changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm)

2025-12-06 12:41:30 +00:00 · 2010-05-12 11:30:32 +00:00
parent 8b74c405f5
commit 893bc04fe4
4 changed files with 27 additions and 7 deletions
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -158,18 +158,30 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                posValueOld = posValue
                posValue = chr(posValue)

-            forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
+            if not conf.useBetween:
+                forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
+            else:
+                forgedPayload = safeStringFormat(payload.replace('%3E', 'BETWEEN 0 AND '), (expressionUnescaped, idx, posValue))
+
            result        = Request.queryPage(urlencode(forgedPayload))

            if kb.dbms == "SQLite":
                posValue = posValueOld

-            if result:
-                minValue = posValue
-                asciiTbl = asciiTbl[position:]
-            else:
-                maxValue = posValue
-                asciiTbl = asciiTbl[:position]
+            if not conf.useBetween:     #normal
+                if result:
+                    minValue = posValue
+                    asciiTbl = asciiTbl[position:]
+                else:
+                    maxValue = posValue
+                    asciiTbl = asciiTbl[:position]
+            else:                       #reversed
+                if result:
+                    maxValue = posValue
+                    asciiTbl = asciiTbl[:position]
+                else:
+                    minValue = posValue
+                    asciiTbl = asciiTbl[position:]

            if len(asciiTbl) == 1:
                if maxValue == 1: