mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-25 13:11:00 +03:00 
			
		
		
		
	added switch --logic-negative
This commit is contained in:
		
							parent
							
								
									8bd3cfdc8e
								
							
						
					
					
						commit
						20ae1c2187
					
				|  | @ -289,7 +289,10 @@ def checkSqlInjection(place, parameter, value): | |||
|                         # Use different page template than the original | ||||
|                         # one as we are changing parameters value, which | ||||
|                         # will likely result in a different content | ||||
|                         origValue = "-%s" % randomInt() | ||||
|                         if not conf.logicNegative: | ||||
|                             origValue = "-%s" % randomInt() | ||||
|                         else: | ||||
|                             origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt()) | ||||
|                         templatePayload = agent.payload(place, parameter, newValue=origValue, where=where) | ||||
|                     elif where == PAYLOAD.WHERE.REPLACE: | ||||
|                         origValue = "" | ||||
|  |  | |||
|  | @ -88,10 +88,13 @@ class Agent: | |||
|             if where == PAYLOAD.WHERE.ORIGINAL: | ||||
|                 value = origValue | ||||
|             elif where == PAYLOAD.WHERE.NEGATIVE: | ||||
|                 if newValue.startswith("-"): | ||||
|                     value = "" | ||||
|                 if not conf.logicNegative: | ||||
|                     if newValue.startswith("-"): | ||||
|                         value = "" | ||||
|                     else: | ||||
|                         value = "-%s" % randomInt() | ||||
|                 else: | ||||
|                     value = "-%s" % randomInt() | ||||
|                     value = "%s AND %s=%s" % (origValue, randomInt(2), randomInt(2)) | ||||
|             elif where == PAYLOAD.WHERE.REPLACE: | ||||
|                 value = "" | ||||
|             else: | ||||
|  |  | |||
|  | @ -184,6 +184,10 @@ def cmdLineParser(): | |||
|         injection.add_option("--suffix", dest="suffix", | ||||
|                              help="Injection payload suffix string") | ||||
| 
 | ||||
|         injection.add_option("--logic-negative", dest="logicNegative", | ||||
|                              action="store_true", | ||||
|                              help="Use logic operation(s) instead of negating values") | ||||
| 
 | ||||
|         injection.add_option("--skip", dest="skip", | ||||
|                            help="Skip testing for given parameter(s)") | ||||
| 
 | ||||
|  |  | |||
|  | @ -185,6 +185,10 @@ prefix = | |||
| # Injection payload suffix string | ||||
| suffix =  | ||||
| 
 | ||||
| # Use logic operation(s) instead of negating values | ||||
| # Valid: True or False | ||||
| logicNegative = False | ||||
| 
 | ||||
| # Skip testing for given parameter(s) | ||||
| skip = | ||||
| 
 | ||||
|  |  | |||
		Loading…
	
		Reference in New Issue
	
	Block a user