diff --git a/lib/core/agent.py b/lib/core/agent.py index 6f0ec0fa4..07c793dd9 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -314,20 +314,23 @@ class Agent: @rtype: C{str} """ - rootQuery = queries[Backend.getIdentifiedDbms()] + nulledCastedField = field - if field.startswith("(CASE") or field.startswith("(IIF") or\ - conf.noCast or Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3'): - nulledCastedField = field - else: - nulledCastedField = rootQuery.cast.query % field - if Backend.isDbms(DBMS.ACCESS): - nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField) + if field: + rootQuery = queries[Backend.getIdentifiedDbms()] + + if field.startswith("(CASE") or field.startswith("(IIF") or\ + conf.noCast or Backend.isDbms(DBMS.SQLITE) and not isDBMSVersionAtLeast('3'): + nulledCastedField = field else: - nulledCastedField = rootQuery.isnull.query % nulledCastedField + nulledCastedField = rootQuery.cast.query % field + if Backend.isDbms(DBMS.ACCESS): + nulledCastedField = rootQuery.isnull.query % (nulledCastedField, nulledCastedField) + else: + nulledCastedField = rootQuery.isnull.query % nulledCastedField - if conf.hexConvert: - nulledCastedField = self.hexConvertField(nulledCastedField) + if conf.hexConvert: + nulledCastedField = self.hexConvertField(nulledCastedField) return nulledCastedField diff --git a/lib/request/inject.py b/lib/request/inject.py index fe7c3d1e5..dd6390843 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -66,7 +66,7 @@ def __goDns(payload, expression): return value -def __goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False): +def __goInference(payload, expression, charsetType=None, firstChar=None, lastChar=None, dump=False, field=None): start = time.time() value = None count = 0 @@ -80,7 +80,12 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha if not (timeBasedCompare and kb.dnsTest): if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not timeBasedCompare: - length = queryOutputLength(expression, payload) + if field: + nulledCastedField = agent.nullAndCastField(field) + injExpression = expression.replace(field, nulledCastedField, 1) + else: + injExpression = expression + length = queryOutputLength(injExpression, payload) else: length = None @@ -113,7 +118,7 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl else: expressionReplaced = expression.replace(expressionFields, field, 1) - output = __goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump) + output = __goInference(payload, expressionReplaced, charsetType, firstChar, lastChar, dump, field) if isinstance(num, int): expression = origExpr