sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 19:55:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

implemented parameter --skip

Browse Source
This commit is contained in:
Miroslav Stampar 2011-08-29 13:29:42 +00:00
parent e0f521cf9d
commit 9be89422da
5 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
lib/controller/controller.py
View File

@ -419,14 +419,20 @@ def start():
infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter) infoMsg = "skipping previously processed %s parameter '%s'" % (place, parameter)
logger.info(infoMsg) logger.info(infoMsg)
elif parameter in conf.testParameter:
pass
elif parameter == conf.rParam: elif parameter == conf.rParam:
testSqlInj = False testSqlInj = False
infoMsg = "skipping randomizing %s parameter '%s'" % (place, parameter) infoMsg = "skipping randomizing %s parameter '%s'" % (place, parameter)
logger.info(infoMsg) logger.info(infoMsg)
elif parameter in conf.testParameter: elif parameter in conf.skip:
pass testSqlInj = False
infoMsg = "skipping %s parameter '%s'" % (place, parameter)
logger.info(infoMsg)
# Ignore session-like parameters for --level < 4 # Ignore session-like parameters for --level < 4
elif conf.level < 4 and parameter.upper() in IGNORE_PARAMETERS: elif conf.level < 4 and parameter.upper() in IGNORE_PARAMETERS:

10
lib/core/option.py
View File

@ -1290,6 +1290,12 @@ def __cleanupOptions():
else: else:
conf.rParam = [] conf.rParam = []
if conf.skip:
conf.skip = conf.skip.replace(" ", "")
conf.skip = re.split(PARAMETER_SPLITTING_REGEX, conf.skip)
else:
conf.skip = []
if conf.delay: if conf.delay:
conf.delay = float(conf.delay) conf.delay = float(conf.delay)
@ -1768,6 +1774,10 @@ def __basicOptionValidation():
errMsg = "switch --tor is incompatible with switch --proxy" errMsg = "switch --tor is incompatible with switch --proxy"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg
if conf.skip and conf.testParameter:
errMsg = "switch --skip is incompatible with switch -p"
raise sqlmapSyntaxException, errMsg
if conf.mobile and conf.agent: if conf.mobile and conf.agent:
errMsg = "switch --mobile is incompatible with switch --user-agent" errMsg = "switch --mobile is incompatible with switch --user-agent"
raise sqlmapSyntaxException, errMsg raise sqlmapSyntaxException, errMsg

1
lib/core/optiondict.py
View File

@ -61,6 +61,7 @@ optDict = {
"os": "string", "os": "string",
"prefix": "string", "prefix": "string",
"suffix": "string", "suffix": "string",
"skip": "string",
"tamper": "string" "tamper": "string"
}, },

5
lib/parse/cmdline.py
View File

@ -90,7 +90,7 @@ def cmdLineParser():
help="Use randomly selected HTTP User-Agent header") help="Use randomly selected HTTP User-Agent header")
request.add_option("--randomize", dest="rParam", request.add_option("--randomize", dest="rParam",
help="Randomly change value for the given parameter") help="Randomly change value for given parameter(s)")
request.add_option("--referer", dest="referer", request.add_option("--referer", dest="referer",
help="HTTP Referer header") help="HTTP Referer header")
@ -184,6 +184,9 @@ def cmdLineParser():
injection.add_option("--suffix", dest="suffix", injection.add_option("--suffix", dest="suffix",
help="Injection payload suffix string") help="Injection payload suffix string")
injection.add_option("--skip", dest="skip",
help="Skip testing for given parameter(s)")
injection.add_option("--tamper", dest="tamper", injection.add_option("--tamper", dest="tamper",
help="Use given script(s) for tampering injection data") help="Use given script(s) for tampering injection data")

3
sqlmap.conf
View File

@ -185,6 +185,9 @@ prefix =
# Injection payload suffix string # Injection payload suffix string
suffix = suffix =
# Skip testing for given parameter(s)
skip =
# Use given script(s) for tampering injection data # Use given script(s) for tampering injection data
tamper = tamper =