implemented feature request from Ole Rasmussen regarding table name retrieval speedup

2025-12-06 04:31:30 +00:00 · 2010-04-15 09:36:13 +00:00
parent 1ab78ce60e
commit 17554759b7
3 changed files with 26 additions and 0 deletions
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -114,7 +114,31 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None

    queriesCount = [0]    # As list to deal with nested scoping rules

+    hintlock  = threading.Lock()
+    def tryHint(idx):
+        hintlock.acquire()
+        hintValue = kb.hintValue
+        hintlock.release()
+        if hintValue and len(hintValue) >= idx:
+            if kb.dbms == "SQLite":
+                posValue = hintValue[idx-1]
+            else:
+                posValue = ord(hintValue[idx-1])
+
+            forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, posValue))
+            result        = Request.queryPage(urlencode(forgedPayload))
+            if result:
+                return hintValue[idx-1]
+        hintlock.acquire()
+        kb.hintValue = None
+        hintlock.release()
+        return None
+
    def getChar(idx, asciiTbl=asciiTbl):
+        result = tryHint(idx)
+        if result:
+            return result
+
        maxValue = asciiTbl[len(asciiTbl)-1]
        minValue = 0