Limited custom query now works also on Oracle in inferential blind SQL

injection technique
2025-02-03 05:04:11 +03:00 · 2008-12-23 23:34:50 +00:00 · 2008-12-23 23:34:50 +00:00 · c83593c044
commit c83593c044
parent 24ddbdc89d
1 changed files with 8 additions and 1 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -77,11 +77,18 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
    for field in expressionFieldsList:
        output = None

+        if field.startswith("ROWNUM "):
+            continue
+
        if isinstance(num, int):
            origExpr = expression
            expression = agent.limitQuery(num, expression, field)

-        expressionReplaced = expression.replace(expressionFields, field, 1)
+        if "ROWNUM" in expressionFieldsList:
+            expressionReplaced = expression.replace(expressionFields, field, 1)
+        else:
+            expressionReplaced = expression
+
        output             = resume(expressionReplaced, payload)

        if not output or ( expected == "int" and not output.isdigit() ):