From b2e7f9484d511efb2d2c8b2d485d575cc791a4ba Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 21 Dec 2010 15:24:14 +0000
Subject: [PATCH] minor tuning (2 techniques MAX per value used)

---
 lib/core/settings.py  |  3 +++
 lib/request/inject.py | 11 ++++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 12f7ea9c6..bfa6827d7 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -52,6 +52,9 @@ CHAR_INFERENCE_MARK = "%c"
 # coefficient used for a time-based query delay checking (must be >= 7)
 TIME_STDEV_COEFF    = 10
 
+# maximum number of techniques used in inject.py/getValue() before deciding 'None' value
+MAX_TECHNIQUES_BEFORE_NONE = 2
+
 # suffix used for naming meta databases in DBMS(es) without explicit database name
 METADB_SUFFIX       = "_masterdb"
 
diff --git a/lib/request/inject.py b/lib/request/inject.py
index 630d28839..74c2ce2ed 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -35,6 +35,7 @@ from lib.core.enums import EXPECTED
 from lib.core.enums import PAYLOAD
 from lib.core.exception import sqlmapNotVulnerableException
 from lib.core.settings import MIN_TIME_RESPONSES
+from lib.core.settings import MAX_TECHNIQUES_BEFORE_NONE
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 from lib.request.direct import direct
@@ -402,6 +403,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
             value = None
             found = False
             query = query.replace("DISTINCT ", "")
+            count = 0
 
             if expected == EXPECTED.BOOL:
                 forgeCaseExpression = booleanExpression = expression
@@ -419,7 +421,8 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
                 else:
                     value = __goInband(query, expected, sort, resumeValue, unpack, dump)
 
-                found = value or (value is None and expectingNone)
+                count += 1
+                found = value or (value is None and expectingNone) or count >= MAX_TECHNIQUES_BEFORE_NONE
 
             oldUnionNegative = kb.unionNegative
             kb.unionNegative = False
@@ -432,7 +435,8 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
                 else:
                     value = __goError(query, resumeValue)
 
-                found = value or (value is None and expectingNone)
+                count += 1
+                found = value or (value is None and expectingNone) or count >= MAX_TECHNIQUES_BEFORE_NONE
 
             if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found:
                 kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN
@@ -442,7 +446,8 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
                 else:
                     value = __goInferenceProxy(query, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
 
-                found = value or (value is None and expectingNone)
+                count += 1
+                found = value or (value is None and expectingNone) or count >= MAX_TECHNIQUES_BEFORE_NONE
 
             if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found:
                 if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME):