Minor code refactoring and finally make exploitation work also on OR boolean-based injections

2025-12-06 12:41:30 +00:00 · 2010-12-05 11:25:44 +00:00
parent 7a5cd3b35f
commit 41e1b95c6c
3 changed files with 56 additions and 20 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -213,9 +213,7 @@ class Agent:
            payload = payload.replace("[ORIGVALUE]", origvalue)

        if kb.dbms is not None:
-            # NOTE: ugly hack due to queries.xml's <inference> tag
-            # starting with 'AND ' string
-            inferenceQuery = queries[kb.dbms].inference.query[4:]
+            inferenceQuery = queries[kb.dbms].inference.query
            payload = payload.replace("[INFERENCE]", inferenceQuery)

        return payload