sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical

Browse Source
This commit is contained in:
Miroslav Stampar 2012-04-25 20:29:07 +00:00
parent 4da03d898e
commit 6f67dc85ee
5 changed files with 38 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/controller/checks.py
View File

@ -302,10 +302,12 @@ def checkSqlInjection(place, parameter, value):
# Use different page template than the original # Use different page template than the original
# one as we are changing parameters value, which # one as we are changing parameters value, which
# will likely result in a different content # will likely result in a different content
if not conf.logicalNegate: if conf.invalidLogical:
origValue = "-%s" % randomInt()
else:
origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt()) origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt())
elif conf.invalidBignum:
origValue = "%d.%d" % (randomInt(6), randomInt(1))
else:
origValue = "-%s" % randomInt()
templatePayload = agent.payload(place, parameter, newValue=origValue, where=where) templatePayload = agent.payload(place, parameter, newValue=origValue, where=where)
elif where == PAYLOAD.WHERE.REPLACE: elif where == PAYLOAD.WHERE.REPLACE:
origValue = "" origValue = ""

12
lib/core/agent.py
View File

@ -87,15 +87,17 @@ class Agent:
if where == PAYLOAD.WHERE.ORIGINAL: if where == PAYLOAD.WHERE.ORIGINAL:
value = origValue value = origValue
elif where == PAYLOAD.WHERE.NEGATIVE: elif where == PAYLOAD.WHERE.NEGATIVE:
if not conf.logicalNegate: if conf.invalidLogical:
match = re.search(r'\A[^ ]+', newValue)
newValue = newValue[len(match.group() if match else ""):]
value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", randomInt(2), randomInt(2))
elif conf.invalidBignum:
value = "%d.%d" % (randomInt(6), randomInt(1))
else:
if newValue.startswith("-"): if newValue.startswith("-"):
value = "" value = ""
else: else:
value = "-%s" % randomInt() value = "-%s" % randomInt()
else:
match = re.search(r'\A[^ ]+', newValue)
newValue = newValue[len(match.group() if match else ""):]
value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", randomInt(2), randomInt(2))
elif where == PAYLOAD.WHERE.REPLACE: elif where == PAYLOAD.WHERE.REPLACE:
value = "" value = ""
else: else:

3
lib/core/optiondict.py
View File

@ -63,9 +63,10 @@ optDict = {
"testParameter": "string", "testParameter": "string",
"dbms": "string", "dbms": "string",
"os": "string", "os": "string",
"invalidBignum": "boolean",
"invalidLogical": "boolean",
"prefix": "string", "prefix": "string",
"suffix": "string", "suffix": "string",
"logicalNegate": "boolean",
"skip": "string", "skip": "string",
"tamper": "string" "tamper": "string"
}, },

20
lib/parse/cmdline.py
View File

@ -190,20 +190,24 @@ def cmdLineParser():
help="Force back-end DBMS operating system " help="Force back-end DBMS operating system "
"to this value") "to this value")
injection.add_option("--invalid-bignum", dest="invalidBignum",
action="store_true",
help="Use big numbers for invalidating values")
injection.add_option("--invalid-logical", dest="invalidLogical",
action="store_true",
help="Use logical operations for invalidating values")
injection.add_option("--no-cast", dest="noCast",
action="store_true",
help="Turn off payload casting mechanism")
injection.add_option("--prefix", dest="prefix", injection.add_option("--prefix", dest="prefix",
help="Injection payload prefix string") help="Injection payload prefix string")
injection.add_option("--suffix", dest="suffix", injection.add_option("--suffix", dest="suffix",
help="Injection payload suffix string") help="Injection payload suffix string")
injection.add_option("--logical-negate", dest="logicalNegate",
action="store_true",
help="Use logic operation(s) for negating values")
injection.add_option("--no-cast", dest="noCast",
action="store_true",
help="Turn off payload casting mechanism")
injection.add_option("--skip", dest="skip", injection.add_option("--skip", dest="skip",
help="Skip testing for given parameter(s)") help="Skip testing for given parameter(s)")

20
sqlmap.conf
View File

@ -191,20 +191,24 @@ dbms =
# Valid: linux, windows # Valid: linux, windows
os = os =
# Use big numbers for invalidating values.
# Valid: True or False
invalidBignum = False
# Use logical operations for invalidating values.
# Valid: True or False
invalidLogical = False
# Turn off payload casting mechanism
# Valid: True or False
noCast = False
# Injection payload prefix string. # Injection payload prefix string.
prefix = prefix =
# Injection payload suffix string. # Injection payload suffix string.
suffix = suffix =
# Use logic operation(s) for negating values.
# Valid: True or False
logicalNegate = False
# Turn off payload casting mechanism
# Valid: True or False
noCast = False
# Skip testing for given parameter(s). # Skip testing for given parameter(s).
skip = skip =