more changes

2026-01-08 23:59:06 +00:00 · 2010-10-07 15:34:17 +00:00
parent 440ff639bb
commit 18d27cabc5
5 changed files with 25 additions and 20 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -54,6 +54,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
      * Double quoted string injection
    """

+    logic = conf.logic
    randInt = randomInt()
    randStr = randomStr()
    prefix = ""
@@ -73,7 +74,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
        if not prefix and not postfix and case.name == "custom":
            continue

-        infoMsg  = "testing %s injection " % case.desc
+        infoMsg  = "testing %s (%s) injection " % (case.desc, logic)
        infoMsg += "on %s parameter '%s'" % (place, parameter)
        logger.info(infoMsg)

@@ -86,7 +87,7 @@ def checkSqlInjection(place, parameter, value, parenthesis):
            falseResult = Request.queryPage(payload, place)

            if not falseResult:
-                infoMsg  = "%s parameter '%s' is %s injectable " % (place, parameter, case.desc)
+                infoMsg  = "%s parameter '%s' is %s (%s) injectable " % (place, parameter, case.desc, logic)
                infoMsg += "with %d parenthesis" % parenthesis
                logger.info(infoMsg)
                return case.name
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -143,6 +143,7 @@ class Agent:
        if conf.direct:
            return self.payloadDirect(string)

+        logic = conf.logic
        query = str()
        case = getInjectionCase(kb.injType)

@@ -172,6 +173,7 @@ class Agent:
        if conf.direct:
            return self.payloadDirect(string)

+        logic = conf.logic
        case = getInjectionCase(kb.injType)

        if case is None:
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -955,6 +955,7 @@ def __setConfAttributes():
    conf.httpHeaders      = []
    conf.hostname         = None
    conf.loggedToOut      = None
+    conf.logic            = "AND"
    conf.matchRatio       = None
    conf.md5hash          = None
    conf.multipleTargets  = False
--- a/lib/utils/parenthesis.py
+++ b/lib/utils/parenthesis.py
@@ -42,6 +42,7 @@ def checkForParenthesis():
    logMsg = "testing for parenthesis on injectable parameter"
    logger.info(logMsg)

+    logic = conf.logic
    count = 0
    case = getInjectionCase(kb.injType)