From e9b86350f10166e217e2fa9f67a5f9aff8de3f6c Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Tue, 5 Mar 2013 18:32:31 +0100
Subject: [PATCH] Patch for an Issue #403

---
 lib/techniques/blind/inference.py | 18 ++++++------------
 1 file changed, 6 insertions(+), 12 deletions(-)

diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
index 458bf75da..2deef1599 100644
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -484,13 +484,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                         # One-shot query containing equals commonValue
                         testValue = unescaper.escape("'%s'" % commonValue) if "'" not in commonValue else unescaper.escape("%s" % commonValue, quote=False)
 
-                        if timeBasedCompare:
-                            query = kb.injection.data[kb.technique].vector
-                            query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (expressionUnescaped, testValue)))
-                        else:
-                            query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (expressionUnescaped, testValue)))
-
+                        query = kb.injection.data[kb.technique].vector
+                        query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (expressionUnescaped, testValue)))
                         query = agent.suffixQuery(query)
+
                         result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
                         incrementCounter(kb.technique)
 
@@ -511,13 +508,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                         subquery = queries[Backend.getIdentifiedDbms()].substring.query % (expressionUnescaped, 1, len(commonPattern))
                         testValue = unescaper.escape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.escape("%s" % commonPattern, quote=False)
 
-                        if timeBasedCompare:
-                            query = kb.injection.data[kb.technique].vector
-                            query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (subquery, testValue)))
-                        else:
-                            query = agent.prefixQuery(safeStringFormat("AND (%s)=%s", (subquery, testValue)))
-
+                        query = kb.injection.data[kb.technique].vector
+                        query = agent.prefixQuery(query.replace("[INFERENCE]", "(%s)=%s" % (subquery, testValue)))
                         query = agent.suffixQuery(query)
+
                         result = Request.queryPage(agent.payload(newValue=query), timeBasedCompare=timeBasedCompare, raise404=False)
                         incrementCounter(kb.technique)