Adding new payload (HAVING boolean-based blind)

2025-12-07 13:11:29 +00:00 · 2018-06-05 00:59:47 +02:00
parent a399b65033
commit 25369ca591
4 changed files with 26 additions and 9 deletions
--- a/plugins/dbms/oracle/fingerprint.py
+++ b/plugins/dbms/oracle/fingerprint.py
@@ -68,23 +68,23 @@ class Fingerprint(GenericFingerprint):
        infoMsg = "testing %s" % DBMS.ORACLE
        logger.info(infoMsg)

-        # NOTE: SELECT ROWNUM=ROWNUM FROM DUAL does not work connecting
-        # directly to the Oracle database
+        # NOTE: SELECT LENGTH(SYSDATE)=LENGTH(SYSDATE) FROM DUAL does
+        # not work connecting directly to the Oracle database
        if conf.direct:
            result = True
        else:
-            result = inject.checkBooleanExpression("ROWNUM=ROWNUM")
+            result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)")

        if result:
            infoMsg = "confirming %s" % DBMS.ORACLE
            logger.info(infoMsg)

-            # NOTE: SELECT LENGTH(SYSDATE)=LENGTH(SYSDATE) FROM DUAL does
+            # NOTE: SELECT NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1]) FROM DUAL does
            # not work connecting directly to the Oracle database
            if conf.direct:
                result = True
            else:
-                result = inject.checkBooleanExpression("LENGTH(SYSDATE)=LENGTH(SYSDATE)")
+                result = inject.checkBooleanExpression("NVL(RAWTOHEX([RANDNUM1]),[RANDNUM1])=RAWTOHEX([RANDNUM1])")

            if not result:
                warnMsg = "the back-end DBMS is not %s" % DBMS.ORACLE