From 873951ab920d971cc0329da6a870b66722df95f2 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Tue, 11 Jan 2011 23:59:02 +0000 Subject: [PATCH] Proper fix to avoid UNION test false positives --- lib/techniques/inband/union/test.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py index ca851e3ed..05d44ff3d 100644 --- a/lib/techniques/inband/union/test.py +++ b/lib/techniques/inband/union/test.py @@ -49,7 +49,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, dbms, coun # Perform the request resultPage, _ = Request.queryPage(payload, place=place, content=True) - if resultPage and randQuery in resultPage and query not in resultPage: + if resultPage and randQuery in resultPage and " UNION ALL SELECT " not in resultPage: setUnion(position=exprPosition) validPayload = payload unionVector = agent.forgeInbandQuery("[PAYLOAD]", exprPosition, count=count, comment=comment, prefix=prefix, suffix=suffix)