kids, don't use this at home

stamparm · stamparm · commit 10a7a2dfb297 · 2010-12-20T10:13:14.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -463,6 +463,8 @@ def heuristicCheckSqlInjection(place, parameter, value):
         infoMsg += "not be injectable"
         logger.warn(infoMsg)
 
+    return result
+
 def checkDynParam(place, parameter, value):
     """
     This function checks if the url parameter is dynamic. If it is
diff --git a/lib/controller/controller.py b/lib/controller/controller.py
@@ -339,7 +339,9 @@ def start():
                         kb.testedParams.add(paramKey)
 
                         if testSqlInj:
-                            heuristicCheckSqlInjection(place, parameter, value)
+                            check = heuristicCheckSqlInjection(place, parameter, value)
+                            if not check and conf.scriptKiddie:
+                                continue
 
                             logMsg  = "testing sql injection on %s " % place
                             logMsg += "parameter '%s'" % parameter
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -532,6 +532,9 @@ def cmdLineParser():
         parser.add_option("--technique", dest="technique", type="int",
                           default=False, help=SUPPRESS_HELP)
 
+        parser.add_option("--script-kiddie", dest="scriptKiddie", action="store_true",
+                          default=False, help=SUPPRESS_HELP)
+
         parser.add_option_group(target)
         parser.add_option_group(request)
         parser.add_option_group(optimization)
