Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)

lib/techniques/union/test.py

@@ -101,7 +101,7 @@ def __findUnionCharCount(comment, place, parameter, value, prefix, suffix, where
     pages = {}
 
     for count in xrange(lowerCount, upperCount+1):
-        query = agent.forgeInbandQuery('', -1, count, comment, prefix, suffix, kb.uChar, where)
+        query = agent.forgeUnionQuery('', -1, count, comment, prefix, suffix, kb.uChar, where)
         payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
         page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
         if not isNullValue(kb.uChar):
@@ -166,7 +166,7 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
 
     # For each column of the table (# of NULL) perform a request using
     # the UNION ALL SELECT statement to test it the target url is
-    # affected by an exploitable inband SQL injection vulnerability
+    # affected by an exploitable union SQL injection vulnerability
     for position in positions:
         # Prepare expression with delimiters
         randQuery = randomStr(UNION_MIN_RESPONSE_CHARS)
@@ -174,8 +174,8 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
         randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
         randQueryUnescaped = unescaper.unescape(randQueryProcessed)
 
-        # Forge the inband SQL injection request
-        query = agent.forgeInbandQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where)
+        # Forge the union SQL injection request
+        query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where)
         payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
 
         # Perform the request
@@ -196,8 +196,8 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
                 randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
                 randQueryUnescaped2 = unescaper.unescape(randQueryProcessed2)
 
-                # Confirm that it is a full inband SQL injection
-                query = agent.forgeInbandQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, multipleUnions=randQueryUnescaped2)
+                # Confirm that it is a full union SQL injection
+                query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, multipleUnions=randQueryUnescaped2)
                 payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
 
                 # Perform the request
@@ -210,7 +210,7 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
                     fromTable = " FROM (%s) AS %s" % (" UNION ".join("SELECT %d%s%s" % (_, FROM_DUMMY_TABLE.get(Backend.getIdentifiedDbms(), ""), " AS %s" % randomStr() if _ == 0 else "") for _ in xrange(LIMITED_ROWS_TEST_NUMBER)), randomStr())
 
                     # Check for limited row output
-                    query = agent.forgeInbandQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, fromTable=fromTable)
+                    query = agent.forgeUnionQuery(randQueryUnescaped, position, count, comment, prefix, suffix, kb.uChar, where, fromTable=fromTable)
                     payload = agent.payload(place=place, parameter=parameter, newValue=query, where=where)
 
                     # Perform the request
@@ -239,11 +239,11 @@ def __unionConfirm(comment, place, parameter, prefix, suffix, count):
     validPayload = None
     vector = None
 
-    # Confirm the inband SQL injection and get the exact column
+    # Confirm the union SQL injection and get the exact column
     # position which can be used to extract data
     validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count)
 
-    # Assure that the above function found the exploitable full inband
+    # Assure that the above function found the exploitable full union
     # SQL injection position
     if not validPayload:
         validPayload, vector = __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYLOAD.WHERE.NEGATIVE)
@@ -252,7 +252,7 @@ def __unionConfirm(comment, place, parameter, prefix, suffix, count):
 
 def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix):
     """
-    This method tests if the target url is affected by an inband
+    This method tests if the target url is affected by an union
     SQL injection vulnerability. The test is done up to 50 columns
     on the target database table
     """
@@ -297,7 +297,7 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
 
 def unionTest(comment, place, parameter, value, prefix, suffix):
     """
-    This method tests if the target url is affected by an inband
+    This method tests if the target url is affected by an union
     SQL injection vulnerability. The test is done up to 3*50 times
     """
 

lib/techniques/union/use.py

@@ -48,7 +48,7 @@ from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request
 
 def __oneShotUnionUse(expression, unpack=True, limited=False):
-    retVal = hashDBRetrieve("%s%s" % (conf.hexConvert, expression), checkConf=True)  # as inband data is stored raw unconverted
+    retVal = hashDBRetrieve("%s%s" % (conf.hexConvert, expression), checkConf=True)  # as union data is stored raw unconverted
 
     threadData = getCurrentThreadData()
     threadData.resumed = retVal is not None
@@ -59,10 +59,10 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
 
         where = PAYLOAD.WHERE.NEGATIVE if conf.limitStart or conf.limitStop else None
 
-        # Forge the inband SQL injection request
+        # Forge the union SQL injection request
         vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
         kb.unionDuplicates = vector[7]
-        query = agent.forgeInbandQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, limited)
+        query = agent.forgeUnionQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], vector[6], None, limited)
         payload = agent.payload(newValue=query, where=where)
 
         # Perform the request
@@ -90,7 +90,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
         if retVal is not None:
             retVal = getUnicode(retVal, kb.pageEncoding)
 
-            # Special case when DBMS is Microsoft SQL Server and error message is used as a result of inband injection
+            # Special case when DBMS is Microsoft SQL Server and error message is used as a result of union injection
             if Backend.isDbms(DBMS.MSSQL) and wasLastRequestDBMSError():
                 retVal = htmlunescape(retVal).replace("<br>", "\n")
 
@@ -140,9 +140,9 @@ def configUnion(char=None, columns=None):
 
 def unionUse(expression, unpack=True, dump=False):
     """
-    This function tests for an inband SQL injection on the target
+    This function tests for an union SQL injection on the target
     url then call its subsidiary function to effectively perform an
-    inband SQL injection on the affected url
+    union SQL injection on the affected url
     """
 
     initTechnique(PAYLOAD.TECHNIQUE.UNION)
@@ -341,7 +341,7 @@ def unionUse(expression, unpack=True, dump=False):
                 kb.suppressResumeInfo = False
 
     if not value and not abortedFlag:
-        expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full inband doesn't play well with ORDER BY
+        expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full union doesn't play well with ORDER BY
         value = __oneShotUnionUse(expression, unpack)
 
     duration = calculateDeltaSeconds(start)