From c6b9d89d313d3b6051c7e3b6545df7c79d659207 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Thu, 7 Apr 2011 11:10:35 +0000
Subject: [PATCH] Accept [RANDNUM] as <char> in payloads.xml and handle it
 accordingly

---
 lib/controller/checks.py           | 3 +++
 lib/techniques/inband/union/use.py | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/lib/controller/checks.py b/lib/controller/checks.py
index 7ca2410dc..ce051c52f 100644
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -94,6 +94,9 @@ def checkSqlInjection(place, parameter, value):
                 if "[CHAR]" in title:
                     title = title.replace("[CHAR]", conf.uChar)
 
+                if "[RANDNUM]" in title:
+                    title = title.replace("[RANDNUM]", "random number")
+
             # Skip test if the user's wants to test only for a specific
             # technique
             if conf.tech and isinstance(conf.tech, list) and stype not in conf.tech:
diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py
index 6b752b881..ea63403d4 100644
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@@ -74,7 +74,7 @@ def __oneShotUnionUse(expression, unpack=True):
 
 def configUnion(char=None, columns=None):
     def __configUnionChar(char):
-        if char.isdigit() or char == "NULL":
+        if char.isdigit() or char == "NULL" or char.startswith("[RANDNUM"):
             conf.uChar = char
         elif not char.startswith("'") or not char.endswith("'"):
             conf.uChar = "'%s'" % char