sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 01:26:42 +03:00
Code Issues Packages Projects Releases Wiki Activity

adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical

Browse Source
This commit is contained in:
Miroslav Stampar 2012-04-25 20:29:07 +00:00
parent 4da03d898e
commit 6f67dc85ee
5 changed files with 38 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/controller/checks.py
View File

@ -302,10 +302,12 @@ def checkSqlInjection(place, parameter, value):
# Use different page template than the original
# one as we are changing parameters value, which
# will likely result in a different content
if not conf.logicalNegate:
origValue = "-%s" % randomInt()
else:
if conf.invalidLogical:
origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt())
elif conf.invalidBignum:
origValue = "%d.%d" % (randomInt(6), randomInt(1))
else:
origValue = "-%s" % randomInt()
templatePayload = agent.payload(place, parameter, newValue=origValue, where=where)
elif where == PAYLOAD.WHERE.REPLACE:
origValue = ""

12
lib/core/agent.py
View File

@ -87,15 +87,17 @@ class Agent:
if where == PAYLOAD.WHERE.ORIGINAL:
value = origValue
elif where == PAYLOAD.WHERE.NEGATIVE:
if not conf.logicalNegate:
if conf.invalidLogical:
match = re.search(r'\A[^ ]+', newValue)
newValue = newValue[len(match.group() if match else ""):]
value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", randomInt(2), randomInt(2))
elif conf.invalidBignum:
value = "%d.%d" % (randomInt(6), randomInt(1))
else:
if newValue.startswith("-"):
value = ""
else:
value = "-%s" % randomInt()
else:
match = re.search(r'\A[^ ]+', newValue)
newValue = newValue[len(match.group() if match else ""):]
value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", randomInt(2), randomInt(2))
elif where == PAYLOAD.WHERE.REPLACE:
value = ""
else:

3
lib/core/optiondict.py
View File

@ -63,9 +63,10 @@ optDict = {
"testParameter": "string",
"dbms": "string",
"os": "string",
"invalidBignum": "boolean",
"invalidLogical": "boolean",
"prefix": "string",
"suffix": "string",
"logicalNegate": "boolean",
"skip": "string",
"tamper": "string"
},

20
lib/parse/cmdline.py
View File

@ -190,20 +190,24 @@ def cmdLineParser():
help="Force back-end DBMS operating system "
"to this value")
injection.add_option("--invalid-bignum", dest="invalidBignum",
action="store_true",
help="Use big numbers for invalidating values")
injection.add_option("--invalid-logical", dest="invalidLogical",
action="store_true",
help="Use logical operations for invalidating values")
injection.add_option("--no-cast", dest="noCast",
action="store_true",
help="Turn off payload casting mechanism")
injection.add_option("--prefix", dest="prefix",
help="Injection payload prefix string")
injection.add_option("--suffix", dest="suffix",
help="Injection payload suffix string")
injection.add_option("--logical-negate", dest="logicalNegate",
action="store_true",
help="Use logic operation(s) for negating values")
injection.add_option("--no-cast", dest="noCast",
action="store_true",
help="Turn off payload casting mechanism")
injection.add_option("--skip", dest="skip",
help="Skip testing for given parameter(s)")

20
sqlmap.conf
View File

@ -191,20 +191,24 @@ dbms =
# Valid: linux, windows
os =
# Use big numbers for invalidating values.
# Valid: True or False
invalidBignum = False
# Use logical operations for invalidating values.
# Valid: True or False
invalidLogical = False
# Turn off payload casting mechanism
# Valid: True or False
noCast = False
# Injection payload prefix string.
prefix =
# Injection payload suffix string.
suffix =
# Use logic operation(s) for negating values.
# Valid: True or False
logicalNegate = False
# Turn off payload casting mechanism
# Valid: True or False
noCast = False
# Skip testing for given parameter(s).
skip =