minor update

2024-11-25 19:13:48 +03:00 · 2010-10-23 08:05:24 +00:00 · 2010-10-23 08:05:24 +00:00 · 98f5586b87
commit 98f5586b87
parent f8850e3f41
2 changed files with 9 additions and 5 deletions
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -17,6 +17,8 @@ from lib.core.common import dataToStdout
 from lib.core.common import getCharset
 from lib.core.common import goGoodSamaritan
 from lib.core.common import getPartRun
+from lib.core.common import popValue
+from lib.core.common import pushValue
 from lib.core.common import readInput
 from lib.core.common import replaceNewlineTabs
 from lib.core.common import safeStringFormat
@ -113,7 +115,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
        hintlock.release()

        if hintValue is not None and len(hintValue) >= idx:
-            if kb.dbms == "SQLite":
+            if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
                posValue = hintValue[idx-1]
            else:
                posValue = ord(hintValue[idx-1])
@ -165,8 +167,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            position = (len(charTbl) >> 1)
            posValue = charTbl[position]

-            if kb.dbms == "SQLite":
-                posValueOld = posValue
+            if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
+                pushValue(posValue)
                posValue = chr(posValue) if posValue < 128 else unichr(posValue)

            forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
@ -174,8 +176,8 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            queriesCount[0] += 1
            result = Request.queryPage(urlencode(forgedPayload))

-            if kb.dbms == "SQLite":
-                posValue = posValueOld
+            if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"):
+                posValue = popValue()

            if result:
                minValue = posValue
--- a/xml/queries.xml
+++ b/xml/queries.xml
@ -354,6 +354,7 @@
        <timedelay/>
        <substring query="MID((%s), %d, %d)"/>
        <case query="IIF(%s,1,0)"/>
+        <inference query="AND MID((%s), %d, 1) > '%s'"/>
        <banner/>
        <current_user query="SELECT CURRENTUSER()"/>
        <current_db/>
@ -429,6 +430,7 @@
        <current_db query="SELECT DATABASE() FROM DUAL"/>
        <order query="ORDER BY %s ASC"/>
        <case query="SELECT (CASE WHEN (%s) THEN 1 ELSE 0 END)"/>
+        <inference query="AND SUBSTR((%s), %d, 1) > '%s'"/>
        <delimiter query=","/>
        <substring query="SUBSTR((%s), %d, %d)"/>
   </dbms>