From 8d0c2efbe29ae370798d9d7856c8b95cf5001183 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 24 Jan 2011 12:00:16 +0000 Subject: [PATCH] unescaping of char marked payloads --- lib/techniques/blind/inference.py | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index bc7757c26..a448b123f 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -183,7 +183,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if CHAR_INFERENCE_MARK not in payload: forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue)) else: - forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else decodeIntToUnicode(posValue)) + # e.g.: ... > '%c' -> ... > ORD(..) + markingValue = "'%s'" % CHAR_INFERENCE_MARK + unescapedCharValue = unescaper.unescape(markingValue % chr(posValue) if posValue < 128 else decodeIntToUnicode(posValue)) + forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue) queriesCount[0] += 1 result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)