Fixed a bug reported by Bedirhan Urgun <bedirhanurgun@gmail.com>

2024-11-22 09:36:35 +03:00 · 2008-10-16 14:01:14 +00:00 · 2008-10-16 14:01:14 +00:00 · d664f0387e
commit d664f0387e
parent 962d63eff5
2 changed files with 6 additions and 3 deletions
--- a/lib/parse/configfile.py
+++ b/lib/parse/configfile.py
@ -25,7 +25,7 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA


 from ConfigParser import NoSectionError
-from ConfigParser import SafeConfigParser
+from ConfigParser import ConfigParser

 from lib.core.common import checkFile
 from lib.core.data import conf
@ -76,7 +76,7 @@ def configFileParser(configFile):
    logger.debug(debugMsg)

    checkFile(configFile)
-    config = SafeConfigParser()
+    config = ConfigParser()
    config.read(configFile)

    if not config.has_section("Request"):
--- a/lib/techniques/inference/blind.py
+++ b/lib/techniques/inference/blind.py
@ -92,7 +92,10 @@ def bisection(payload, expression, length=None):
            queriesCount[0] += 1
            limit = ((maxValue + minValue) / 2)

-            forgedPayload = payload % (expressionUnescaped, idx, limit)
+            # TODO: find a cleaner way to do this
+            forgedPayload = payload.replace("%", "%%", 1) % (expressionUnescaped, idx, limit)
+            forgedPayload = forgedPayload.replace("%%", "%")
+
            result = Request.queryPage(forgedPayload)

            if result == kb.defaultResult: