Patch for an Issue #403

2024-11-25 11:03:47 +03:00 · 2013-03-05 18:32:31 +01:00 · 2013-03-05 18:32:31 +01:00 · e9b86350f1
commit e9b86350f1
parent 7190205a46
1 changed files with 6 additions and 12 deletions
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -484,13 +484,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                        # One-shot query containing equals commonValue
                        testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False)

-                        if timeBasedCompare:
-                            query = kb.injection.data[kb.technique].vector
-                            query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (expressionUnescaped, testValue)))
-                        else:
-                            query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (expressionUnescaped, testValue)))
-
+                        query = kb.injection.data[kb.technique].vector
+                        query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (expressionUnescaped, testValue)))
                        query = agent.suffixQuery(query)
+
                        result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
                        incrementCounter(kb.technique)

@ -511,13 +508,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                        subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
                        testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False)

-                        if timeBasedCompare:
-                            query = kb.injection.data[kb.technique].vector
-                            query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (subquery, testValue)))
-                        else:
-                            query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (subquery, testValue)))
-
+                        query = kb.injection.data[kb.technique].vector
+                        query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (subquery, testValue)))
                        query = agent.suffixQuery(query)
+
                        result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
                        incrementCounter(kb.technique)