@@ -121,6 +121,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
121121 for position in positions :
122122 # Prepare expression with delimiters
123123 randQuery = randomStr (UNION_MIN_RESPONSE_CHARS )
124+ phrase = "%s%s%s" .lower () % (kb .misc .start , randQuery , kb .misc .stop )
124125 randQueryProcessed = agent .concatQuery ("\' %s\' " % randQuery )
125126 randQueryUnescaped = unescaper .unescape (randQueryProcessed )
126127
@@ -134,13 +135,14 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
134135 removeReflectiveValues (listToStrValue (headers .headers if headers else None ), \
135136 payload , True ) or "" )
136137
137- if content and randQuery in content :
138+ if content and phrase in content :
138139 validPayload = payload
139140 vector = (position , count , comment , prefix , suffix , kb .uChar , where )
140141
141142 if where == PAYLOAD .WHERE .ORIGINAL :
142143 # Prepare expression with delimiters
143144 randQuery2 = randomStr (UNION_MIN_RESPONSE_CHARS )
145+ phrase2 = "%s%s%s" .lower () % (kb .misc .start , randQuery2 , kb .misc .stop )
144146 randQueryProcessed2 = agent .concatQuery ("\' %s\' " % randQuery2 )
145147 randQueryUnescaped2 = unescaper .unescape (randQueryProcessed2 )
146148
@@ -152,7 +154,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
152154 page , headers = Request .queryPage (payload , place = place , content = True , raise404 = False )
153155 content = "%s%s" .lower () % (page or "" , listToStrValue (headers .headers if headers else None ) or "" )
154156
155- if content and ((randQuery in content and randQuery2 not in content ) or (randQuery not in content and randQuery2 in content )):
157+ if content and ((randQuery in content and phrase2 not in content ) or (randQuery not in content and phrase2 in content )):
156158 vector = (position , count , comment , prefix , suffix , kb .uChar , PAYLOAD .WHERE .NEGATIVE )
157159
158160 unionErrorCase = kb .errorIsNone and wasLastRequestDBMSError ()
0 commit comments