adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical

2026-01-21 13:49:04 +00:00 · 2012-04-25 20:29:07 +00:00
parent 4da03d898e
commit 6f67dc85ee
5 changed files with 38 additions and 25 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -302,10 +302,12 @@ def checkSqlInjection(place, parameter, value):
                        # Use different page template than the original
                        # one as we are changing parameters value, which
                        # will likely result in a different content
-                        if not conf.logicalNegate:
-                            origValue = "-%s" % randomInt()
-                        else:
+                        if conf.invalidLogical:
                            origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt())
+                        elif conf.invalidBignum:
+                            origValue = "%d.%d" % (randomInt(6), randomInt(1))
+                        else:
+                            origValue = "-%s" % randomInt()
                        templatePayload = agent.payload(place, parameter, newValue=origValue, where=where)
                    elif where == PAYLOAD.WHERE.REPLACE:
                        origValue = ""