From 6bde50dbdc2f2f0f04efdae9ca1b507fbaea69c3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 15 Oct 2019 16:08:58 +0200 Subject: [PATCH] Patch for #3964 --- lib/core/option.py | 14 +++++++++----- lib/core/settings.py | 5 ++++- 2 files changed, 13 insertions(+), 6 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 51d36ded7..ce9e97479 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -109,6 +109,7 @@ from lib.core.settings import DEFAULT_TOR_HTTP_PORTS from lib.core.settings import DEFAULT_TOR_SOCKS_PORTS from lib.core.settings import DEFAULT_USER_AGENT from lib.core.settings import DUMMY_URL +from lib.core.settings import IGNORE_CODE_WILDCARD from lib.core.settings import IS_WIN from lib.core.settings import KB_CHARS_BOUNDARY_CHAR from lib.core.settings import KB_CHARS_LOW_FREQUENCY_ALPHABET @@ -1569,11 +1570,14 @@ def _cleanupOptions(): conf.testParameter = [] if conf.ignoreCode: - try: - conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)] - except ValueError: - errMsg = "options '--ignore-code' should contain a list of integer values" - raise SqlmapSyntaxException(errMsg) + if conf.ignoreCode == IGNORE_CODE_WILDCARD: + conf.ignoreCode = xrange(0, 1000) + else: + try: + conf.ignoreCode = [int(_) for _ in re.split(PARAMETER_SPLITTING_REGEX, conf.ignoreCode)] + except ValueError: + errMsg = "options '--ignore-code' should contain a list of integer values or a wildcard value '%s'" % IGNORE_CODE_WILDCARD + raise SqlmapSyntaxException(errMsg) else: conf.ignoreCode = [] diff --git a/lib/core/settings.py b/lib/core/settings.py index 5b60c8dc1..9a9b5d434 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.3.10.16" +VERSION = "1.3.10.17" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) @@ -413,6 +413,9 @@ CANDIDATE_SENTENCE_MIN_LENGTH = 10 # Character used for marking injectable position inside provided data CUSTOM_INJECTION_MARK_CHAR = '*' +# Wildcard value that can be used in option --ignore-code +IGNORE_CODE_WILDCARD = '*' + # Other way to declare injection position INJECT_HERE_REGEX = r"(?i)%INJECT[_ ]?HERE%"