diff --git a/lib/core/option.py b/lib/core/option.py index 32bf2d690..3c183a69e 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -973,6 +973,7 @@ def __setKnowledgeBaseAttributes(): logger.debug(debugMsg) kb.absFilePaths = set() + kb.assumeBlank = False kb.bannerFp = advancedDict() kb.cache = advancedDict() diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index f02988673..9d6ac3550 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -32,6 +32,7 @@ from lib.core.common import dataToStdout from lib.core.common import getCharset from lib.core.common import goGoodSamaritan from lib.core.common import getPartRun +from lib.core.common import readInput from lib.core.common import replaceNewlineTabs from lib.core.common import safeStringFormat from lib.core.convert import urlencode @@ -289,7 +290,21 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None val = getChar(curidx) if val is None: - raise sqlmapValueException, "failed to get character at index %d (expected %d total)" % (curidx, length) + if not kb.assumeBlank: + iolock.acquire() + warnMsg = "failed to get character at index %d (expected %d total)." % (curidx, length) + logger.warn(warnMsg) + message = "assume blank character? [Y/n/a]" + getOutput = readInput(message, default="Y") + iolock.release() + if getOutput in ("a", "A"): + kb.assumeBlank = True + elif not getOutput or getOutput in ("y", "Y"): + pass # do nothing + else: + raise sqlmapValueException + + val = ' ' else: break