PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

Ignore Google analytics cookies

Browse Source
This commit is contained in:
Miroslav Stampar
2013-12-04 09:56:37 +01:00
parent dd2ddec79a
commit bf3fbb0ae0
3 changed files with 9 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/core/common.py
View File

@@ -97,6 +97,7 @@ from lib.core.settings import ERROR_PARSING_REGEXES
from lib.core.settings import FORCE_COOKIE_EXPIRATION_TIME
from lib.core.settings import FORM_SEARCH_REGEX
from lib.core.settings import GENERIC_DOC_ROOT_DIRECTORY_NAMES
from lib.core.settings import GOOGLE_ANALYTICS_COOKIE_PREFIX
from lib.core.settings import HASHDB_MILESTONE_VALUE
from lib.core.settings import HOST_ALIASES
from lib.core.settings import INFERENCE_UNKNOWN_CHAR
@@ -556,8 +557,9 @@ def paramToDict(place, parameters=None):
testableParameters[parameter] = "=".join(parts[1:])
if not conf.multipleTargets:
_ = urldecode(testableParameters[parameter], convall=True)
if _.strip(DUMMY_SQL_INJECTION_CHARS) != _\
or re.search(r'\A9{3,}', _) or re.search(DUMMY_USER_INJECTION, _):
if (_.strip(DUMMY_SQL_INJECTION_CHARS) != _\
or re.search(r'\A9{3,}', _) or re.search(DUMMY_USER_INJECTION, _))\
and not parameter.upper().startswith(GOOGLE_ANALYTICS_COOKIE_PREFIX):
warnMsg = "it appears that you have provided tainted parameter values "
warnMsg += "('%s') with most probably leftover " % element
warnMsg += "chars/statements from manual SQL injection test(s). "