From 953b5815d86ff73bd98d509034fcb3dc3af4e85b Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 31 Jul 2013 21:15:03 +0200
Subject: [PATCH] Implementation for an Issue #496

---
 lib/core/option.py          |  1 +
 lib/request/inject.py       | 12 ++++++++++++
 lib/techniques/union/use.py |  3 ++-
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/lib/core/option.py b/lib/core/option.py
index a9648bde9..32c5d9f9f 100644
--- a/lib/core/option.py
+++ b/lib/core/option.py
@@ -1601,6 +1601,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.errorIsNone = True
     kb.fileReadMode = False
     kb.forcedDbms = None
+    kb.forcePartialUnion = False
     kb.headersFp = {}
     kb.heuristicDbms = None
     kb.heuristicMode = False
diff --git a/lib/request/inject.py b/lib/request/inject.py
index b3cfcfdd3..320780d22 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -361,6 +361,18 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
                     count += 1
                     found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
 
+                    if not found and not expected and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL:
+                        warnMsg = "something went wrong with full UNION "
+                        warnMsg += "technique (most probably because of "
+                        warnMsg += "limitation on retrieved number of entries). "
+                        warnMsg += "Falling back to partial UNION technique"
+                        singleTimeWarnMessage(warnMsg)
+
+                        kb.forcePartialUnion = True
+                        value = _goUnion(query, unpack, dump)
+                        found = (value is not None) or (value is None and expectingNone)
+                        kb.forcePartialUnion = False
+
                 if error and any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) and not found:
                     kb.technique = PAYLOAD.TECHNIQUE.ERROR if isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) else PAYLOAD.TECHNIQUE.QUERY
                     value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump)
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
index 55ed7d412..bab4823ed 100644
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@@ -184,7 +184,8 @@ def unionUse(expression, unpack=True, dump=False):
        " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \
        not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE \
        and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \
-       and not re.search(SQL_SCALAR_REGEX, expression, re.I):
+       and not re.search(SQL_SCALAR_REGEX, expression, re.I)\
+       or kb.forcePartialUnion:
         expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump)
 
         if limitCond: