
8e6bfb13e5a34b2610f3ff23467a34cf lib/parse/headers.py 8e6bfb13e5a34b2610f3ff23467a34cf lib/parse/headers.py