Fixes #4483

Author: stamparm

lib/core/option.py

@@ -1868,6 +1868,8 @@ class _(six.text_type):
 
     if conf.exclude:
         regex = False
+        original = conf.exclude
+
         if any(_ in conf.exclude for _ in ('+', '*')):
             try:
                 re.compile(conf.exclude)
@@ -1882,6 +1884,12 @@ class _(six.text_type):
         else:
             conf.exclude = re.sub(r"(\w+)\$", r"\g<1>\$", conf.exclude)
 
+        class _(six.text_type):
+            pass
+
+        conf.exclude = _(conf.exclude)
+        conf.exclude._original = original
+
     if conf.binaryFields:
         conf.binaryFields = conf.binaryFields.replace(" ", "")
         conf.binaryFields = re.split(PARAMETER_SPLITTING_REGEX, conf.binaryFields)

lib/core/settings.py

@@ -18,7 +18,7 @@
 from thirdparty.six import unichr as _unichr
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.4.12.23"
+VERSION = "1.4.12.24"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

plugins/generic/search.py

@@ -194,6 +194,9 @@ def searchTable(self):
             else:
                 whereDbsQuery = ""
 
+            if dbCond and conf.exclude:
+                whereDbsQuery += " AND %s NOT LIKE '%s'" % (dbCond, re.sub(r"\.[*+]", '%', conf.exclude._original))
+
             logger.info(infoMsg)
 
             tblQuery = "%s%s" % (tblCond, tblCondParam)
@@ -431,6 +434,9 @@ def searchColumn(self):
                 else:
                     infoMsgDb = " across all databases"
 
+                if conf.exclude:
+                    whereDbsQuery += " AND %s NOT LIKE '%s'" % (dbCond, re.sub(r"\.[*+]", '%', conf.exclude._original))
+
             logger.info("%s%s%s" % (infoMsg, infoMsgTbl, infoMsgDb))
 
             colQuery = "%s%s" % (colCond, colCondParam)