adding WHERE enum for payloads

lib/techniques/inband/union/test.py

@@ -37,7 +37,7 @@ from lib.parse.html import htmlParser
 from lib.request.comparison import comparison
 from lib.request.connect import Connect as Request
 
-def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=1):
+def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where=PAYLOAD.WHERE.ORIGINAL):
     """
     Finds number of columns affected by UNION based injection
     """
@@ -83,7 +83,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
 
     return retVal
 
-def __unionPosition(comment, place, parameter, value, prefix, suffix, count, where=1):
+def __unionPosition(comment, place, parameter, value, prefix, suffix, count, where=PAYLOAD.WHERE.ORIGINAL):
     validPayload = None
     vector = None
 
@@ -109,7 +109,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
             validPayload = payload
             vector = (position, count, comment, prefix, suffix, conf.uChar, where)
 
-            if where == 1:
+            if where == PAYLOAD.WHERE.ORIGINAL:
                 # Prepare expression with delimiters
                 randQuery2 = randomStr()
                 phrase2 = "%s%s%s" % (kb.misc.start, randQuery2, kb.misc.stop)
@@ -118,14 +118,14 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
 
                 # Confirm that it is a full inband SQL injection
                 query = agent.forgeInbandQuery(randQueryUnescaped, position, count, comment, prefix, suffix, conf.uChar, multipleUnions=randQueryUnescaped2)
-                payload = agent.payload(place=place, parameter=parameter, newValue=query, where=2)
+                payload = agent.payload(place=place, parameter=parameter, newValue=query, where=PAYLOAD.WHERE.NEGATIVE)
 
                 # Perform the request
                 page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
                 content = "%s%s" % (page or "", listToStrValue(headers.headers if headers else None) or "")
 
                 if content and ((phrase in content and phrase2 not in content) or (phrase not in content and phrase2 in content)):
-                    vector = (position, count, comment, prefix, suffix, conf.uChar, 2)
+                    vector = (position, count, comment, prefix, suffix, conf.uChar, PAYLOAD.WHERE.NEGATIVE)
 
             break
 

lib/techniques/inband/union/use.py

@@ -41,7 +41,7 @@ def __oneShotUnionUse(expression, unpack=True, unescape=True):
         expression = unescaper.unescape(expression)
 
     if conf.limitStart or conf.limitStop:
-        where = 2
+        where = PAYLOAD.WHERE.NEGATIVE
     else:
         where = None
 
@@ -129,7 +129,7 @@ def unionUse(expression, unescape=True, unpack=True, dump=False):
     # entry per time
     # NOTE: I assume that only queries that get data from a table can
     # return multiple entries
-    if (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == 2 or \
+    if (kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.NEGATIVE or \
        (dump and (conf.limitStart or conf.limitStop))) and \
        " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \
        not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE \