From daafe9b74a31f80012a4dfc8cca7003696be11df Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Mon, 17 Dec 2018 23:25:23 +0100
Subject: [PATCH] Bug fix (OR boolean based blind caused trouble to UNION with
 negative logic)

---
 lib/core/settings.py         |  2 +-
 lib/techniques/union/test.py | 18 +++++++++++++++++-
 txt/checksum.md5             |  4 ++--
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 0b0edc757..f6f6cdfbd 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS
 
 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.12.29"
+VERSION = "1.2.12.30"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py
index 591fc4f53..6197cce43 100644
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@@ -318,8 +318,24 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
     if conf.direct:
         return
 
+    negativeLogic = kb.negativeLogic
     kb.technique = PAYLOAD.TECHNIQUE.UNION
-    validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
+
+    try:
+        if negativeLogic:
+            pushValue(kb.negativeLogic)
+            pushValue(conf.string)
+            pushValue(conf.code)
+
+            kb.negativeLogic = False
+            conf.string = conf.code = None
+
+        validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
+    finally:
+        if negativeLogic:
+            conf.code = popValue()
+            conf.string = popValue()
+            kb.negativeLogic = popValue()
 
     if validPayload:
         validPayload = agent.removePayloadDelimiters(validPayload)
diff --git a/txt/checksum.md5 b/txt/checksum.md5
index 83ef74664..48d6a68ff 100644
--- a/txt/checksum.md5
+++ b/txt/checksum.md5
@@ -49,7 +49,7 @@ c8c386d644d57c659d74542f5f57f632  lib/core/patch.py
 0c3eef46bdbf87e29a3f95f90240d192  lib/core/replication.py
 a7db43859b61569b601b97f187dd31c5  lib/core/revision.py
 fcb74fcc9577523524659ec49e2e964b  lib/core/session.py
-06d86fa6e0530b5821793d63e8351f0a  lib/core/settings.py
+5192aa6feb4e6d598ec4334c39f9ba2f  lib/core/settings.py
 a971ce157d04de96ba6e710d3d38a9a8  lib/core/shell.py
 a7edc9250d13af36ac0108f259859c19  lib/core/subprocessng.py
 1581be48127a3a7a9fd703359b6e7567  lib/core/target.py
@@ -99,7 +99,7 @@ db208ab47de010836c6bf044e2357861  lib/techniques/blind/inference.py
 686904374067047b521151301321b30a  lib/techniques/error/use.py
 1e5532ede194ac9c083891c2f02bca93  lib/techniques/__init__.py
 1e5532ede194ac9c083891c2f02bca93  lib/techniques/union/__init__.py
-f7813cdee00df8f98d6f811475e520a1  lib/techniques/union/test.py
+7047a66c35ce0c820931fc5bf73008a3  lib/techniques/union/test.py
 1f2ff182a28b2baf9f9fe7477c76618d  lib/techniques/union/use.py
 fd1ede20ec674518a54966eaf0c9f8c6  lib/utils/api.py
 37dfb641358669f62c2acedff241348b  lib/utils/brute.py