diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index d12f4313f..63064dac1 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -327,6 +327,7 @@ def checkSqlInjection(place, parameter, value):
# Useful to set kb.matchRatio at first based on
# the False response content
kb.matchRatio = None
+ kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE)
Request.queryPage(genCmpPayload(), place, raise404=False)
# Perform the test's True request
diff --git a/lib/core/common.py b/lib/core/common.py
index bc6fe2a72..c7ee9bbcf 100644
--- a/lib/core/common.py
+++ b/lib/core/common.py
@@ -2386,6 +2386,7 @@ def initTechnique(technique=None):
if data:
kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)
kb.matchRatio = data.matchRatio
+ kb.negativeLogic = (technique == PAYLOAD.TECHNIQUE.BOOLEAN) and (data.where == PAYLOAD.WHERE.NEGATIVE)
# Restoring stored conf options
for key, value in kb.injection.conf.items():
diff --git a/lib/request/comparison.py b/lib/request/comparison.py
index 82599f0cb..925955512 100644
--- a/lib/request/comparison.py
+++ b/lib/request/comparison.py
@@ -29,12 +29,19 @@ from lib.core.settings import UPPER_RATIO_BOUND
from lib.core.threads import getCurrentThreadData
def comparison(page, headers, code=None, getRatioValue=False, pageLength=None):
- #return _checkNegativeLogic(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
- return _comparison(page, headers, code, getRatioValue, pageLength)
+ return _adjust(_comparison(page, headers, code, getRatioValue, pageLength), getRatioValue)
-def _checkNegativeLogic(condition, getRatioValue):
- condition = not (condition or False) if kb.negativeLogic else condition
- return condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
+def _adjust(condition, getRatioValue):
+ # Negative logic approach is used in raw page comparison scheme as that what is "different" than original
+ # PAYLOAD.WHERE.NEGATIVE response is considered as True; in switch based approach negative logic is not
+ # applied as that is by the user considered as True is that what is returned by the comparison mechanism
+ # itself
+ if not any([conf.string, conf.regexp, conf.code]):
+ retVal = not (condition or False) if kb.negativeLogic else condition
+ else:
+ retVal = condition if not getRatioValue else (MAX_RATIO if condition else MIN_RATIO)
+
+ return retVal
def _comparison(page, headers, code, getRatioValue, pageLength):
if page is None and pageLength is None:
diff --git a/lib/request/connect.py b/lib/request/connect.py
index d0c21fe4f..a43501a14 100644
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@@ -502,8 +502,6 @@ class Connect:
string match check ('--string' command line parameter)
"""
- kb.negativeLogic = "OR NOT" in (value or "")
-
if conf.direct:
return direct(value, content)
diff --git a/xml/payloads.xml b/xml/payloads.xml
index 2d33495b5..13ea53a0c 100644
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@@ -615,12 +615,12 @@ Formats:
3
1
2
- OR NOT ([INFERENCE])
+ OR ([INFERENCE])
- OR NOT ([RANDNUM]=[RANDNUM])
+ OR ([RANDNUM]=[RANDNUM])
- OR NOT ([RANDNUM]=[RANDNUM1])
+ OR ([RANDNUM]=[RANDNUM1])
@@ -631,13 +631,13 @@ Formats:
3
1
2
- OR NOT ([INFERENCE])
+ OR ([INFERENCE])
- OR NOT ([RANDNUM]=[RANDNUM])
+ OR ([RANDNUM]=[RANDNUM])
#
- OR NOT ([RANDNUM]=[RANDNUM1])
+ OR ([RANDNUM]=[RANDNUM1])
MySQL
@@ -651,13 +651,13 @@ Formats:
3
1
2
- OR NOT ([INFERENCE])
+ OR ([INFERENCE])
- OR NOT ([RANDNUM]=[RANDNUM])
+ OR ([RANDNUM]=[RANDNUM])
--
- OR NOT ([RANDNUM]=[RANDNUM1])
+ OR ([RANDNUM]=[RANDNUM1])