fix for Feature #157

stamparm · stamparm · commit d96723a135e4 · 2010-05-13T11:17:24.000Z
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
@@ -161,27 +161,19 @@ def getChar(idx, asciiTbl=asciiTbl):
             if not conf.useBetween or kb.dbms == "SQLite":
                 forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx, posValue))
             else:
-                forgedPayload = safeStringFormat(payload.replace('%3E', 'BETWEEN 0 AND'), (expressionUnescaped, idx, posValue))
+                forgedPayload = safeStringFormat(payload.replace('%3E', 'NOT BETWEEN 0 AND'), (expressionUnescaped, idx, posValue))
 
             result        = Request.queryPage(urlencode(forgedPayload))
 
             if kb.dbms == "SQLite":
                 posValue = posValueOld
 
-            if not conf.useBetween or kb.dbms == "SQLite":     #normal
-                if result:
-                    minValue = posValue
-                    asciiTbl = asciiTbl[position:]
-                else:
-                    maxValue = posValue
-                    asciiTbl = asciiTbl[:position]
-            else:                       #reversed
-                if result:
-                    maxValue = posValue
-                    asciiTbl = asciiTbl[:position]
-                else:
-                    minValue = posValue
-                    asciiTbl = asciiTbl[position:]
+            if result:
+                minValue = posValue
+                asciiTbl = asciiTbl[position:]
+            else:
+                maxValue = posValue
+                asciiTbl = asciiTbl[:position]
 
             if len(asciiTbl) == 1:
                 if maxValue == 1:
