From 7304971544dff36577c5e1627291dd2fb646c308 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 29 Nov 2012 11:43:49 +0100 Subject: [PATCH] Patch for ORDER BY test on MsSQL on cases with 'The text, ntext, and image data types cannot be compared or sorted, except when using IS NULL or LIKE operator' --- lib/techniques/union/test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index e32c06217..e23c04f86 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -53,7 +53,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where query = agent.suffixQuery(query, suffix=suffix, comment=comment) payload = agent.payload(newValue=query, place=place, parameter=parameter, where=where) page, headers = Request.queryPage(payload, place=place, content=True, raise404=False) - return not re.search(r"(warning|error|order by|failed)", page or "", re.I) and comparison(page, headers) + return not re.search(r"(warning|error|order by|failed)", page or "", re.I) and comparison(page, headers) or re.search(r"data types cannot be compared or sorted", page or "", re.I) if __orderByTest(1) and not __orderByTest(randomInt()): infoMsg = "ORDER BY technique seems to be usable. "