Bug fix (time was also meant to be disabled in case of error/inband getvalues)

This commit is contained in:
Miroslav Stampar 2012-10-27 23:16:25 +02:00
parent 7207cf29dd
commit 06805b27f2
9 changed files with 19 additions and 19 deletions

View File

@ -210,7 +210,7 @@ class xp_cmdshell:
query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName)
if conf.direct or any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)):
output = inject.getValue(query, resumeValue=False, blind=False)
output = inject.getValue(query, resumeValue=False, blind=False, time=False)
else:
output = []
count = inject.getValue("SELECT COUNT(*) FROM %s" % self.cmdTblName, resumeValue=False, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)

View File

@ -35,7 +35,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
if count is None:
query = dumpNode.count % table
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, expected=EXPECTED.INT)
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT)
if isinstance(count, basestring) and count.isdigit():
count = int(count)

View File

@ -96,7 +96,7 @@ class Enumeration(GenericEnumeration):
for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3):
query = query.replace("%s", db)
value = inject.getValue(query, blind=False)
value = inject.getValue(query, blind=False, time=False)
if not isNoneValue(value):
break
@ -199,7 +199,7 @@ class Enumeration(GenericEnumeration):
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
query = rootQuery.inband.query.replace("%s", db)
query += tblQuery
values = inject.getValue(query, blind=False)
values = inject.getValue(query, blind=False, time=False)
if not isNoneValue(values):
if isinstance(values, basestring):
@ -321,7 +321,7 @@ class Enumeration(GenericEnumeration):
query = rootQuery.inband.query % (db, db, db, db, db, db)
query += " AND %s" % colQuery.replace("[DB]", db)
query += whereTblsQuery.replace("[DB]", db)
values = inject.getValue(query, blind=False)
values = inject.getValue(query, blind=False, time=False)
if not isNoneValue(values):
if isinstance(values, basestring):

View File

@ -138,7 +138,7 @@ class Filesystem(GenericFilesystem):
inject.goStacked(binToHexQuery)
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, error=False)
result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, time=False, error=False)
if not result:
result = []

View File

@ -54,7 +54,7 @@ class Enumeration(GenericEnumeration):
query += " WHERE "
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
values = inject.getValue(query, blind=False)
values = inject.getValue(query, blind=False, time=False)
if not values and not query2:
infoMsg = "trying with table USER_ROLE_PRIVS"

View File

@ -103,7 +103,7 @@ class Databases:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
value = inject.getValue(query, blind=False)
value = inject.getValue(query, blind=False, time=False)
if not isNoneValue(value):
kb.data.cachedDbs = arrayizeValue(value)
@ -266,7 +266,7 @@ class Databases:
if len(dbs) < 2 and ("%s," % condition) in query:
query = query.replace("%s," % condition, "", 1)
value = inject.getValue(query, blind=False)
value = inject.getValue(query, blind=False, time=False)
if not isNoneValue(value):
value = filter(None, arrayizeValue(value))
@ -518,7 +518,7 @@ class Databases:
elif Backend.isDbms(DBMS.SQLITE):
query = rootQuery.inband.query % tbl
value = inject.getValue(query, blind=False)
value = inject.getValue(query, blind=False, time=False)
if Backend.isDbms(DBMS.SQLITE):
parseSqliteTableSchema(unArrayizeValue(value))

View File

@ -147,7 +147,7 @@ class Entries:
if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
table = "%s.%s" % (conf.db, tbl)
retVal = pivotDumpTable(table, colList, blind=False)
retVal = pivotDumpTable(table, colList, blind=False, time=False)
if retVal:
entries, _ = retVal
@ -160,7 +160,7 @@ class Entries:
query = rootQuery.inband.query % (colString, conf.db, tbl)
if not entries and query:
entries = inject.getValue(query, blind=False, dump=True)
entries = inject.getValue(query, blind=False, time=False, dump=True)
if isNoneValue(entries):
entries = []

View File

@ -81,7 +81,7 @@ class Search:
query = rootQuery.inband.query
query += dbQuery
query += exclDbsQuery
values = inject.getValue(query, blind=False)
values = inject.getValue(query, blind=False, time=False)
if not isNoneValue(values):
values = arrayizeValue(values)
@ -190,7 +190,7 @@ class Search:
query = rootQuery.inband.query
query += tblQuery
query += whereDbsQuery
values = inject.getValue(query, blind=False)
values = inject.getValue(query, blind=False, time=False)
for foundDb, foundTbl in filterPairValues(values):
foundDb = safeSQLIdentificatorNaming(foundDb)
@ -378,7 +378,7 @@ class Search:
query += colQuery
query += whereDbsQuery
query += whereTblsQuery
values = inject.getValue(query, blind=False)
values = inject.getValue(query, blind=False, time=False)
else:
# Assume provided databases' tables contain the
# column(s) provided

View File

@ -97,7 +97,7 @@ class Users:
query = rootQuery.inband.query2
else:
query = rootQuery.inband.query
value = unArrayizeValue(inject.getValue(query, blind=False))
value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
if not isNoneValue(value):
kb.data.cachedUsers = arrayizeValue(value)
@ -182,7 +182,7 @@ class Users:
randStr = randomStr()
getCurrentThreadData().disableStdOut = True
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False)
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False, time=False)
if retVal:
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
@ -194,7 +194,7 @@ class Users:
getCurrentThreadData().disableStdOut = False
else:
value = inject.getValue(query, blind=False)
value = inject.getValue(query, blind=False, time=False)
for user, password in filterPairValues(value):
if not user or user == " ":
@ -363,7 +363,7 @@ class Users:
else:
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
values = inject.getValue(query, blind=False)
values = inject.getValue(query, blind=False, time=False)
if not values and Backend.isDbms(DBMS.ORACLE) and not query2:
infoMsg = "trying with table USER_SYS_PRIVS"