From f958b2161337ca51184dba967bc66c5d060de616 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 7 Feb 2011 16:55:02 +0000 Subject: [PATCH] there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) --- lib/techniques/inband/union/test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py index df9b05abd..e1269997c 100644 --- a/lib/techniques/inband/union/test.py +++ b/lib/techniques/inband/union/test.py @@ -101,7 +101,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe # For each column of the table (# of NULL) perform a request using # the UNION ALL SELECT statement to test it the target url is # affected by an exploitable inband SQL injection vulnerability - for position in range(0, count): + for position in range(count-1, 0, -1): # Prepare expression with delimiters randQuery = randomStr() phrase = "%s%s%s" % (kb.misc.start, randQuery, kb.misc.stop)