Fixes #5308

2025-12-06 20:51:31 +00:00 · 2023-02-07 09:40:42 +01:00
parent 9eb970e7c7
commit d3bfe59401
3 changed files with 20 additions and 1 deletions
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@@ -568,6 +568,24 @@ def start():
                                infoMsg = "%sparameter '%s' appears to be dynamic" % ("%s " % paramType if paramType != parameter else "", parameter)
                                logger.info(infoMsg)

+                        if kb.processUserMarks:
+                            if testSqlInj and place not in (PLACE.CUSTOM_POST, PLACE.CUSTOM_HEADER):
+                                if kb.processNonCustom is None:
+                                    message = "other non-custom parameters found. "
+                                    message += "Do you want to process them too? [Y/n/q] "
+                                    choice = readInput(message, default='Y').upper()
+
+                                    if choice == 'Q':
+                                        raise SqlmapUserQuitException
+                                    else:
+                                        kb.processNonCustom = choice == 'Y'
+
+                                if not kb.processNonCustom:
+                                    infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "", parameter)
+                                    logger.info(infoMsg)
+
+                                    testSqlInj = False
+
                        kb.testedParams.add(paramKey)

                        if testSqlInj: