From bc19f40d09a07a4925013dc114351beeeba88e32 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 22 Aug 2013 10:44:21 +0200 Subject: [PATCH] Minor update --- lib/core/common.py | 2 +- lib/core/settings.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index a7d1db641..1395a3079 100755 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -562,7 +562,7 @@ def paramToDict(place, parameters=None): warnMsg += "('%s') with most probably leftover " % element warnMsg += "chars/statements from manual SQL injection test(s). " warnMsg += "Please, always use only valid parameter values " - warnMsg += "so sqlmap could be able to properly run " + warnMsg += "so sqlmap could be able to run properly" logger.warn(warnMsg) message = "Are you sure you want to continue? [y/N] " diff --git a/lib/core/settings.py b/lib/core/settings.py index 10dbad677..5120c74ca 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -377,7 +377,7 @@ ITOA64 = "./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" DUMMY_SQL_INJECTION_CHARS = ";()'" # Simple check against dummy users -DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]" +DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b" # Extensions skipped by crawler CRAWL_EXCLUDE_EXTENSIONS = ("gif", "jpg", "jpeg", "image", "jar", "tif", "bmp", "war", "ear", "mpg", "mpeg", "wmv", "mpeg", "scm", "iso", "dmp", "dll", "cab", "so", "avi", "mkv", "bin", "exe", "iso", "tar", "png", "pdf", "ps", "wav", "mp3", "mp4", "au", "aiff", "aac", "zip", "rar", "7z", "gz", "flv", "mov")