@@ -521,26 +521,30 @@ def start():
521521
522522 injection = checkSqlInjection (place , parameter , value )
523523 proceed = not kb .endDetection
524+ injectable = False
524525
525526 if getattr (injection , "place" , None ) is not None :
526527 if NOTE .FALSE_POSITIVE_OR_UNEXPLOITABLE in injection .notes :
527528 kb .falsePositives .append (injection )
528529 else :
530+ injectable = True
531+
529532 kb .injections .append (injection )
530533
531- # In case when user wants to end detection phase (Ctrl+C)
532- if not proceed :
533- break
534+ # In case when user wants to end detection phase (Ctrl+C)
535+ if not proceed :
536+ break
537+
538+ msg = "%s parameter '%s' " % (injection .place , injection .parameter )
539+ msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
540+ test = readInput (msg , default = "N" )
534541
535- msg = "%s parameter '%s' " % (injection .place , injection .parameter )
536- msg += "is vulnerable. Do you want to keep testing the others (if any)? [y/N] "
537- test = readInput (msg , default = "N" )
542+ if test [0 ] not in "y" , "Y" ):
543+ proceed = False
544+ paramKey = (conf .hostname , conf .path , None , None )
545+ kb .testedParams .add (paramKey )
538546
539- if test [0 ] not in "y" , "Y" ):
540- proceed = False
541- paramKey = (conf .hostname , conf .path , None , None )
542- kb .testedParams .add (paramKey )
543- else :
547+ if not injectable :
544548 warnMsg = "%s parameter '%s' is not " % (paramType , parameter )
545549 warnMsg += "injectable"
546550 logger .warn (warnMsg )
0 commit comments