Implementation for an Issue #496

2025-12-06 20:51:31 +00:00 · 2013-07-31 21:15:03 +02:00
parent 6b826ef64d
commit 953b5815d8
3 changed files with 15 additions and 1 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -361,6 +361,18 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
                    count += 1
                    found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE

+                    if not found and not expected and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL:
+                        warnMsg = "something went wrong with full UNION "
+                        warnMsg += "technique (most probably because of "
+                        warnMsg += "limitation on retrieved number of entries). "
+                        warnMsg += "Falling back to partial UNION technique"
+                        singleTimeWarnMessage(warnMsg)
+
+                        kb.forcePartialUnion = True
+                        value = _goUnion(query, unpack, dump)
+                        found = (value is not None) or (value is None and expectingNone)
+                        kb.forcePartialUnion = False
+
                if error and any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) and not found:
                    kb.technique = PAYLOAD.TECHNIQUE.ERROR if isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) else PAYLOAD.TECHNIQUE.QUERY
                    value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump)