From d96723a135e48fa426237ba97c177786cff37a44 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 13 May 2010 11:17:24 +0000 Subject: [PATCH] fix for Feature #157 --- lib/techniques/blind/inference.py | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index e29c19a82..53120cfff 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -161,27 +161,19 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None if not conf.useBetween or kb.dbms == "SQLite": forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue)) else: - forgedPayload = safeStringFormat(payload.replace('%3E', 'BETWEEN 0 AND'), (expressionUnescaped, idx, posValue)) + forgedPayload = safeStringFormat(payload.replace('%3E', 'NOT BETWEEN 0 AND'), (expressionUnescaped, idx, posValue)) result = Request.queryPage(urlencode(forgedPayload)) if kb.dbms == "SQLite": posValue = posValueOld - if not conf.useBetween or kb.dbms == "SQLite": #normal - if result: - minValue = posValue - asciiTbl = asciiTbl[position:] - else: - maxValue = posValue - asciiTbl = asciiTbl[:position] - else: #reversed - if result: - maxValue = posValue - asciiTbl = asciiTbl[:position] - else: - minValue = posValue - asciiTbl = asciiTbl[position:] + if result: + minValue = posValue + asciiTbl = asciiTbl[position:] + else: + maxValue = posValue + asciiTbl = asciiTbl[:position] if len(asciiTbl) == 1: if maxValue == 1: