making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection

2024-11-22 09:36:35 +03:00 · 2012-03-30 10:50:01 +00:00 · 2012-03-30 10:50:01 +00:00 · 56638f9e95
commit 56638f9e95
parent 79c3d6f2aa
5 changed files with 16 additions and 11 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -285,7 +285,7 @@ def checkSqlInjection(place, parameter, value):
                        # Use different page template than the original
                        # one as we are changing parameters value, which
                        # will likely result in a different content
-                        if not conf.logicNegative:
+                        if not conf.logicalNegate:
                            origValue = "-%s" % randomInt()
                        else:
                            origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt())
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -87,7 +87,7 @@ class Agent:
            if where == PAYLOAD.WHERE.ORIGINAL:
                value = origValue
            elif where == PAYLOAD.WHERE.NEGATIVE:
-                if not conf.logicNegative:
+                if not conf.logicalNegate:
                    if newValue.startswith("-"):
                        value = ""
                    else:
--- a/lib/core/optiondict.py
+++ b/lib/core/optiondict.py
@ -65,7 +65,7 @@ optDict = {
                               "os":                "string",
                               "prefix":            "string",
                               "suffix":            "string",
-                               "logicNegative":     "boolean",
+                               "logicalNegate":     "boolean",
                               "skip":              "string",
                               "tamper":            "string"
                             },
--- a/lib/parse/cmdline.py
+++ b/lib/parse/cmdline.py
@ -196,12 +196,16 @@ def cmdLineParser():
        injection.add_option("--suffix", dest="suffix",
                             help="Injection payload suffix string")

-        injection.add_option("--logic-negative", dest="logicNegative",
+        injection.add_option("--logical-negate", dest="logicalNegate",
                             action="store_true",
-                             help="Use logic operation(s) instead of negating values")
+                             help="Use logic operation(s) for negating values")
+
+        injection.add_option("--no-cast", dest="noCast",
+                             action="store_true",
+                             help="Turn off payload casting mechanism")

        injection.add_option("--skip", dest="skip",
-                           help="Skip testing for given parameter(s)")
+                             help="Skip testing for given parameter(s)")

        injection.add_option("--tamper", dest="tamper",
                             help="Use given script(s) for tampering injection data")
@ -622,9 +626,6 @@ def cmdLineParser():
        parser.add_option("--group-concat", dest="groupConcat", action="store_true",
                           help=SUPPRESS_HELP)

-        parser.add_option("--no-cast", dest="noCast", action="store_true",
-                           help=SUPPRESS_HELP)
-
        parser.add_option("--test-filter", dest="testFilter",
                           help=SUPPRESS_HELP)

--- a/sqlmap.conf
+++ b/sqlmap.conf
@ -197,9 +197,13 @@ prefix =
 # Injection payload suffix string.
 suffix = 

-# Use logic operation(s) instead of negating values.
+# Use logic operation(s) for negating values.
 # Valid: True or False
-logicNegative = False
+logicalNegate = False
+
+# Turn off payload casting mechanism
+# Valid: True or False
+noCast = False

 # Skip testing for given parameter(s).
 skip =