Bug fix (time was also meant to be disabled in case of error/inband getvalues)

2024-11-22 17:46:37 +03:00 · 2012-10-27 23:16:25 +02:00 · 2012-10-27 23:16:25 +02:00 · 06805b27f2
commit 06805b27f2
parent 7207cf29dd
9 changed files with 19 additions and 19 deletions
--- a/lib/takeover/xp_cmdshell.py
+++ b/lib/takeover/xp_cmdshell.py
@ -210,7 +210,7 @@ class xp_cmdshell:
            query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName)
            if conf.direct or any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)):
-                output = inject.getValue(query, resumeValue=False, blind=False)
+                output = inject.getValue(query, resumeValue=False, blind=False, time=False)
            else:
                output = []
                count = inject.getValue("SELECT COUNT(*) FROM %s" % self.cmdTblName, resumeValue=False, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
--- a/lib/utils/pivotdumptable.py
+++ b/lib/utils/pivotdumptable.py
@ -35,7 +35,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
    if count is None:
        query = dumpNode.count % table
-        count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, expected=EXPECTED.INT)
+        count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT)
    if isinstance(count, basestring) and count.isdigit():
        count = int(count)
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@ -96,7 +96,7 @@ class Enumeration(GenericEnumeration):
                for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3):
                    query = query.replace("%s", db)
-                    value = inject.getValue(query, blind=False)
+                    value = inject.getValue(query, blind=False, time=False)
                    if not isNoneValue(value):
                        break
@ -199,7 +199,7 @@ class Enumeration(GenericEnumeration):
                if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
                    query = rootQuery.inband.query.replace("%s", db)
                    query += tblQuery
-                    values = inject.getValue(query, blind=False)
+                    values = inject.getValue(query, blind=False, time=False)
                    if not isNoneValue(values):
                        if isinstance(values, basestring):
@ -321,7 +321,7 @@ class Enumeration(GenericEnumeration):
                    query = rootQuery.inband.query % (db, db, db, db, db, db)
                    query += " AND %s" % colQuery.replace("[DB]", db)
                    query += whereTblsQuery.replace("[DB]", db)
-                    values = inject.getValue(query, blind=False)
+                    values = inject.getValue(query, blind=False, time=False)
                    if not isNoneValue(values):
                        if isinstance(values, basestring):
--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@ -138,7 +138,7 @@ class Filesystem(GenericFilesystem):
        inject.goStacked(binToHexQuery)
        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
-            result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, error=False)
+            result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, time=False, error=False)
        if not result:
            result = []
--- a/plugins/dbms/oracle/enumeration.py
+++ b/plugins/dbms/oracle/enumeration.py
@ -54,7 +54,7 @@ class Enumeration(GenericEnumeration):
                query += " WHERE "
                query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
-            values = inject.getValue(query, blind=False)
+            values = inject.getValue(query, blind=False, time=False)
            if not values and not query2:
                infoMsg = "trying with table USER_ROLE_PRIVS"
--- a/plugins/generic/databases.py
+++ b/plugins/generic/databases.py
@ -103,7 +103,7 @@ class Databases:
                query = rootQuery.inband.query2
            else:
                query = rootQuery.inband.query
-            value = inject.getValue(query, blind=False)
+            value = inject.getValue(query, blind=False, time=False)
            if not isNoneValue(value):
                kb.data.cachedDbs = arrayizeValue(value)
@ -266,7 +266,7 @@ class Databases:
                if len(dbs) < 2 and ("%s," % condition) in query:
                    query = query.replace("%s," % condition, "", 1)
-            value = inject.getValue(query, blind=False)
+            value = inject.getValue(query, blind=False, time=False)
            if not isNoneValue(value):
                value = filter(None, arrayizeValue(value))
@ -518,7 +518,7 @@ class Databases:
                elif Backend.isDbms(DBMS.SQLITE):
                    query = rootQuery.inband.query % tbl
-                value = inject.getValue(query, blind=False)
+                value = inject.getValue(query, blind=False, time=False)
                if Backend.isDbms(DBMS.SQLITE):
                    parseSqliteTableSchema(unArrayizeValue(value))
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@ -147,7 +147,7 @@ class Entries:
                        if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
                            table = "%s.%s" % (conf.db, tbl)
-                            retVal = pivotDumpTable(table, colList, blind=False)
+                            retVal = pivotDumpTable(table, colList, blind=False, time=False)
                            if retVal:
                                entries, _ = retVal
@ -160,7 +160,7 @@ class Entries:
                        query = rootQuery.inband.query % (colString, conf.db, tbl)
                    if not entries and query:
-                        entries = inject.getValue(query, blind=False, dump=True)
+                        entries = inject.getValue(query, blind=False, time=False, dump=True)
                    if isNoneValue(entries):
                        entries = []
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@ -81,7 +81,7 @@ class Search:
                    query = rootQuery.inband.query
                query += dbQuery
                query += exclDbsQuery
-                values = inject.getValue(query, blind=False)
+                values = inject.getValue(query, blind=False, time=False)
                if not isNoneValue(values):
                    values = arrayizeValue(values)
@ -190,7 +190,7 @@ class Search:
                query = rootQuery.inband.query
                query += tblQuery
                query += whereDbsQuery
-                values = inject.getValue(query, blind=False)
+                values = inject.getValue(query, blind=False, time=False)
                for foundDb, foundTbl in filterPairValues(values):
                    foundDb = safeSQLIdentificatorNaming(foundDb)
@ -378,7 +378,7 @@ class Search:
                    query += colQuery
                    query += whereDbsQuery
                    query += whereTblsQuery
-                    values = inject.getValue(query, blind=False)
+                    values = inject.getValue(query, blind=False, time=False)
                else:
                    # Assume provided databases' tables contain the
                    # column(s) provided
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@ -97,7 +97,7 @@ class Users:
                query = rootQuery.inband.query2
            else:
                query = rootQuery.inband.query
-            value = unArrayizeValue(inject.getValue(query, blind=False))
+            value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
            if not isNoneValue(value):
                kb.data.cachedUsers = arrayizeValue(value)
@ -182,7 +182,7 @@ class Users:
                randStr = randomStr()
                getCurrentThreadData().disableStdOut = True
-                retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False)
+                retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False, time=False)
                if retVal:
                    for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
@ -194,7 +194,7 @@ class Users:
                getCurrentThreadData().disableStdOut = False
            else:
-                value = inject.getValue(query, blind=False)
+                value = inject.getValue(query, blind=False, time=False)
                for user, password in filterPairValues(value):
                    if not user or user == " ":
@ -363,7 +363,7 @@ class Users:
                else:
                    query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
-            values = inject.getValue(query, blind=False)
+            values = inject.getValue(query, blind=False, time=False)
            if not values and Backend.isDbms(DBMS.ORACLE) and not query2:
                infoMsg = "trying with table USER_SYS_PRIVS"