PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

Minor update for the Issue #2

Browse Source
This commit is contained in:
Miroslav Stampar
2014-10-23 14:03:44 +02:00
parent 7143e61619
commit 01f4b76817
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/core/target.py
View File

@@ -43,7 +43,7 @@ from lib.core.option import _setDBMS
from lib.core.option import _setKnowledgeBaseAttributes
from lib.core.option import _setAuthCred
from lib.core.settings import ASTERISK_MARKER
from lib.core.settings import CSRF_TOKEN_PARAMETER_PREFIXES
from lib.core.settings import CSRF_TOKEN_PARAMETER_INFIXES
from lib.core.settings import CUSTOM_INJECTION_MARK_CHAR
from lib.core.settings import DEFAULT_GET_POST_DELIMITER
from lib.core.settings import HOST_ALIASES
@@ -353,7 +353,7 @@ def _setRequestParams():
else:
for place in (PLACE.GET, PLACE.POST):
for parameter in conf.paramDict.get(place, {}):
if any(parameter.lower().startswith(_) for _ in CSRF_TOKEN_PARAMETER_PREFIXES):
if any(parameter.lower().count(_) for _ in CSRF_TOKEN_PARAMETER_INFIXES):
message = "%s parameter '%s' appears to hold CSRF protection token. " % (place, parameter)
message += "Do you want sqlmap to automatically update it in further requests? [y/N] "
test = readInput(message, default="N")