Fix for an Issue #804

lib/techniques/blind/inference.py

@@ -225,7 +225,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
             if charTbl is None:
                 charTbl = type(asciiTbl)(asciiTbl)
 
-            originalTbl = type(asciiTbl)(charTbl)
+            originalTbl = type(charTbl)(charTbl)
 
             if continuousOrder and shiftTable is None:
                 # Used for gradual expanding into unicode charspace
@@ -344,10 +344,13 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                         if minValue == maxChar or maxValue == minChar:
                             return None
 
-                        # If we are working with non-continuous elements, set
+                        for index in xrange(len(originalTbl)):
-                        # both minValue and character afterwards are possible
+                            if originalTbl[index] == minValue:
-                        # candidates
+                                break
-                        for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]):
+
+                        # If we are working with non-continuous elements, both minValue and character after
+                        # are possible candidates
+                        for retVal in (originalTbl[index], originalTbl[index + 1]):
                             forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_EQUALS_CHAR), (expressionUnescaped, idx, retVal))
                             result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
                             incrementCounter(kb.technique)