Implementation for an Issue #496

stamparm · stamparm · commit 953b5815d86f · 2013-07-31T21:15:03.000+02:00
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1601,6 +1601,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
     kb.errorIsNone = True
     kb.fileReadMode = False
     kb.forcedDbms = None
+    kb.forcePartialUnion = False
     kb.headersFp = {}
     kb.heuristicDbms = None
     kb.heuristicMode = False
diff --git a/lib/request/inject.py b/lib/request/inject.py
@@ -361,6 +361,18 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser
                     count += 1
                     found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
 
+                    if not found and not expected and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL:
+                        warnMsg = "something went wrong with full UNION "
+                        warnMsg += "technique (most probably because of "
+                        warnMsg += "limitation on retrieved number of entries). "
+                        warnMsg += "Falling back to partial UNION technique"
+                        singleTimeWarnMessage(warnMsg)
+
+                        kb.forcePartialUnion = True
+                        value = _goUnion(query, unpack, dump)
+                        found = (value is not None) or (value is None and expectingNone)
+                        kb.forcePartialUnion = False
+
                 if error and any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.ERROR, PAYLOAD.TECHNIQUE.QUERY)) and not found:
                     kb.technique = PAYLOAD.TECHNIQUE.ERROR if isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) else PAYLOAD.TECHNIQUE.QUERY
                     value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump)
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
@@ -184,7 +184,8 @@ def unionUse(expression, unpack=True, dump=False):
        " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \
        not in FROM_DUMMY_TABLE) or (Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE \
        and not expression.upper().endswith(FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]))) \
-       and not re.search(SQL_SCALAR_REGEX, expression, re.I):
+       and not re.search(SQL_SCALAR_REGEX, expression, re.I)\
+       or kb.forcePartialUnion:
         expression, limitCond, topLimit, startLimit, stopLimit = agent.limitCondition(expression, dump)
 
         if limitCond:
