|
17 | 17 | from lib.core.common import getCharset |
18 | 18 | from lib.core.common import goGoodSamaritan |
19 | 19 | from lib.core.common import getPartRun |
| 20 | +from lib.core.common import popValue |
| 21 | +from lib.core.common import pushValue |
20 | 22 | from lib.core.common import readInput |
21 | 23 | from lib.core.common import replaceNewlineTabs |
22 | 24 | from lib.core.common import safeStringFormat |
@@ -113,7 +115,7 @@ def tryHint(idx): |
113 | 115 | hintlock.release() |
114 | 116 |
|
115 | 117 | if hintValue is not None and len(hintValue) >= idx: |
116 | | - if kb.dbms == "SQLite": |
| 118 | + if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"): |
117 | 119 | posValue = hintValue[idx-1] |
118 | 120 | else: |
119 | 121 | posValue = ord(hintValue[idx-1]) |
@@ -165,17 +167,17 @@ def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is N |
165 | 167 | position = (len(charTbl) >> 1) |
166 | 168 | posValue = charTbl[position] |
167 | 169 |
|
168 | | - if kb.dbms == "SQLite": |
169 | | - posValueOld = posValue |
| 170 | + if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"): |
| 171 | + pushValue(posValue) |
170 | 172 | posValue = chr(posValue) if posValue < 128 else unichr(posValue) |
171 | 173 |
|
172 | 174 | forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue)) |
173 | 175 |
|
174 | 176 | queriesCount[0] += 1 |
175 | 177 | result = Request.queryPage(urlencode(forgedPayload)) |
176 | 178 |
|
177 | | - if kb.dbms == "SQLite": |
178 | | - posValue = posValueOld |
| 179 | + if kb.dbms in ("SQLite", "Microsoft Access", "SAP MaxDB"): |
| 180 | + posValue = popValue() |
179 | 181 |
|
180 | 182 | if result: |
181 | 183 | minValue = posValue |
|
0 commit comments