improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism

2025-12-07 05:01:30 +00:00 · 2012-03-29 14:33:27 +00:00
parent ce4c697bbd
commit 637a8d8273
5 changed files with 23 additions and 16 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -327,6 +327,7 @@ def checkSqlInjection(place, parameter, value):
                            # Useful to set kb.matchRatio at first based on
                            # the False response content
                            kb.matchRatio = None
+                            kb.negativeLogic = (where == PAYLOAD.WHERE.NEGATIVE)
                            Request.queryPage(genCmpPayload(), place, raise404=False)

                            # Perform the test's True request