second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now

2025-03-14 15:14:31 +03:00 · 2012-03-15 16:25:26 +00:00 · 2012-03-15 16:25:26 +00:00 · 4520744b4d
commit 4520744b4d
parent 0013b0970f
2 changed files with 6 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -322,6 +322,9 @@ def checkSqlInjection(place, parameter, value):
                                boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
                                cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)

+                                pushValue(kb.negativeLogic)
+                                kb.negativeLogic = "OR NOT" in cmpPayload
+
                                return cmpPayload

                            # Useful to set kb.matchRatio at first based on
@ -347,6 +350,8 @@ def checkSqlInjection(place, parameter, value):

                                    injectable = True

+                            kb.negativeLogic = popValue()
+
                        # In case of error-based SQL injection
                        elif method == PAYLOAD.METHOD.GREP:
                            # Perform the test's request and grep the response
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@ -36,7 +36,7 @@ def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
    seqMatcher.set_seq1(kb.pageTemplate)

    def _(condition):
-        #condition = not condition if kb.negativeLogic else condition
+        condition = not condition if kb.negativeLogic else condition
        return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)

    if any([conf.string, conf.regexp]):