From 295a7a8e5e1ea656ea41a324be278d5ee37837d1 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 11 Jul 2012 16:14:20 +0200 Subject: [PATCH] Another update for Issue #80 --- lib/techniques/union/test.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 0c2b93299..b6e0c6d17 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -34,6 +34,7 @@ from lib.core.settings import MIN_RATIO from lib.core.settings import MAX_RATIO from lib.core.settings import MIN_STATISTICAL_RANGE from lib.core.settings import MIN_UNION_RESPONSES +from lib.core.settings import NULL from lib.core.settings import ORDER_BY_STEP from lib.core.unescaper import unescaper from lib.request.comparison import comparison @@ -255,7 +256,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix warnMsg = "if UNION based SQL injection is not detected, " warnMsg += "please consider " - if not conf.uChar and count > 1: + if not conf.uChar and count > 1 and kb.uChar == NULL: message = "injection not exploitable with NULL values. Do you want to try with a random integer value for option '--union-char'? [Y/n] " test = readInput(message, default="Y") if test[0] not in ("y", "Y"):