From 272476773f872426b843a330ca18cad4eb99df37 Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Sat, 25 Dec 2010 09:37:33 +0000
Subject: [PATCH] getPageTextWordsSet on tableExists is pretty powerful stuff

---
 lib/techniques/brute/use.py | 11 +++++++++++
 xml/queries.xml             |  2 +-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py
index 0acbe7ca3..d912d20ca 100644
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@@ -13,6 +13,7 @@ import time
 from lib.core.common import clearConsoleLine
 from lib.core.common import dataToStdout
 from lib.core.common import getFileItems
+from lib.core.common import getPageTextWordsSet
 from lib.core.common import popValue
 from lib.core.common import pushValue
 from lib.core.common import randomInt
@@ -21,14 +22,24 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapMissingMandatoryOptionException
+from lib.core.exception import sqlmapThreadException
 from lib.core.settings import METADB_SUFFIX
 from lib.request import inject
 
 def tableExists(tableFile):
     tables = getFileItems(tableFile)
+    tableSet = set(tables)
     retVal = []
     infoMsg = "checking table existence using items from '%s'" % tableFile
     logger.info(infoMsg)
+    
+    infoMsg = "adding words used on web page to check list"
+    logger.info(infoMsg)
+    pageWords = getPageTextWordsSet(kb.originalPage)
+    for word in pageWords:
+        word = word.lower()
+        if len(word) > 1 and not word[0].isdigit() and word not in tableSet:
+            tables.append(word)
 
     count = [0]
     length = len(tables)
diff --git a/xml/queries.xml b/xml/queries.xml
index d6fe60a20..1bea7c0f2 100644
--- a/xml/queries.xml
+++ b/xml/queries.xml
@@ -359,7 +359,7 @@
         <tables/>
         <dump_table>
             <inband query="SELECT %s FROM %s"/>
-            <blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT %s FROM %s WHERE %s = '%s'" count="SELECT COUNT(*) FROM %s"/>
+            <blind query="SELECT MIN(%s) FROM %s WHERE CVAR(%s) > '%s'" query2="SELECT TOP 1 %s FROM %s WHERE %s LIKE '%s'" count="SELECT COUNT(*) FROM %s"/>
         </dump_table>
    </dbms>