@@ -512,6 +512,23 @@ def start():
512512 testSqlInj = True
513513 paramKey = (conf .hostname , conf .path , place , parameter )
514514
515+ if kb .processUserMarks :
516+ if testSqlInj and place not in PLACE .CUSTOM_POST , PLACE .CUSTOM_HEADER ):
517+ if kb .processNonCustom is None :
518+ message = "other non-custom parameters found. "
519+ message += "Do you want to process them too? [Y/n/q] "
520+ choice = readInput (message , default = 'Y' ).upper ()
521+
522+ if choice == 'Q' :
523+ raise SqlmapUserQuitException
524+ else :
525+ kb .processNonCustom = choice == 'Y'
526+
527+ if not kb .processNonCustom :
528+ infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "" , parameter )
529+ logger .info (infoMsg )
530+ continue
531+
515532 if paramKey in kb .testedParams :
516533 testSqlInj = False
517534
@@ -568,24 +585,6 @@ def start():
568585 infoMsg = "%sparameter '%s' appears to be dynamic" % ("%s " % paramType if paramType != parameter else "" , parameter )
569586 logger .info (infoMsg )
570587
571- if kb .processUserMarks :
572- if testSqlInj and place not in PLACE .CUSTOM_POST , PLACE .CUSTOM_HEADER ):
573- if kb .processNonCustom is None :
574- message = "other non-custom parameters found. "
575- message += "Do you want to process them too? [Y/n/q] "
576- choice = readInput (message , default = 'Y' ).upper ()
577-
578- if choice == 'Q' :
579- raise SqlmapUserQuitException
580- else :
581- kb .processNonCustom = choice == 'Y'
582-
583- if not kb .processNonCustom :
584- infoMsg = "skipping %sparameter '%s'" % ("%s " % paramType if paramType != parameter else "" , parameter )
585- logger .info (infoMsg )
586-
587- testSqlInj = False
588-
589588 kb .testedParams .add (paramKey )
590589
591590 if testSqlInj :
0 commit comments