PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

Fix the logic used for --param-exclude

Browse Source 
The current logic will skip all existing parameters if no param-exclude is defined.
This breaks previous behaviour, makes it harder to use the tool and is quite confusing.

The new logic will always check the parameter is set before running any other checks instead of shortcircuit an empoty(always true) regexp.
This commit is contained in:
Francisco Blas Izquierdo Riera (klondike)
2016-12-28 12:25:05 +01:00
parent 89bbf5284c
commit 025e9ac5b4
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/controller.py
View File

@@ -470,7 +470,7 @@ def start():
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
logger.info(infoMsg)
elif re.search(conf.paramExclude or "", parameter, re.I) or kb.postHint and re.search(conf.paramExclude or "", parameter.split(' ')[-1], re.I):
elif conf.paramExclude and (re.search(conf.paramExclude, parameter, re.I) or kb.postHint and re.search(conf.paramExclude, parameter.split(' ')[-1], re.I)):
testSqlInj = False
infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)