From 4a469c3258781caccb5b36fcf56df576368fe274 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sun, 23 Oct 2011 21:12:34 +0000
Subject: [PATCH] minor update

---
 lib/core/common.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/lib/core/common.py b/lib/core/common.py
index 788abbbd5..2dc7d4a00 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -665,12 +665,13 @@ def paramToDict(place, parameters=None):
 
                 if condition:
                     testableParameters[parameter] = "=".join(elem[1:])
-                    if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]:
+                    if testableParameters[parameter].strip(DUMMY_SQL_INJECTION_CHARS) != testableParameters[parameter]\
+                      or re.search(r'\A-[1-9]', testableParameters[parameter]):
                         errMsg = "you have provided tainted parameter values "
                         errMsg += "(%s) with most probably leftover " % element
                         errMsg += "chars from manual sql injection "
-                        errMsg += "tests (%s). " % DUMMY_SQL_INJECTION_CHARS
-                        errMsg += "please, always use only valid parameter values "
+                        errMsg += "tests (%s) or negative numerical value. " % DUMMY_SQL_INJECTION_CHARS
+                        errMsg += "Please, always use only valid parameter values "
                         errMsg += "so sqlmap could be able to do a valid run."
                         raise sqlmapSyntaxException, errMsg
     else: