diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py index 0eec60fa3..2b67abb8e 100644 --- a/lib/takeover/xp_cmdshell.py +++ b/lib/takeover/xp_cmdshell.py @@ -210,7 +210,7 @@ class xp_cmdshell: query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName) if conf.direct or any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)): - output = inject.getValue(query, resumeValue=False, blind=False) + output = inject.getValue(query, resumeValue=False, blind=False, time=False) else: output = [] count = inject.getValue("SELECT COUNT(*) FROM %s" % self.cmdTblName, resumeValue=False, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) diff --git a/lib/utils/pivotdumptable.py b/lib/utils/pivotdumptable.py index c4bacb96b..cbefcff48 100644 --- a/lib/utils/pivotdumptable.py +++ b/lib/utils/pivotdumptable.py @@ -35,7 +35,7 @@ def pivotDumpTable(table, colList, count=None, blind=True): if count is None: query = dumpNode.count % table - count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, expected=EXPECTED.INT) + count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT) if isinstance(count, basestring) and count.isdigit(): count = int(count) diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index d0fc2e163..bedc60e14 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -96,7 +96,7 @@ class Enumeration(GenericEnumeration): for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3): query = query.replace("%s", db) - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, time=False) if not isNoneValue(value): break @@ -199,7 +199,7 @@ class Enumeration(GenericEnumeration): if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct: query = rootQuery.inband.query.replace("%s", db) query += tblQuery - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, time=False) if not isNoneValue(values): if isinstance(values, basestring): @@ -321,7 +321,7 @@ class Enumeration(GenericEnumeration): query = rootQuery.inband.query % (db, db, db, db, db, db) query += " AND %s" % colQuery.replace("[DB]", db) query += whereTblsQuery.replace("[DB]", db) - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, time=False) if not isNoneValue(values): if isinstance(values, basestring): diff --git a/plugins/dbms/mssqlserver/filesystem.py b/plugins/dbms/mssqlserver/filesystem.py index 24892ce84..8ebfd5f17 100644 --- a/plugins/dbms/mssqlserver/filesystem.py +++ b/plugins/dbms/mssqlserver/filesystem.py @@ -138,7 +138,7 @@ class Filesystem(GenericFilesystem): inject.goStacked(binToHexQuery) if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION): - result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, error=False) + result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, time=False, error=False) if not result: result = [] diff --git a/plugins/dbms/oracle/enumeration.py b/plugins/dbms/oracle/enumeration.py index bdfaa7d70..c4771d2b3 100644 --- a/plugins/dbms/oracle/enumeration.py +++ b/plugins/dbms/oracle/enumeration.py @@ -54,7 +54,7 @@ class Enumeration(GenericEnumeration): query += " WHERE " query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users)) - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, time=False) if not values and not query2: infoMsg = "trying with table USER_ROLE_PRIVS" diff --git a/plugins/generic/databases.py b/plugins/generic/databases.py index f874f2f51..f1a2a08b2 100644 --- a/plugins/generic/databases.py +++ b/plugins/generic/databases.py @@ -103,7 +103,7 @@ class Databases: query = rootQuery.inband.query2 else: query = rootQuery.inband.query - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, time=False) if not isNoneValue(value): kb.data.cachedDbs = arrayizeValue(value) @@ -266,7 +266,7 @@ class Databases: if len(dbs) < 2 and ("%s," % condition) in query: query = query.replace("%s," % condition, "", 1) - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, time=False) if not isNoneValue(value): value = filter(None, arrayizeValue(value)) @@ -518,7 +518,7 @@ class Databases: elif Backend.isDbms(DBMS.SQLITE): query = rootQuery.inband.query % tbl - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, time=False) if Backend.isDbms(DBMS.SQLITE): parseSqliteTableSchema(unArrayizeValue(value)) diff --git a/plugins/generic/entries.py b/plugins/generic/entries.py index 6f4cde86c..671e33f69 100644 --- a/plugins/generic/entries.py +++ b/plugins/generic/entries.py @@ -147,7 +147,7 @@ class Entries: if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL): table = "%s.%s" % (conf.db, tbl) - retVal = pivotDumpTable(table, colList, blind=False) + retVal = pivotDumpTable(table, colList, blind=False, time=False) if retVal: entries, _ = retVal @@ -160,7 +160,7 @@ class Entries: query = rootQuery.inband.query % (colString, conf.db, tbl) if not entries and query: - entries = inject.getValue(query, blind=False, dump=True) + entries = inject.getValue(query, blind=False, time=False, dump=True) if isNoneValue(entries): entries = [] diff --git a/plugins/generic/search.py b/plugins/generic/search.py index bda443f7b..40ed6ae51 100644 --- a/plugins/generic/search.py +++ b/plugins/generic/search.py @@ -81,7 +81,7 @@ class Search: query = rootQuery.inband.query query += dbQuery query += exclDbsQuery - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, time=False) if not isNoneValue(values): values = arrayizeValue(values) @@ -190,7 +190,7 @@ class Search: query = rootQuery.inband.query query += tblQuery query += whereDbsQuery - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, time=False) for foundDb, foundTbl in filterPairValues(values): foundDb = safeSQLIdentificatorNaming(foundDb) @@ -378,7 +378,7 @@ class Search: query += colQuery query += whereDbsQuery query += whereTblsQuery - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, time=False) else: # Assume provided databases' tables contain the # column(s) provided diff --git a/plugins/generic/users.py b/plugins/generic/users.py index 49982b2a4..d1c0f5f42 100644 --- a/plugins/generic/users.py +++ b/plugins/generic/users.py @@ -97,7 +97,7 @@ class Users: query = rootQuery.inband.query2 else: query = rootQuery.inband.query - value = unArrayizeValue(inject.getValue(query, blind=False)) + value = unArrayizeValue(inject.getValue(query, blind=False, time=False)) if not isNoneValue(value): kb.data.cachedUsers = arrayizeValue(value) @@ -182,7 +182,7 @@ class Users: randStr = randomStr() getCurrentThreadData().disableStdOut = True - retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False) + retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False, time=False) if retVal: for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])): @@ -194,7 +194,7 @@ class Users: getCurrentThreadData().disableStdOut = False else: - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, time=False) for user, password in filterPairValues(value): if not user or user == " ": @@ -363,7 +363,7 @@ class Users: else: query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users)) - values = inject.getValue(query, blind=False) + values = inject.getValue(query, blind=False, time=False) if not values and Backend.isDbms(DBMS.ORACLE) and not query2: infoMsg = "trying with table USER_SYS_PRIVS"