fuck yea, first tests (MySQL/--tables & --common-prediction) are great :)

lib/core/common.py

@@ -1281,7 +1281,7 @@ def getCompiledRegex(regex, args=()):
 
 #dumper.dbTableValues(conf.dbmsHandler.dumpTable()) -> dumpTable
 def getPartRun():
-    commonPartsDict = { "dumpTable":"Tables", "getColumns":"Columns", "getUsers":"Users", "getBanner":"Banners" }
+    commonPartsDict = { "getTables":"Tables", "getColumns":"Columns", "getUsers":"Users", "getBanner":"Banners" }
     retVal = None
     stack = [item[4][0] if isinstance(item[4], list) else '' for item in inspect.stack()]
     reobj = getCompiledRegex('conf\.dbmsHandler\.([^(]+)\(\)')

lib/techniques/blind/inference.py

@@ -379,11 +379,15 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                 if singleValue is None:
                     val = getChar(index, predictedCharset, False) if predictedCharset else None
                 else:
-                    query = agent.prefixQuery(" %s" % safeStringFormat('AND (%s) = \'%s\'', (expressionUnescaped, singleValue)))
+                    query = agent.prefixQuery(" %s" % safeStringFormat('AND (%s) = %s', (expressionUnescaped, unescaper.unescape('\'%s\'' % singleValue))))
                     query = agent.postfixQuery(query)
-                    payload = agent.payload(newValue=query)
-                    result = Request.queryPage(urlencode(payload))
+                    result = Request.queryPage(urlencode(agent.payload(newValue=query)))
                     if result:
+                        dataToSessionFile(replaceNewlineTabs(singleValue[index-1:]))
+                        if showEta:
+                            etaProgressUpdate(time.time() - charStart, lastChar + 1)
+                        elif conf.verbose >= 1:
+                            dataToStdout(singleValue[index-1:])
                         finalValue = singleValue
                         break
                 if not val:

txt/common-outputs.txt

@@ -1,5 +1,18 @@
 [Tables]
-users
-
-[Users]
-'root'@'127.0.0.1'
+CHARACTER_SETS
+COLLATION_CHARACTER_SET_APPLICABILITY
+COLLATIONS
+COLUMN_PRIVILEGES
+COLUMNS
+KEY_COLUMN_USAGE
+PROFILING
+ROUTINES
+SCHEMA_PRIVILEGES
+SCHEMATA
+STATISTICS
+TABLE_CONSTRAINTS
+TABLE_PRIVILEGES
+TABLES
+TRIGGERS
+USER_PRIVILEGES
+VIEWS