removed --useBetween switch and added new tampering module ./tamper/between.py

2025-12-06 12:41:30 +00:00 · 2010-10-15 23:48:07 +00:00
parent 1ae4d0fc2a
commit 1336b97c2c
4 changed files with 54 additions and 9 deletions
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -169,10 +169,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                posValueOld = posValue
                posValue = chr(posValue) if posValue < 128 else unichr(posValue)

-            if not conf.useBetween or kb.dbms == "SQLite":
-                forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
-            else:
-                forgedPayload = safeStringFormat(payload.replace('%3E', 'NOT BETWEEN 0 AND'), (expressionUnescaped, idx, posValue))
+            forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))

            queriesCount[0] += 1
            result = Request.queryPage(urlencode(forgedPayload))