there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)

2024-11-22 17:46:37 +03:00 · 2011-02-07 16:55:02 +00:00 · 2011-02-07 16:55:02 +00:00 · f958b21613
commit f958b21613
parent 771020abd6
1 changed files with 1 additions and 1 deletions
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@ -101,7 +101,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
    # For each column of the table (# of NULL) perform a request using
    # the UNION ALL SELECT statement to test it the target url is
    # affected by an exploitable inband SQL injection vulnerability
-    for position in range(0, count):
+    for position in range(count-1, 0, -1):
        # Prepare expression with delimiters
        randQuery = randomStr()
        phrase = "%s%s%s" % (kb.misc.start, randQuery, kb.misc.stop)