Bug fix for --union-test

2024-11-25 19:13:48 +03:00 · 2010-12-03 14:57:30 +00:00 · 2010-12-03 14:57:30 +00:00 · 126a1479d8
commit 126a1479d8
parent 072835e04b
2 changed files with 9 additions and 4 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -155,12 +155,13 @@ class Agent:
        # payload, do not put a space after the prefix
        if kb.technique == 4:
            query = kb.injection.prefix
-        elif (kb.technique and kb.technique in kb.injection.data) or \
-             (kb.injection.clause == [2, 3] or kb.injection.clause == [ 2 ]):
+        elif kb.technique and kb.technique in kb.injection.data:
            where = kb.injection.data[kb.technique].where

-            if where == 3 or (kb.injection.clause == [2, 3] or \
-               kb.injection.clause == [ 2 ]):
+            if where == 3:
+                query = kb.injection.prefix
+        elif kb.injection.clause == [2, 3] or kb.injection.clause == [ 2 ]:
+            if kb.technique != 3:
                query = kb.injection.prefix

        if query is None:
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@ -129,6 +129,9 @@ def unionTest():
    if kb.unionTest is not None:
        return kb.unionTest

+    oldTechnique = kb.technique
+    kb.technique = 3
+
    if conf.uChar == "NULL":
        technique = "NULL bruteforcing"
    else:
@ -157,5 +160,6 @@ def unionTest():
        infoMsg += "inband sql injection vulnerability "
        infoMsg += "on parameter '%s'" % kb.injection.parameter
        logger.info(infoMsg)
+        kb.technique = oldTechnique

    return kb.unionTest