@@ -484,13 +484,10 @@ def blindThread():
484484 # One-shot query containing equals commonValue
485485 testValue = unescaper .escape ("'%s'" % commonValue ) if "'" not in commonValue else unescaper .escape ("%s" % commonValue , quote = False )
486486
487- if timeBasedCompare :
488- query = kb .injection .data [kb .technique ].vector
489- query = agent .prefixQuery (query .replace ("[INFERENCE]" , "(%s)=%s" % (expressionUnescaped , testValue )))
490- else :
491- query = agent .prefixQuery (safeStringFormat ("AND (%s)=%s" , (expressionUnescaped , testValue )))
492-
487+ query = kb .injection .data [kb .technique ].vector
488+ query = agent .prefixQuery (query .replace ("[INFERENCE]" , "(%s)=%s" % (expressionUnescaped , testValue )))
493489 query = agent .suffixQuery (query )
490+
494491 result = Request .queryPage (agent .payload (newValue = query ), timeBasedCompare = timeBasedCompare , raise404 = False )
495492 incrementCounter (kb .technique )
496493
@@ -511,13 +508,10 @@ def blindThread():
511508 subquery = queries [Backend .getIdentifiedDbms ()].substring .query % (expressionUnescaped , 1 , len (commonPattern ))
512509 testValue = unescaper .escape ("'%s'" % commonPattern ) if "'" not in commonPattern else unescaper .escape ("%s" % commonPattern , quote = False )
513510
514- if timeBasedCompare :
515- query = kb .injection .data [kb .technique ].vector
516- query = agent .prefixQuery (query .replace ("[INFERENCE]" , "(%s)=%s" % (subquery , testValue )))
517- else :
518- query = agent .prefixQuery (safeStringFormat ("AND (%s)=%s" , (subquery , testValue )))
519-
511+ query = kb .injection .data [kb .technique ].vector
512+ query = agent .prefixQuery (query .replace ("[INFERENCE]" , "(%s)=%s" % (subquery , testValue )))
520513 query = agent .suffixQuery (query )
514+
521515 result = Request .queryPage (agent .payload (newValue = query ), timeBasedCompare = timeBasedCompare , raise404 = False )
522516 incrementCounter (kb .technique )
523517
0 commit comments