sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-11-04 09:57:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

first step toward negative logic support

Browse Source
This commit is contained in:
Miroslav Stampar 2012-03-15 15:52:12 +00:00
parent 8dd570057b
commit 19beb912fa
3 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
lib/core/option.py
View File

@ -1463,6 +1463,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
kb.matchRatio = None kb.matchRatio = None
kb.mergeCookies = None kb.mergeCookies = None
kb.multiThreadMode = False kb.multiThreadMode = False
kb.negativeLogic = False
kb.nullConnection = None kb.nullConnection = None
kb.pageTemplate = None kb.pageTemplate = None
kb.pageTemplates = dict() kb.pageTemplates = dict()

13
lib/request/comparison.py
View File

@ -35,21 +35,24 @@ def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
seqMatcher = getCurrentThreadData().seqMatcher seqMatcher = getCurrentThreadData().seqMatcher
seqMatcher.set_seq1(kb.pageTemplate) seqMatcher.set_seq1(kb.pageTemplate)
def _(condition):
#condition = not condition if kb.negativeLogic else condition
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
if any([conf.string, conf.regexp]): if any([conf.string, conf.regexp]):
rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page) rawResponse = "%s%s" % (listToStrValue(headers.headers if headers else ""), page)
# String to match in page when the query is valid # String to match in page when the query is valid
if conf.string: if conf.string:
condition = conf.string in rawResponse return _(conf.string in rawResponse)
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
# Regular expression to match in page when the query is valid # Regular expression to match in page when the query is valid
if conf.regexp: if conf.regexp:
condition = re.search(conf.regexp, rawResponse, re.I | re.M) is not None return _(re.search(conf.regexp, rawResponse, re.I | re.M) is not None)
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
# HTTP code to match when the query is valid
if isinstance(code, int) and conf.code: if isinstance(code, int) and conf.code:
return code == conf.code return _(conf.code == code)
if page: if page:
# In case of an DBMS error page return None # In case of an DBMS error page return None

5
lib/request/inject.py
View File

@ -414,6 +414,9 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found: if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found:
kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN
pushValue(kb.negativeLogic)
kb.negativeLogic = "OR NOT" in kb.injection.data[kb.technique].vector
if expected == EXPECTED.BOOL: if expected == EXPECTED.BOOL:
value = __goBooleanProxy(booleanExpression) value = __goBooleanProxy(booleanExpression)
else: else:
@ -422,6 +425,8 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
count += 1 count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
kb.negativeLogic = popValue()
if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found: if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME):
kb.technique = PAYLOAD.TECHNIQUE.TIME kb.technique = PAYLOAD.TECHNIQUE.TIME