Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d

bdamele · bdamele · commit 1c44d6d3c788 · 2012-02-14T17:29:00.000Z
diff --git a/lib/request/inject.py b/lib/request/inject.py
@@ -404,8 +404,19 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
         getCurrentThreadData().disableStdOut = suppressOutput
 
     try:
+        if expected == EXPECTED.BOOL:
+            forgeCaseExpression = booleanExpression = expression
+
+            if expression.upper().startswith("SELECT "):
+                booleanExpression = expression[len("SELECT "):]
+            else:
+                forgeCaseExpression = agent.forgeCaseStatement(expression)
+
         if conf.direct:
-            value = direct(expression)
+            if expected == EXPECTED.BOOL:
+                value = direct(forgeCaseExpression)
+            else:
+                value = direct(expression)
 
         elif any(map(isTechniqueAvailable, getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True))):
             query = cleanQuery(expression)
@@ -418,14 +429,6 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
 
             count = 0
 
-            if expected == EXPECTED.BOOL:
-                forgeCaseExpression = booleanExpression = expression
-
-                if expression.upper().startswith("SELECT "):
-                    booleanExpression = expression[len("SELECT "):]
-                else:
-                    forgeCaseExpression = agent.forgeCaseStatement(expression)
-
             if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
                 kb.technique = PAYLOAD.TECHNIQUE.UNION
 
