Implementation for an Issue #496

2025-01-23 15:54:24 +03:00 · 2013-07-31 21:15:03 +02:00 · 2013-07-31 21:15:03 +02:00 · 953b5815d8
commit 953b5815d8
parent 6b826ef64d
3 changed files with 15 additions and 1 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1601,6 +1601,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
    kb.errorIsNone = True
    kb.fileReadMode = False
    kb.forcedDbms = None
+    kb.forcePartialUnion = False
    kb.headersFp = {}
    kb.heuristicDbms = None
    kb.heuristicMode = False
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -361,6 +361,18 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
                    count += 1
                    found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE

+                    if not found and not expected and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL:
+                        warnMsg = "something went wrong with full UNION "
+                        warnMsg += "technique (most probably because of "
+                        warnMsg += "limitation on retrieved number of entries). "
+                        warnMsg += "Falling back to partial UNION technique"
+                        singleTimeWarnMessage(warnMsg)
+
+                        kb.forcePartialUnion = True
+                        value = _goUnion(query, unpack, dump)
+                        found = (value is not None) or (value is None and expectingNone)
+                        kb.forcePartialUnion = False
+
                if error and any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) and not found:
                    kb.technique = PAYLOAD.TECHNIQUE.ERROR if isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) else PAYLOAD.TECHNIQUE.QUERY
                    value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump)
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@ -184,7 +184,8 @@ def unionUse(expression, unpack=True, dump=False):
       " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \
       not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE \
       and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \
-       and not re.search(SQL_SCALAR_REGEX, expression, re.I):
+       and not re.search(SQL_SCALAR_REGEX, expression, re.I)\
+       or kb.forcePartialUnion:
        expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump)

        if limitCond: