From 1c44d6d3c7884fc66af5e808f306f092ca974303 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Tue, 14 Feb 2012 17:29:00 +0000 Subject: [PATCH] Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d --- lib/request/inject.py | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/lib/request/inject.py b/lib/request/inject.py index c666ec022..2dd688808 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -404,8 +404,19 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse getCurrentThreadData().disableStdOut = suppressOutput try: + if expected == EXPECTED.BOOL: + forgeCaseExpression = booleanExpression = expression + + if expression.upper().startswith("SELECT "): + booleanExpression = expression[len("SELECT "):] + else: + forgeCaseExpression = agent.forgeCaseStatement(expression) + if conf.direct: - value = direct(expression) + if expected == EXPECTED.BOOL: + value = direct(forgeCaseExpression) + else: + value = direct(expression) elif any(map(isTechniqueAvailable, getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True))): query = cleanQuery(expression) @@ -418,14 +429,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse count = 0 - if expected == EXPECTED.BOOL: - forgeCaseExpression = booleanExpression = expression - - if expression.upper().startswith("SELECT "): - booleanExpression = expression[len("SELECT "):] - else: - forgeCaseExpression = agent.forgeCaseStatement(expression) - if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): kb.technique = PAYLOAD.TECHNIQUE.UNION