minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def:abc:ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)

stamparm · stamparm · commit 5772c52f46ab · 2012-04-15T16:33:47.000Z
diff --git a/lib/techniques/union/test.py b/lib/techniques/union/test.py
@@ -202,7 +202,7 @@ def __unionPosition(comment, place, parameter, prefix, suffix, count, where=PAYL
                 page, headers = Request.queryPage(payload, place=place, content=True, raise404=False)
                 content = "%s%s".lower() % (page or "", listToStrValue(headers.headers if headers else None) or "")
 
-                if content and ((randQuery in content and phrase2 not in content) or (randQuery not in content and phrase2 in content)):
+                if not all(_ in content for _ in (phrase, phrase2)):
                     vector = (position, count, comment, prefix, suffix, kb.uChar, PAYLOAD.WHERE.NEGATIVE)
 
             unionErrorCase = kb.errorIsNone and wasLastRequestDBMSError()
