Fixed a bug reported by Bedirhan Urgun <bedirhanurgun@gmail.com>

bdamele · bdamele · commit d664f0387e0f · 2008-10-16T14:01:14.000Z
diff --git a/lib/parse/configfile.py b/lib/parse/configfile.py
@@ -25,7 +25,7 @@
 
 
 from ConfigParser import NoSectionError
-from ConfigParser import SafeConfigParser
+from ConfigParser import ConfigParser
 
 from lib.core.common import checkFile
 from lib.core.data import conf
@@ -76,7 +76,7 @@ def configFileParser(configFile):
     logger.debug(debugMsg)
 
     checkFile(configFile)
-    config = SafeConfigParser()
+    config = ConfigParser()
     config.read(configFile)
 
     if not config.has_section("Request"):
diff --git a/lib/techniques/inference/blind.py b/lib/techniques/inference/blind.py
@@ -92,7 +92,10 @@ def getChar(idx):
             queriesCount[0] += 1
             limit = ((maxValue + minValue) / 2)
 
-            forgedPayload = payload % (expressionUnescaped, idx, limit)
+            # TODO: find a cleaner way to do this
+            forgedPayload = payload.replace("%", "%%", 1) % (expressionUnescaped, idx, limit)
+            forgedPayload = forgedPayload.replace("%%", "%")
+
             result = Request.queryPage(forgedPayload)
 
             if result == kb.defaultResult:
