From c83593c044d01748f5bf6147667832fdab25e960 Mon Sep 17 00:00:00 2001
From: Bernardo Damele <bernardo.damele@gmail.com>
Date: Tue, 23 Dec 2008 23:34:50 +0000
Subject: [PATCH] Limited custom query now works also on Oracle in inferential
 blind SQL injection technique

---
 lib/request/inject.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/lib/request/inject.py b/lib/request/inject.py
index bcaa64080..e8bb3488c 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -77,11 +77,18 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
     for field in expressionFieldsList:
         output = None
 
+        if field.startswith("ROWNUM "):
+            continue
+
         if isinstance(num, int):
             origExpr = expression
             expression = agent.limitQuery(num, expression, field)
 
-        expressionReplaced = expression.replace(expressionFields, field, 1)
+        if "ROWNUM" in expressionFieldsList:
+            expressionReplaced = expression.replace(expressionFields, field, 1)
+        else:
+            expressionReplaced = expression
+
         output             = resume(expressionReplaced, payload)
 
         if not output or ( expected == "int" and not output.isdigit() ):