From e5f54644f07eeb4c7404f9be586baf3643918b4f Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Thu, 3 Feb 2011 16:59:49 +0000
Subject: [PATCH] minor "statistical" update

---
 lib/core/settings.py                | 3 +++
 lib/techniques/inband/union/test.py | 5 +++++
 2 files changed, 8 insertions(+)

diff --git a/lib/core/settings.py b/lib/core/settings.py
index 7a5680843..f5c6fc526 100644
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -232,3 +232,6 @@ SENSITIVE_DATA_REGEX = "\s(?P<result>[^\s]*%s[^\s]*)\s"
 
 # Maximum number of threads (avoiding connection issues and/or DoS)
 MAX_NUMBER_OF_THREADS = 10
+
+# Minimum range between minimum and maximum of statistical set
+MIN_STATISTICAL_RANGE = 0.01
diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py
index 7011a7b5c..ca2a27c48 100644
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@@ -31,6 +31,7 @@ from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
 from lib.core.settings import FROM_TABLE
 from lib.core.settings import UNION_STDEV_COEFF
+from lib.core.settings import MIN_STATISTICAL_RANGE
 from lib.core.settings import MIN_UNION_RESPONSES
 from lib.core.unescaper import unescaper
 from lib.parse.html import htmlParser
@@ -65,6 +66,10 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
     ratios.pop(ratios.index(max_))
 
     deviation = stdev(ratios)
+
+    if abs(max_ - min_) < MIN_STATISTICAL_RANGE:
+        return None
+
     lower, upper = average(ratios) - UNION_STDEV_COEFF * deviation, average(ratios) + UNION_STDEV_COEFF * deviation
 
     minItem, maxItem = None, None