sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-12 09:03:12 +03:00
Code Issues Packages Projects Releases Wiki Activity

putting kb.negativeLogic setting to the safe place

Browse Source
This commit is contained in:
Miroslav Stampar 2012-03-16 09:17:11 +00:00
parent 209e795369
commit 577caac4de
3 changed files with 2 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/checks.py
View File

@ -322,9 +322,6 @@ def checkSqlInjection(place, parameter, value):
boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where) boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where) cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
pushValue(kb.negativeLogic)
kb.negativeLogic = "OR NOT" in cmpPayload
return cmpPayload return cmpPayload
# Useful to set kb.matchRatio at first based on # Useful to set kb.matchRatio at first based on
@ -350,8 +347,6 @@ def checkSqlInjection(place, parameter, value):
injectable = True injectable = True
kb.negativeLogic = popValue()
# In case of error-based SQL injection # In case of error-based SQL injection
elif method == PAYLOAD.METHOD.GREP: elif method == PAYLOAD.METHOD.GREP:
# Perform the test's request and grep the response # Perform the test's request and grep the response

2
lib/request/connect.py
View File

@ -505,6 +505,8 @@ class Connect:
string match check ('--string' command line parameter) string match check ('--string' command line parameter)
""" """
kb.negativeLogic = "OR NOT" in (value or "")
if conf.direct: if conf.direct:
return direct(value, content) return direct(value, content)

5
lib/request/inject.py
View File

@ -414,9 +414,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found: if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found:
kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN
pushValue(kb.negativeLogic)
kb.negativeLogic = "OR NOT" in kb.injection.data[kb.technique].vector
if expected == EXPECTED.BOOL: if expected == EXPECTED.BOOL:
value = __goBooleanProxy(booleanExpression) value = __goBooleanProxy(booleanExpression)
else: else:
@ -425,8 +422,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
count += 1 count += 1
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
kb.negativeLogic = popValue()
if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found: if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME):
kb.technique = PAYLOAD.TECHNIQUE.TIME kb.technique = PAYLOAD.TECHNIQUE.TIME