few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)

lib/request/inject.py

@@ -21,6 +21,7 @@ from lib.core.common import getPublicTypeMembers
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
 from lib.core.common import initTechnique
+from lib.core.common import isNoneValue
 from lib.core.common import isNumPosStrValue
 from lib.core.common import isTechniqueAvailable
 from lib.core.common import parseUnionPage
@@ -66,18 +67,19 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
     if value is None:
         timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
 
-        if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not timeBasedCompare:
-            _, length, _ = queryOutputLength(expression, payload)
-        else:
-            length = None
+        if not (timeBasedCompare and kb.dnsTest):
+            if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not timeBasedCompare:
+                _, length, _ = queryOutputLength(expression, payload)
+            else:
+                length = None
 
-        kb.inferenceMode = True
-        count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)
-        kb.inferenceMode = False
+            kb.inferenceMode = True
+            count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar, dump)
+            kb.inferenceMode = False
 
-        if not kb.bruteMode:
-            debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
-            logger.debug(debugMsg)
+            if not kb.bruteMode:
+                debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
+                logger.debug(debugMsg)
 
     return value
 
@@ -317,9 +319,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, u
         expression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]
 
     outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
-    returnValue = ", ".join(output for output in outputs)
 
-    return returnValue
+    return ", ".join(output for output in outputs) if not isNoneValue(outputs) else None
 
 def __goBooleanProxy(expression):
     """

lib/techniques/dns/use.py

@@ -20,6 +20,8 @@ from lib.core.common import extractRegexResult
 from lib.core.common import getSPQLSnippet
 from lib.core.common import hashDBRetrieve
 from lib.core.common import hashDBWrite
+from lib.core.common import popValue
+from lib.core.common import pushValue
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.common import safecharencode
@@ -70,6 +72,9 @@ def dnsUse(payload, expression):
                 expressionRequest = getSPQLSnippet(Backend.getIdentifiedDbms(), "dns_request", PREFIX=prefix, QUERY=expressionReplaced, SUFFIX=suffix, DOMAIN=conf.dName)
                 expressionUnescaped = unescaper.unescape(expressionRequest)
 
+                pushValue(conf.timeSec)
+                conf.timeSec = 0
+
                 if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.PGSQL):
                     comment = queries[Backend.getIdentifiedDbms()].comment.query
                     query = agent.prefixQuery("; %s" % expressionUnescaped)
@@ -77,8 +82,9 @@ def dnsUse(payload, expression):
                     forgedPayload = agent.payload(newValue=query)
                 else:
                     forgedPayload = safeStringFormat(payload, (expressionUnescaped, randomInt(1), randomInt(3)))
-    
+
                 Request.queryPage(forgedPayload, content=False, noteResponseTime=False, raise404=False)
+                conf.timeSec = popValue()
 
                 _ = conf.dnsServer.pop(prefix, suffix)