From 18d27cabc5f62fb3c749d0bed589b3979d44f297 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 7 Oct 2010 15:34:17 +0000
Subject: [PATCH] more changes

---
 lib/controller/checks.py |  5 +++--
 lib/core/agent.py        |  2 ++
 lib/core/option.py       |  1 +
 lib/utils/parenthesis.py |  1 +
 xml/injections.xml       | 36 ++++++++++++++++++------------------
 5 files changed, 25 insertions(+), 20 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 965923728..e845b346c 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -54,6 +54,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
       * Double quoted string injection
     """
 
+    logic = conf.logic
     randInt = randomInt()
     randStr = randomStr()
     prefix = ""
@@ -73,7 +74,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
         if not prefix and not postfix and case.name == "custom":
             continue
 
-        infoMsg  = "testing %s injection " % case.desc
+        infoMsg  = "testing %s (%s) injection " % (case.desc, logic)
         infoMsg += "on %s parameter '%s'" % (place, parameter)
         logger.info(infoMsg)
 
@@ -86,7 +87,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
             falseResult = Request.queryPage(payload, place)
 
             if not falseResult:
-                infoMsg  = "%s parameter '%s' is %s injectable " % (place, parameter, case.desc)
+                infoMsg  = "%s parameter '%s' is %s (%s) injectable " % (place, parameter, case.desc, logic)
                 infoMsg += "with %d parenthesis" % parenthesis
                 logger.info(infoMsg)
                 return case.name
diff --git a/lib/core/agent.py b/lib/core/agent.py
index ca85a9a31..a6e18adf1 100644
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -143,6 +143,7 @@ class Agent:
         if conf.direct:
             return self.payloadDirect(string)
 
+        logic = conf.logic
         query = str()
         case = getInjectionCase(kb.injType)
 
@@ -172,6 +173,7 @@ class Agent:
         if conf.direct:
             return self.payloadDirect(string)
 
+        logic = conf.logic
         case = getInjectionCase(kb.injType)
 
         if case is None:
diff --git a/lib/core/option.py b/lib/core/option.py
index e3e257162..d74fdced9 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -955,6 +955,7 @@ def __setConfAttributes():
     conf.httpHeaders      = []
     conf.hostname         = None
     conf.loggedToOut      = None
+    conf.logic            = "AND"
     conf.matchRatio       = None
     conf.md5hash          = None
     conf.multipleTargets  = False
diff --git a/lib/utils/parenthesis.py b/lib/utils/parenthesis.py
index 570b28bf6..90afe4057 100644
--- a/lib/utils/parenthesis.py
+++ b/lib/utils/parenthesis.py
@@ -42,6 +42,7 @@ def checkForParenthesis():
     logMsg = "testing for parenthesis on injectable parameter"
     logger.info(logMsg)
 
+    logic = conf.logic
     count = 0
     case = getInjectionCase(kb.injType)
 
