coollyy little commits

2026-01-05 22:29:14 +00:00 · 2010-12-10 11:32:46 +00:00
parent d71e51e765
commit fe2039f5ba
4 changed files with 21 additions and 16 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -12,6 +12,7 @@ import re
 from xml.etree import ElementTree as ET

 from lib.core.common import getCompiledRegex
+from lib.core.common import isDBMSVersionAtLeast
 from lib.core.common import randomInt
 from lib.core.common import randomStr
 from lib.core.convert import urlencode
@@ -214,7 +215,14 @@ class Agent:

        if "[INFERENCE]" in payload:
            if kb.dbms is not None:
-                inferenceQuery = queries[kb.dbms].inference.query
+                inference = queries[kb.dbms].inference
+                if "dbms_version" in inference:
+                    if isDBMSVersionAtLeast(inference.dbms_version):
+                        inferenceQuery = inference.query
+                    else:
+                        inferenceQuery = inference.query2
+                else:
+                    inferenceQuery = inference.query
                payload = payload.replace("[INFERENCE]", inferenceQuery)
            elif kb.misc.testedDbms is not None:
                inferenceQuery = queries[kb.misc.testedDbms].inference.query
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@@ -46,9 +46,9 @@ DUMP_TAB_MARKER     = "__TAB__"
 DUMP_START_MARKER   = "__START__"
 DUMP_STOP_MARKER    = "__STOP__"

-PAYLOAD_DELIMITER  = "\x00"
-
-MIN_TIME_RESPONSES = 10
+PAYLOAD_DELIMITER   = "\x00"
+CHAR_INFERENCE_MARK = "%c"
+MIN_TIME_RESPONSES  = 10

 # System variables
 IS_WIN             = subprocess.mswindows
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -33,6 +33,7 @@ from lib.core.exception import sqlmapValueException
 from lib.core.exception import sqlmapThreadException
 from lib.core.exception import unhandledException
 from lib.core.progress import ProgressBar
+from lib.core.settings import CHAR_INFERENCE_MARK
 from lib.core.unescaper import unescaper
 from lib.request.connect import Connect as Request

@@ -141,7 +142,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
        continuousOrder means that distance between each two neighbour's
        numerical values is exactly 1
        """
-        
+
        result = tryHint(idx)

        if result:
@@ -170,18 +171,14 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
            position = (len(charTbl) >> 1)
            posValue = charTbl[position]

-            if dbms in (DBMS.SQLITE, DBMS.MAXDB):
-                pushValue(posValue)
-                posValue = chr(posValue) if posValue < 128 else unichr(posValue)
-
-            forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
+            if CHAR_INFERENCE_MARK not in payload:
+                forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
+            else:
+                forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(CHAR_INFERENCE_MARK, chr(posValue) if posValue < 128 else unichr(posValue))

            queriesCount[0] += 1
            result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare)

-            if dbms in (DBMS.SQLITE, DBMS.MAXDB):
-                posValue = popValue()
-
            if result:
                minValue = posValue