Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!

2025-12-06 20:51:31 +00:00 · 2010-11-17 22:00:09 +00:00
parent ca5125bbe0
commit 17486e472a
20 changed files with 77 additions and 78 deletions
--- a/plugins/dbms/access/fingerprint.py
+++ b/plugins/dbms/access/fingerprint.py
@@ -41,7 +41,7 @@ class Fingerprint(GenericFingerprint):
                table = "MSysAccessStorage"
            if table:
                query   = agent.prefixQuery("AND EXISTS(SELECT CURDIR() FROM %s)" % table)
-                query   = agent.postfixQuery(query)
+                query   = agent.suffixQuery(query)
                payload = agent.payload(newValue=query)
                result  = Request.queryPage(payload)
                retVal = "not sandboxed" if result else "sandboxed"
@@ -71,7 +71,7 @@ class Fingerprint(GenericFingerprint):
                    table = table[1:]
                randInt = randomInt()
                query   = agent.prefixQuery("AND EXISTS(SELECT * FROM %s WHERE %d=%d)" % (table, randInt, randInt))
-                query   = agent.postfixQuery(query)
+                query   = agent.suffixQuery(query)
                payload = agent.payload(newValue=query)
                result  = Request.queryPage(payload)
                if result is None:
@@ -95,7 +95,7 @@ class Fingerprint(GenericFingerprint):
        randInt = randomInt()
        randStr = randomStr()
        query   = agent.prefixQuery("AND EXISTS(SELECT * FROM %s.%s WHERE %d=%d)" % (randStr, randStr, randInt, randInt))
-        query   = agent.postfixQuery(query)
+        query   = agent.suffixQuery(query)
        payload = agent.payload(newValue=query)
        page  = Request.queryPage(payload, content=True)