Adding a switch --invalid-string

stamparm · stamparm · commit f97fcb7bb388 · 2014-01-23T21:56:06.000+01:00
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -329,11 +329,14 @@ def checkSqlInjection(place, parameter, value):
                         # one as we are changing parameters value, which
                         # will likely result in a different content
                         kb.data.setdefault("randomInt", str(randomInt(10)))
+                        kb.data.setdefault("randomStr", str(randomStr(10)))
                         if conf.invalidLogical:
                             _ = int(kb.data.randomInt[:2])
                             origValue = "%s AND %s=%s" % (value, _, _ + 1)
                         elif conf.invalidBignum:
                             origValue = kb.data.randomInt[:6]
+                        elif conf.invalidString:
+                            origValue = kb.data.randomStr[:6]
                         else:
                             origValue = "-%s" % kb.data.randomInt[:4]
                         templatePayload = agent.payload(place, parameter, value="", newValue=origValue, where=where)
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -122,6 +122,8 @@ def payload(self, place=None, parameter=None, value=None, newValue=None, where=N
                     value = "%s%s AND %s=%s" % (origValue, match.group() if match else "", _, _ + 1)
                 elif conf.invalidBignum:
                     value = randomInt(6)
+                elif conf.invalidString:
+                    value = randomStr(6)
                 else:
                     if newValue.startswith("-"):
                         value = ""
diff --git a/lib/core/optiondict.py b/lib/core/optiondict.py
@@ -72,6 +72,7 @@
                                "os":                "string",
                                "invalidBignum":     "boolean",
                                "invalidLogical":    "boolean",
+                               "invalidString":     "boolean",
                                "noCast":            "boolean",
                                "noEscape":          "boolean",
                                "prefix":            "string",
diff --git a/lib/parse/cmdline.py b/lib/parse/cmdline.py
@@ -239,6 +239,10 @@ def cmdLineParser():
                              action="store_true",
                              help="Use logical operations for invalidating values")
 
+        injection.add_option("--invalid-string", dest="invalidString",
+                             action="store_true",
+                             help="Use random strings for invalidating values")
+
         injection.add_option("--no-cast", dest="noCast",
                              action="store_true",
                              help="Turn off payload casting mechanism")
diff --git a/sqlmap.conf b/sqlmap.conf
@@ -233,6 +233,10 @@ invalidBignum = False
 # Valid: True or False
 invalidLogical = False
 
+# Use random strings for invalidating values.
+# Valid: True or False
+invalidString = False
+
 # Turn off payload casting mechanism
 # Valid: True or False
 noCast = False
