added switch --logic-negative

stamparm · stamparm · commit 20ae1c2187dd · 2011-10-24T00:40:06.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -289,7 +289,10 @@ def checkSqlInjection(place, parameter, value):
                         # Use different page template than the original
                         # one as we are changing parameters value, which
                         # will likely result in a different content
-                        origValue = "-%s" % randomInt()
+                        if not conf.logicNegative:
+                            origValue = "-%s" % randomInt()
+                        else:
+                            origValue = "%s AND %s=%s" % (origValue, randomInt(), randomInt())
                         templatePayload = agent.payload(place, parameter, newValue=origValue, where=where)
                     elif where == PAYLOAD.WHERE.REPLACE:
                         origValue = ""
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -88,10 +88,13 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
             if where == PAYLOAD.WHERE.ORIGINAL:
                 value = origValue
             elif where == PAYLOAD.WHERE.NEGATIVE:
-                if newValue.startswith("-"):
-                    value = ""
+                if not conf.logicNegative:
+                    if newValue.startswith("-"):
+                        value = ""
+                    else:
+                        value = "-%s" % randomInt()
                 else:
-                    value = "-%s" % randomInt()
+                    value = "%s AND %s=%s" % (origValue, randomInt(2), randomInt(2))
             elif where == PAYLOAD.WHERE.REPLACE:
                 value = ""
             else:
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -184,6 +184,10 @@ def cmdLineParser():
         injection.add_option("--suffix", dest="suffix",
                              help="Injection payload suffix string")
 
+        injection.add_option("--logic-negative", dest="logicNegative",
+                             action="store_true",
+                             help="Use logic operation(s) instead of negating values")
+
         injection.add_option("--skip", dest="skip",
                            help="Skip testing for given parameter(s)")
 
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -185,6 +185,10 @@ prefix =
 # Injection payload suffix string
 suffix = 
 
+# Use logic operation(s) instead of negating values
+# Valid: True or False
+logicNegative = False
+
 # Skip testing for given parameter(s)
 skip =
 
