PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now

Browse Source
This commit is contained in:
Bernardo Damele
2012-03-15 16:25:26 +00:00
parent 0013b0970f
commit 4520744b4d
2 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
lib/controller/checks.py
View File

@@ -322,6 +322,9 @@ def checkSqlInjection(place, parameter, value):
boundPayload = agent.suffixQuery(boundPayload, comment, suffix, where)
cmpPayload = agent.payload(place, parameter, newValue=boundPayload, where=where)
pushValue(kb.negativeLogic)
kb.negativeLogic = "OR NOT" in cmpPayload
return cmpPayload
# Useful to set kb.matchRatio at first based on
@@ -347,6 +350,8 @@ def checkSqlInjection(place, parameter, value):
injectable = True
kb.negativeLogic = popValue()
# In case of error-based SQL injection
elif method == PAYLOAD.METHOD.GREP:
# Perform the test's request and grep the response