diff --git a/xml/injections.xml b/xml/injections.xml
index 0ddff3b54..daf3eef5f 100644
--- a/xml/injections.xml
+++ b/xml/injections.xml
@@ -3,62 +3,62 @@
 <root>
     <case name="custom" desc="custom">
         <test>
-            <positive format="%s%s%s AND %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt, postfix"/>
-            <negative format="%s%s%s AND %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt + 1, postfix"/>
+            <positive format="%s%s%s %s %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randInt, randInt, postfix"/>
+            <negative format="%s%s%s %s %s%d=%d %s" params="value, prefix, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randInt, randInt + 1, postfix"/>
         </test>
         <usage>
             <prefix format="%s " params="')' * parenthesis"/>
-            <postfix format=" AND %s" params="'(' * parenthesis"/>
+            <postfix format=" %s %s" params="logic, '(' * parenthesis"/>
         </usage>
     </case>
     <case name="numeric" desc="unescaped numeric">
         <test>
-            <positive format="%s%s AND %s%d=%d" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt"/>
-            <negative format="%s%s AND %s%d=%d" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randInt, randInt + 1"/>
+            <positive format="%s%s %s %s%d=%d" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randInt, randInt"/>
+            <negative format="%s%s %s %s%d=%d" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randInt, randInt + 1"/>
         </test>
         <usage>
             <prefix format="%s " params="')' * parenthesis"/>
-            <postfix format=" AND %s%d=%d" params="'(' * parenthesis, randInt, randInt"/>
+            <postfix format=" %s %s%d=%d" params="logic, '(' * parenthesis, randInt, randInt"/>
         </usage>
     </case>
     <case name="stringsingle" desc="single quoted string">
         <test>
-            <positive format="%s'%s AND %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
-            <negative format="%s'%s AND %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
+            <positive format="%s'%s %s %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr"/>
+            <negative format="%s'%s %s %s'%s'='%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
         </test>
         <usage>
             <prefix format="'%s " params="')' * parenthesis"/>
-            <postfix format=" AND %s'%s'='%s" params="'(' * parenthesis, randStr, randStr"/>
+            <postfix format=" %s %s'%s'='%s" params="logic, '(' * parenthesis, randStr, randStr"/>
         </usage>
     </case>
     <case name="likesingle" desc="LIKE single quoted string">
         <test>
-            <positive format="%s'%s AND %s'%s' LIKE '%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
-            <negative format="%s'%s AND %s'%s' LIKE '%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
+            <positive format="%s'%s %s %s'%s' LIKE '%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr"/>
+            <negative format="%s'%s %s %s'%s' LIKE '%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
         </test>
         <usage>
             <prefix format="'%s " params="')' * parenthesis"/>
-            <postfix format=" AND %s'%s' LIKE '%s" params="'(' * parenthesis, randStr, randStr"/>
+            <postfix format=" %s %s'%s' LIKE '%s" params="logic, '(' * parenthesis, randStr, randStr"/>
         </usage>
     </case>
     <case name="stringdouble" desc="double quoted string">
         <test>
-            <positive format="%s\&quot;%s AND %s\&quot;%s\&quot;=\&quot;%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
-            <negative format="%s\&quot;%s AND %s\&quot;%s\&quot;=\&quot;%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
+            <positive format="%s\&quot;%s %s %s\&quot;%s\&quot;=\&quot;%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr"/>
+            <negative format="%s\&quot;%s %s %s\&quot;%s\&quot;=\&quot;%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
         </test>
         <usage>
             <prefix format="&quot;%s " params="')' * parenthesis"/>
-            <postfix format=" AND %s\&quot;%s\&quot;=\&quot;%s" params="'(' * parenthesis, randStr, randStr"/>
+            <postfix format=" %s %s\&quot;%s\&quot;=\&quot;%s" params="logic, '(' * parenthesis, randStr, randStr"/>
         </usage>
     </case>
     <case name="likedouble" desc="LIKE double quoted string">
         <test>
-            <positive format="%s\&quot;%s AND %s\&quot;%s\&quot; LIKE \&quot;%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr"/>
-            <negative format="%s\&quot;%s AND %s\&quot;%s\&quot; LIKE \&quot;%s" params="value, &quot;)&quot; * parenthesis, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
+            <positive format="%s\&quot;%s %s %s\&quot;%s\&quot; LIKE \&quot;%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr"/>
+            <negative format="%s\&quot;%s %s %s\&quot;%s\&quot; LIKE \&quot;%s" params="value, &quot;)&quot; * parenthesis, logic, &quot;(&quot; * parenthesis, randStr, randStr + randomStr(1)"/>
         </test>
         <usage>
             <prefix format="&quot;%s " params="')' * parenthesis"/>
-            <postfix format=" AND %s\&quot;%s\&quot; LIKE \&quot;%s" params="'(' * parenthesis, randStr, randStr"/>
+            <postfix format=" %s %s\&quot;%s\&quot; LIKE \&quot;%s" params="logic, '(' * parenthesis, randStr, randStr"/>
         </usage>
     </case>
 </root>