urllib2 doesn't play well with '\n' when non unescaped chars used

2024-11-22 17:46:37 +03:00 · 2010-12-11 21:17:54 +00:00 · 2010-12-11 21:17:54 +00:00 · 6a24048aa6
commit 6a24048aa6
parent e6c66fa37c
2 changed files with 6 additions and 1 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1724,6 +1724,8 @@ def isDBMSVersionAtLeast(version):
                value = float(value.replace("<=", ""))
            elif value.startswith(">"):
                value = float(value.replace("<", "")) - 0.01
+            else:
+                value = float(value)
        retVal = value >= version

    return retVal
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -155,6 +155,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            # Used for gradual expanding into unicode charspace
            shiftTable = [5, 4]

+        if CHAR_INFERENCE_MARK in payload and ord('\n') in charTbl:
+            charTbl.remove(ord('\n'))
+
        if len(charTbl) == 1:
            forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, charTbl[0]))
            queriesCount[0] += 1
@ -216,7 +219,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                            return None
                    else:
                        retVal = minValue + 1
-                        if retVal in originalTbl:
+                        if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload):
                            return chr(retVal) if retVal < 128 else unichr(retVal)
                        else:
                            return None