@@ -539,20 +539,21 @@ def paramToDict(place, parameters=None):
539539
540540 if condition :
541541 testableParameters [parameter ] = "=" .join (elem [1 :])
542- if testableParameters [parameter ].strip (DUMMY_SQL_INJECTION_CHARS ) != testableParameters [parameter ]\
543- or re .search (r'\A9{3,}' , testableParameters [parameter ]) or re .search (DUMMY_USER_INJECTION , testableParameters [parameter ]):
544- warnMsg = "it appears that you have provided tainted parameter values "
545- warnMsg += "('%s') with most probably leftover " % element
546- warnMsg += "chars from manual sql injection "
547- warnMsg += "tests (%s) or non-valid numerical value. " % DUMMY_SQL_INJECTION_CHARS
548- warnMsg += "Please, always use only valid parameter values "
549- warnMsg += "so sqlmap could be able to properly run "
550- logger .warn (warnMsg )
551-
552- message = "Are you sure you want to continue? [y/N] "
553- test = readInput (message , default = "N" )
554- if test [0 ] not in "y" , "Y" ):
555- raise sqlmapSilentQuitException
542+ if not conf .multipleTargets :
543+ if testableParameters [parameter ].strip (DUMMY_SQL_INJECTION_CHARS ) != testableParameters [parameter ]\
544+ or re .search (r'\A9{3,}' , testableParameters [parameter ]) or re .search (DUMMY_USER_INJECTION , testableParameters [parameter ]):
545+ warnMsg = "it appears that you have provided tainted parameter values "
546+ warnMsg += "('%s') with most probably leftover " % element
547+ warnMsg += "chars from manual sql injection "
548+ warnMsg += "tests (%s) or non-valid numerical value. " % DUMMY_SQL_INJECTION_CHARS
549+ warnMsg += "Please, always use only valid parameter values "
550+ warnMsg += "so sqlmap could be able to properly run "
551+ logger .warn (warnMsg )
552+
553+ message = "Are you sure you want to continue? [y/N] "
554+ test = readInput (message , default = "N" )
555+ if test [0 ] not in "y" , "Y" ):
556+ raise sqlmapSilentQuitException
556557
557558 else :
558559 root = ET .XML (parameters )
0 commit comments