Store and resume also UNION char to session file (--union-char)

2025-12-06 12:41:30 +00:00 · 2010-12-01 10:59:58 +00:00
parent 025361c970
commit c00ea7f5e5
2 changed files with 23 additions and 9 deletions
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -215,7 +215,7 @@ def setTimeBased(place, parameter, payload):
    if condition:
        dataToSessionFile("[%s][%s][%s][Time-based blind injection][%s]\n" % (conf.url, place, safeFormatString(conf.parameters[place]), payload))

-def setUnion(comment=None, count=None, position=None, negative=False, falseCond=False, payload=None):
+def setUnion(comment=None, count=None, position=None, negative=False, falseCond=False, char=None, payload=None):
    """
    @param comment: union comment to save in session file
    @type comment: C{str}
@@ -284,6 +284,16 @@ def setUnion(comment=None, count=None, position=None, negative=False, falseCond=

        kb.unionFalseCond = True

+    if char:
+        condition = (
+                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
+                      ( not kb.resumedQueries[conf.url].has_key("Union char")
+                      ) )
+                    )
+
+        if condition:
+            dataToSessionFile("[%s][%s][%s][Union char][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), char))
+
    if payload:
        condition = (
                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
@@ -568,6 +578,12 @@ def resumeConfKb(expression, url, value):
        logMsg = "resuming union false condition from session file"
        logger.info(logMsg)

+    elif expression == "Union char" and url == conf.url:
+        conf.uChar = value[:-1]
+
+        logMsg = "resuming union char %s from session file" % conf.uChar
+        logger.info(logMsg)
+
    elif expression == "Union payload" and url == conf.url:
        kb.unionTest = value[:-1]