fixes #181 - proper save/resume information about single entry UNION SQL injection

2025-12-07 05:01:30 +00:00 · 2010-03-22 15:39:29 +00:00
parent d00e4a458a
commit d13ad8b2d7
6 changed files with 92 additions and 46 deletions
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@@ -70,7 +70,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
        expression = agent.concatQuery(expression, unpack)
        expression = unescaper.unescape(expression)

-    if ( conf.paramNegative or conf.paramFalseCond ) and not direct:
+    if ( kb.unionNegative or kb.unionFalseCond ) and not direct:
        _, _, _, _, _, expressionFieldsList, expressionFields = agent.getFields(origExpr)

        if len(expressionFieldsList) > 1: