From 9356f8005c53a2f2d267fd3029d3cfe4e2078708 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 21 Oct 2011 21:07:06 +0000 Subject: [PATCH] important bug fix --- lib/techniques/union/test.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 75d47e5ff..54781e0f0 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -117,7 +117,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where min_, max_ = min(min_, ratio), max(max_, ratio) items.append((count, ratio)) - if kb.uChar and kb.uChar != 'NULL': + if kb.uChar and kb.uChar.upper() != 'NULL': for regex in (kb.uChar, r'>\s*%s\s*<' % kb.uChar): contains = [(count, re.search(regex, page or "", re.IGNORECASE) is not None) for count, page in pages.items()] if len(filter(lambda x: x[1], contains)) == 1: @@ -255,7 +255,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix if conf.uColsStop == conf.uColsStart: count = conf.uColsStart else: - count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix, PAYLOAD.WHERE.NEGATIVE if kb.uChar else PAYLOAD.WHERE.ORIGINAL) + count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix, PAYLOAD.WHERE.ORIGINAL if kb.uChar.upper() == "NULL" else PAYLOAD.WHERE.NEGATIVE) if count: if Backend.getIdentifiedDbms() in FROM_TABLE and query.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]):