diff --git a/lib/core/agent.py b/lib/core/agent.py index 4b0a7fc7d..b3eba4508 100644 --- a/lib/core/agent.py +++ b/lib/core/agent.py @@ -576,7 +576,7 @@ class Agent: intoRegExp = intoRegExp.group(1) query = query[:query.index(intoRegExp)] - if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and inbandQuery.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): + if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and inbandQuery.endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]): inbandQuery = inbandQuery[:-len(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()])] for element in xrange(0, count): @@ -747,7 +747,7 @@ class Agent: if Backend.getIdentifiedDbms() is not None and hasattr(queries[Backend.getIdentifiedDbms()], "case"): caseExpression = queries[Backend.getIdentifiedDbms()].case.query % expression - if "(IIF" not in caseExpression and Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not caseExpression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): + if "(IIF" not in caseExpression and Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not caseExpression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]): caseExpression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()] return caseExpression diff --git a/lib/request/inject.py b/lib/request/inject.py index 53f992c03..c666ec022 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -159,7 +159,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r # NOTE: I assume that only queries that get data from a table # can return multiple entries if fromUser and " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \ - not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not \ + not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and not \ expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \ and not re.search(SQL_SCALAR_REGEX, expression, re.I): @@ -215,7 +215,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r stopLimit += startLimit if not stopLimit or stopLimit <= 1: - if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): + if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]): test = False else: test = True diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py index 041641c44..132747b68 100644 --- a/lib/techniques/union/test.py +++ b/lib/techniques/union/test.py @@ -257,7 +257,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix count = __findUnionCharCount(comment, place, parameter, value, prefix, suffix, PAYLOAD.WHERE.ORIGINAL if isNullValue(kb.uChar) else PAYLOAD.WHERE.NEGATIVE) if count: - if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and query.endswith(FROM_TABLE[Backend.getIdentifiedDbms()]): + if Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and query.endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]): query = query[:-len(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()])] if count: diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index e19d96931..b0bc38733 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -165,7 +165,7 @@ def unionUse(expression, unpack=True, dump=False): if (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or \ (dump and (conf.limitStart or conf.limitStop))) and \ " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \ - not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE \ + not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE \ and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \ and not re.search(SQL_SCALAR_REGEX, expression, re.I):