Minor update

stamparm · stamparm · commit bc19f40d09a0 · 2013-08-22T10:44:21.000+02:00
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -562,7 +562,7 @@ def paramToDict(place, parameters=None):
                         warnMsg += "('%s') with most probably leftover " % element
                         warnMsg += "chars/statements from manual SQL injection test(s). "
                         warnMsg += "Please, always use only valid parameter values "
-                        warnMsg += "so sqlmap could be able to properly run "
+                        warnMsg += "so sqlmap could be able to run properly"
                         logger.warn(warnMsg)
 
                         message = "Are you sure you want to continue? [y/N] "
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -377,7 +377,7 @@
 DUMMY_SQL_INJECTION_CHARS = ";()'"
 
 # Simple check against dummy users
-DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]"
+DUMMY_USER_INJECTION = r"(?i)[^\w](AND|OR)\s+[^\s]+[=><]|\bUNION\b.+\bSELECT\b"
 
 # Extensions skipped by crawler
 CRAWL_EXCLUDE_EXTENSIONS = ("gif", "jpg", "jpeg", "image", "jar", "tif", "bmp", "war", "ear", "mpg", "mpeg", "wmv", "mpeg", "scm", "iso", "dmp", "dll", "cab", "so", "avi", "mkv", "bin", "exe", "iso", "tar", "png", "pdf", "ps", "wav", "mp3", "mp4", "au", "aiff", "aac", "zip", "rar", "7z", "gz", "flv", "mov")
