Bug fix for --union-test

bdamele · bdamele · commit 126a1479d8f7 · 2010-12-03T14:57:30.000Z
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -155,12 +155,13 @@ def prefixQuery(self, string):
         # payload, do not put a space after the prefix
         if kb.technique == 4:
             query = kb.injection.prefix
-        elif (kb.technique and kb.technique in kb.injection.data) or \
-             (kb.injection.clause == [2, 3] or kb.injection.clause == [ 2 ]):
+        elif kb.technique and kb.technique in kb.injection.data:
             where = kb.injection.data[kb.technique].where
 
-            if where == 3 or (kb.injection.clause == [2, 3] or \
-               kb.injection.clause == [ 2 ]):
+            if where == 3:
+                query = kb.injection.prefix
+        elif kb.injection.clause == [2, 3] or kb.injection.clause == [ 2 ]:
+            if kb.technique != 3:
                 query = kb.injection.prefix
 
         if query is None:
diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py
@@ -129,6 +129,9 @@ def unionTest():
     if kb.unionTest is not None:
         return kb.unionTest
 
+    oldTechnique = kb.technique
+    kb.technique = 3
+
     if conf.uChar == "NULL":
         technique = "NULL bruteforcing"
     else:
@@ -157,5 +160,6 @@ def unionTest():
         infoMsg += "inband sql injection vulnerability "
         infoMsg += "on parameter '%s'" % kb.injection.parameter
         logger.info(infoMsg)
+        kb.technique = oldTechnique
 
     return kb.unionTest
