Adding new option --param-exclude on private request

2025-12-06 20:51:31 +00:00 · 2016-12-25 23:16:44 +01:00
parent 44b00d629d
commit 89bbf5284c
6 changed files with 19 additions and 6 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -470,6 +470,12 @@ def start():
                            infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
                            logger.info(infoMsg)

+                        elif re.search(conf.paramExclude or "", parameter, re.I) or kb.postHint and re.search(conf.paramExclude or "", parameter.split(' ')[-1], re.I):
+                            testSqlInj = False
+
+                            infoMsg = "skipping %s parameter '%s'" % (paramType, parameter)
+                            logger.info(infoMsg)
+
                        elif parameter == conf.csrfToken:
                            testSqlInj = False