sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection

Browse Source
This commit is contained in:
Miroslav Stampar 2012-03-30 10:50:01 +00:00
parent 79c3d6f2aa
commit 56638f9e95
5 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/controller/checks.py
View File

@ -285,7 +285,7 @@ def checkSqlInjection(place, parameter, value):
# Use different page template than the original # Use different page template than the original
# one as we are changing parameters value, which # one as we are changing parameters value, which
# will likely result in a different content # will likely result in a different content
if not conf.logicNegative: if not conf.logicalNegate:
origValue = "-%s" % randomInt() origValue = "-%s" % randomInt()
else: else:
origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt()) origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt())

2
lib/core/agent.py
View File

@ -87,7 +87,7 @@ class Agent:
if where == PAYLOAD.WHERE.ORIGINAL: if where == PAYLOAD.WHERE.ORIGINAL:
value = origValue value = origValue
elif where == PAYLOAD.WHERE.NEGATIVE: elif where == PAYLOAD.WHERE.NEGATIVE:
if not conf.logicNegative: if not conf.logicalNegate:
if newValue.startswith("-"): if newValue.startswith("-"):
value = "" value = ""
else: else:

2
lib/core/optiondict.py
View File

@ -65,7 +65,7 @@ optDict = {
"os": "string", "os": "string",
"prefix": "string", "prefix": "string",
"suffix": "string", "suffix": "string",
"logicNegative": "boolean", "logicalNegate": "boolean",
"skip": "string", "skip": "string",
"tamper": "string" "tamper": "string"
}, },

13
lib/parse/cmdline.py
View File

@ -196,12 +196,16 @@ def cmdLineParser():
injection.add_option("--suffix", dest="suffix", injection.add_option("--suffix", dest="suffix",
help="Injection payload suffix string") help="Injection payload suffix string")
injection.add_option("--logic-negative", dest="logicNegative", injection.add_option("--logical-negate", dest="logicalNegate",
action="store_true", action="store_true",
help="Use logic operation(s) instead of negating values") help="Use logic operation(s) for negating values")
injection.add_option("--no-cast", dest="noCast",
action="store_true",
help="Turn off payload casting mechanism")
injection.add_option("--skip", dest="skip", injection.add_option("--skip", dest="skip",
help="Skip testing for given parameter(s)") help="Skip testing for given parameter(s)")
injection.add_option("--tamper", dest="tamper", injection.add_option("--tamper", dest="tamper",
help="Use given script(s) for tampering injection data") help="Use given script(s) for tampering injection data")
@ -622,9 +626,6 @@ def cmdLineParser():
parser.add_option("--group-concat", dest="groupConcat", action="store_true", parser.add_option("--group-concat", dest="groupConcat", action="store_true",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)
parser.add_option("--no-cast", dest="noCast", action="store_true",
help=SUPPRESS_HELP)
parser.add_option("--test-filter", dest="testFilter", parser.add_option("--test-filter", dest="testFilter",
help=SUPPRESS_HELP) help=SUPPRESS_HELP)

8
sqlmap.conf
View File

@ -197,9 +197,13 @@ prefix =
# Injection payload suffix string. # Injection payload suffix string.
suffix = suffix =
# Use logic operation(s) instead of negating values. # Use logic operation(s) for negating values.
# Valid: True or False # Valid: True or False
logicNegative = False logicalNegate = False
# Turn off payload casting mechanism
# Valid: True or False
noCast = False
# Skip testing for given parameter(s). # Skip testing for given parameter(s).
skip = skip =