From 25a507328121e6a12eed84de2c3bad4f801ba91d Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Sun, 28 Oct 2012 12:22:33 +0100 Subject: [PATCH] Bug fix for --hex/--technique=B (especially MsSQL) --- lib/core/common.py | 2 ++ lib/request/inject.py | 3 +++ lib/techniques/blind/inference.py | 2 +- 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/lib/core/common.py b/lib/core/common.py index e564bea90..76739e67d 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -1260,7 +1260,9 @@ def getCharset(charsetType=None): asciiTbl.extend([0, 1]) asciiTbl.extend(xrange(47, 58)) asciiTbl.extend(xrange(64, 71)) + asciiTbl.extend([87, 88]) # X asciiTbl.extend(xrange(96, 103)) + asciiTbl.extend([119, 120]) # x # Characters elif charsetType == CHARSET_TYPE.ALPHA: diff --git a/lib/request/inject.py b/lib/request/inject.py index ea843b821..2f740b07d 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -366,6 +366,9 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser affected parameter. """ + if conf.hexConvert: + charsetType = CHARSET_TYPE.HEXADECIMAL + kb.safeCharEncode = safeCharEncode kb.resumeValues = resumeValue diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 86c3ea1a9..6cd242f7b 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -308,7 +308,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None dbgMsg = "turning back on time auto-adjustment mechanism" logger.debug(dbgMsg) kb.adjustTimeDelay = ADJUST_TIME_DELAY.YES - + return decodeIntToUnicode(retVal) else: return None