putting kb.negativeLogic setting to the safe place

2025-02-16 19:40:37 +03:00 · 2012-03-16 09:17:11 +00:00 · 2012-03-16 09:17:11 +00:00 · 577caac4de
commit 577caac4de
parent 209e795369
3 changed files with 2 additions and 10 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -322,9 +322,6 @@ def checkSqlInjection(place, parameter, value):
                                boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
                                cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)

-                                pushValue(kb.negativeLogic)
-                                kb.negativeLogic = "OR NOT" in cmpPayload
-
                                return cmpPayload

                            # Useful to set kb.matchRatio at first based on
@ -350,8 +347,6 @@ def checkSqlInjection(place, parameter, value):

                                    injectable = True

-                            kb.negativeLogic = popValue()
-
                        # In case of error-based SQL injection
                        elif method == PAYLOAD.METHOD.GREP:
                            # Perform the test's request and grep the response
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -505,6 +505,8 @@ class Connect:
        string match check ('--string' command line parameter)
        """

+        kb.negativeLogic = "OR NOT" in (value or "")
+
        if conf.direct:
            return direct(value, content)

--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -414,9 +414,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
            if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found:
                kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN

-                pushValue(kb.negativeLogic)
-                kb.negativeLogic = "OR NOT" in kb.injection.data[kb.technique].vector
-
                if expected == EXPECTED.BOOL:
                    value = __goBooleanProxy(booleanExpression)
                else:
@ -425,8 +422,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
                count += 1
                found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE

-                kb.negativeLogic = popValue()
-
            if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found:
                if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME):
                    kb.technique = PAYLOAD.TECHNIQUE.TIME