sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-16 19:40:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update (tainted values are not checked any more in multipleTargets mode)

Browse Source
This commit is contained in:
Miroslav Stampar 2012-05-25 09:52:17 +00:00
parent dc20bff1d0
commit db526bdbc0
1 changed files with 14 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
lib/core/common.py
View File

@ -539,20 +539,21 @@ def paramToDict(place, parameters=None):
if condition: if condition:
testableParameters[parameter] = "=".join(elem[1:]) testableParameters[parameter] = "=".join(elem[1:])
if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\ if not conf.multipleTargets:
or re.search(r'\A9{3,}', testableParameters[parameter]) or re.search(DUMMY_USER_INJECTION, testableParameters[parameter]): if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\
warnMsg = "it appears that you have provided tainted parameter values " or re.search(r'\A9{3,}', testableParameters[parameter]) or re.search(DUMMY_USER_INJECTION, testableParameters[parameter]):
warnMsg += "('%s') with most probably leftover " % element warnMsg = "it appears that you have provided tainted parameter values "
warnMsg += "chars from manual sql injection " warnMsg += "('%s') with most probably leftover " % element
warnMsg += "tests (%s) or non-valid numerical value. " % DUMMY_SQL_INJECTION_CHARS warnMsg += "chars from manual sql injection "
warnMsg += "Please, always use only valid parameter values " warnMsg += "tests (%s) or non-valid numerical value. " % DUMMY_SQL_INJECTION_CHARS
warnMsg += "so sqlmap could be able to properly run " warnMsg += "Please, always use only valid parameter values "
logger.warn(warnMsg) warnMsg += "so sqlmap could be able to properly run "
logger.warn(warnMsg)
message = "Are you sure you want to continue? [y/N] " message = "Are you sure you want to continue? [y/N] "
test = readInput(message, default="N") test = readInput(message, default="N")
if test[0] not in ("y", "Y"): if test[0] not in ("y", "Y"):
raise sqlmapSilentQuitException raise sqlmapSilentQuitException
else: else:
root = ET.XML(parameters) root = ET.XML(parameters)