Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!

2025-12-06 20:51:31 +00:00 · 2010-11-17 22:00:09 +00:00
parent ca5125bbe0
commit 17486e472a
20 changed files with 77 additions and 78 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -99,7 +99,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
    """

    query          = agent.prefixQuery(queries[kb.misc.testedDbms].inference.query)
-    query          = agent.postfixQuery(query)
+    query          = agent.suffixQuery(query)
    payload        = agent.payload(newValue=query)
    count          = None
    startLimit     = 0
@@ -398,7 +398,7 @@ def goStacked(expression, silent=False):

    comment = queries[kb.dbms].comment.query
    query   = agent.prefixQuery("; %s" % expression)
-    query   = agent.postfixQuery("%s;%s" % (query, comment))
+    query   = agent.suffixQuery("%s;%s" % (query, comment))

    debugMsg = "query: %s" % query
    logger.debug(debugMsg)