mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-03-03 11:45:46 +03:00
second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now
This commit is contained in:
parent
0013b0970f
commit
4520744b4d
|
@ -322,6 +322,9 @@ def checkSqlInjection(place, parameter, value):
|
|||
boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
|
||||
cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
|
||||
|
||||
pushValue(kb.negativeLogic)
|
||||
kb.negativeLogic = "OR NOT" in cmpPayload
|
||||
|
||||
return cmpPayload
|
||||
|
||||
# Useful to set kb.matchRatio at first based on
|
||||
|
@ -347,6 +350,8 @@ def checkSqlInjection(place, parameter, value):
|
|||
|
||||
injectable = True
|
||||
|
||||
kb.negativeLogic = popValue()
|
||||
|
||||
# In case of error-based SQL injection
|
||||
elif method == PAYLOAD.METHOD.GREP:
|
||||
# Perform the test's request and grep the response
|
||||
|
|
|
@ -36,7 +36,7 @@ def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
|
|||
seqMatcher.set_seq1(kb.pageTemplate)
|
||||
|
||||
def _(condition):
|
||||
#condition = not condition if kb.negativeLogic else condition
|
||||
condition = not condition if kb.negativeLogic else condition
|
||||
return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
|
||||
|
||||
if any([conf.string, conf.regexp]):
|
||||
|
|
Loading…
Reference in New Issue
Block a user