From 577caac4de27cde5beff68d58b1a00fd3d90f5dd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Fri, 16 Mar 2012 09:17:11 +0000
Subject: [PATCH] putting kb.negativeLogic setting to the safe place

---
 lib/controller/checks.py | 5 -----
 lib/request/connect.py   | 2 ++
 lib/request/inject.py    | 5 -----
 3 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index b1e7aa116..cfdacdd2d 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -322,9 +322,6 @@ def checkSqlInjection(place, parameter, value):
                                 boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
                                 cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
 
-                                pushValue(kb.negativeLogic)
-                                kb.negativeLogic = "OR NOT" in cmpPayload
-
                                 return cmpPayload
 
                             # Useful to set kb.matchRatio at first based on
@@ -350,8 +347,6 @@ def checkSqlInjection(place, parameter, value):
 
                                     injectable = True
 
-                            kb.negativeLogic = popValue()
-
                         # In case of error-based SQL injection
                         elif method == PAYLOAD.METHOD.GREP:
                             # Perform the test's request and grep the response
diff --git a/lib/request/connect.py b/lib/request/connect.py
index 064ea2b9b..9fdd23711 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -505,6 +505,8 @@ class Connect:
         string match check ('--string' command line parameter)
         """
 
+        kb.negativeLogic = "OR NOT" in (value or "")
+
         if conf.direct:
             return direct(value, content)
 
diff --git a/lib/request/inject.py b/lib/request/inject.py
index 83f8bf9e1..c376866d8 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -414,9 +414,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
             if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found:
                 kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN
 
-                pushValue(kb.negativeLogic)
-                kb.negativeLogic = "OR NOT" in kb.injection.data[kb.technique].vector
-
                 if expected == EXPECTED.BOOL:
                     value = __goBooleanProxy(booleanExpression)
                 else:
@@ -425,8 +422,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
                 count += 1
                 found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
 
-                kb.negativeLogic = popValue()
-
             if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found:
                 if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME):
                     kb.technique = PAYLOAD.TECHNIQUE.TIME