--technique can now be something like 123 which includes both techniques 1, 2 and 3

lib/controller/checks.py

@@ -93,10 +93,10 @@ def checkSqlInjection(place, parameter, value):
 
             # Skip test if the user's wants to test only for a specific
             # technique
-            if conf.technique and isinstance(conf.technique, int) and stype != conf.technique:
+            if isinstance(conf.technique, list) and stype not in conf.technique:
                 debugMsg = "skipping test '%s' because the user " % title
                 debugMsg += "specified to test only for "
-                debugMsg += "%s" % PAYLOAD.SQLINJECTION[conf.technique]
+                debugMsg += "%s" % ",".join(map(lambda x: PAYLOAD.SQLINJECTION[x], conf.technique))
                 logger.debug(debugMsg)
                 continue
 

lib/core/common.py

@@ -2147,7 +2147,7 @@ def isTechniqueAvailable(technique=None):
     technique specified
     """
 
-    if conf.technique and technique != conf.technique:
+    if isinstance(conf.technique, list) and technique not in conf.technique:
         return False
     else:
         return getTechniqueData(technique) is not None

lib/core/option.py

@@ -581,10 +581,12 @@ def __setTechnique():
     if not isinstance(conf.technique, int):
         return
 
-    if conf.technique < 0 or conf.technique > 5:
-        errMsg = "the value of --technique must be an integer "
-        errMsg += "between 0 and 5"
-        raise sqlmapSyntaxException, errMsg
+    techniques = []
+    while conf.technique > 0:
+        techniques.append(conf.technique % 10)
+        conf.technique /= 10
+
+    conf.technique = techniques
 
 def __setDBMS():
     """

lib/core/session.py

@@ -13,6 +13,7 @@ from lib.core.common import Backend
 from lib.core.common import Format
 from lib.core.common import dataToSessionFile
 from lib.core.common import getFilteredPageContent
+from lib.core.common import intersect
 from lib.core.common import readInput
 from lib.core.convert import base64pickle
 from lib.core.convert import base64unpickle
@@ -49,9 +50,8 @@ def setInjection(inj):
                   or ( kb.resumedQueries.has_key(conf.url) and
                   ( not kb.resumedQueries[conf.url].has_key("Injection data")
                   or ( kb.resumedQueries[conf.url].has_key("Injection data")
-                  and isinstance(conf.technique, int) and conf.technique > 0
-                  and conf.technique not in
-                  base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data
+                  and intersect(base64unpickle(kb.resumedQueries[conf.url]["Injection data"][:-1]).data,\
+                    inj.data.keys()) != inj.data.keys()
                 ) ) ) )
 
     if condition:
@@ -164,7 +164,7 @@ def resumeConfKb(expression, url, value):
         if injection.place in conf.paramDict and \
            injection.parameter in conf.paramDict[injection.place]:
 
-            if not conf.technique or ( conf.technique in injection.data ):
+            if not conf.technique or intersect(conf.technique, injection.data):
                 kb.injections.append(injection)
         else:
             warnMsg = "there is an injection in %s parameter '%s' " % (injection.place, injection.parameter)