Bug fix (OR boolean based blind caused trouble to UNION with negative logic)

2026-01-05 14:19:01 +00:00 · 2018-12-17 23:25:23 +01:00
parent 9727f0d691
commit daafe9b74a
3 changed files with 20 additions and 4 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME
 from lib.core.enums import OS

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.2.12.29"
+VERSION = "1.2.12.30"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
--- a/lib/techniques/union/test.py
+++ b/lib/techniques/union/test.py
@@ -318,8 +318,24 @@ def unionTest(comment, place, parameter, value, prefix, suffix):
    if conf.direct:
        return

+    negativeLogic = kb.negativeLogic
    kb.technique = PAYLOAD.TECHNIQUE.UNION
-    validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
+
+    try:
+        if negativeLogic:
+            pushValue(kb.negativeLogic)
+            pushValue(conf.string)
+            pushValue(conf.code)
+
+            kb.negativeLogic = False
+            conf.string = conf.code = None
+
+        validPayload, vector = _unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix)
+    finally:
+        if negativeLogic:
+            conf.code = popValue()
+            conf.string = popValue()
+            kb.negativeLogic = popValue()

    if validPayload:
        validPayload = agent.removePayloadDelimiters(validPayload)