diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index a56a4ece1..406b00672 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -225,7 +225,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if charTbl is None: charTbl = type(asciiTbl)(asciiTbl) - originalTbl = type(asciiTbl)(charTbl) + originalTbl = type(charTbl)(charTbl) if continuousOrder and shiftTable is None: # Used for gradual expanding into unicode charspace @@ -344,10 +344,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if minValue == maxChar or maxValue == minChar: return None - # If we are working with non-continuous elements, set - # both minValue and character afterwards are possible - # candidates - for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]): + for index in xrange(len(originalTbl)): + if originalTbl[index] == minValue: + break + + # If we are working with non-continuous elements, both minValue and character after + # are possible candidates + for retVal in (originalTbl[index], originalTbl[index + 1]): forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, retVal)) result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False) incrementCounter(kb.technique)