From 20ae1c2187dd10368bb4a231e73617de27f17fa3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 24 Oct 2011 00:40:06 +0000 Subject: [PATCH] added switch --logic-negative --- lib/controller/checks.py | 5 ++++- lib/core/agent.py | 9 ++++++--- lib/parse/cmdline.py | 4 ++++ sqlmap.conf | 4 ++++ 4 files changed, 18 insertions(+), 4 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index e4bdb656e..c2633dea0 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -289,7 +289,10 @@ def checkSqlInjection(place, parameter, value): # Use different page template than the original # one as we are changing parameters value, which # will likely result in a different content - origValue = "-%s" % randomInt() + if not conf.logicNegative: + origValue = "-%s" % randomInt() + else: + origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt()) templatePayload = agent.payload(place, parameter, newValue=origValue, where=where) elif where == PAYLOAD.WHERE.REPLACE: origValue = "" diff --git a/lib/core/agent.py b/lib/core/agent.py index 66616c3dc..c625783d6 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -88,10 +88,13 @@ class Agent: if where == PAYLOAD.WHERE.ORIGINAL: value = origValue elif where == PAYLOAD.WHERE.NEGATIVE: - if newValue.startswith("-"): - value = "" + if not conf.logicNegative: + if newValue.startswith("-"): + value = "" + else: + value = "-%s" % randomInt() else: - value = "-%s" % randomInt() + value = "%s AND %s=%s" % (origValue, randomInt(2), randomInt(2)) elif where == PAYLOAD.WHERE.REPLACE: value = "" else: diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py index e93c74141..59967217d 100644 --- a/lib/parse/cmdline.py +++ b/lib/parse/cmdline.py @@ -184,6 +184,10 @@ def cmdLineParser(): injection.add_option("--suffix", dest="suffix", help="Injection payload suffix string") + injection.add_option("--logic-negative", dest="logicNegative", + action="store_true", + help="Use logic operation(s) instead of negating values") + injection.add_option("--skip", dest="skip", help="Skip testing for given parameter(s)") diff --git a/sqlmap.conf b/sqlmap.conf index 6569958c7..139af26d4 100644 --- a/sqlmap.conf +++ b/sqlmap.conf @@ -185,6 +185,10 @@ prefix = # Injection payload suffix string suffix = +# Use logic operation(s) instead of negating values +# Valid: True or False +logicNegative = False + # Skip testing for given parameter(s) skip =