fixing a huge mess going on because of counting on error and union techniques

lib/techniques/error/use.py

@@ -194,8 +194,8 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
        expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) \
        or (Backend.getIdentifiedDbms() in FROM_TABLE and not \
        expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \
-       and "EXISTS(" not in expression.upper() and "COUNT(*)" not in expression.upper() \
+       and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))) \
-       and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))):
+       and not any(map(lambda x: x in expression.upper(), ["COUNT(*)", "EXISTS(", "MAX(", "MIN("])):
 
         limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
         topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)

lib/techniques/inband/union/use.py

@@ -137,8 +137,7 @@ def unionUse(expression, unpack=True, dump=False):
        " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \
        not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE \
        and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \
-       and "EXISTS(" not in expression.upper() and "COUNT(*)" not in expression.upper() \
+       and not any(map(lambda x: x in expression.upper(), ["(CASE", "COUNT(*)", "EXISTS(", "MAX(", "MIN("])):
-       and "(CASE" not in expression.upper():
 
         limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
         topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)

plugins/generic/enumeration.py

@@ -898,7 +898,7 @@ class Enumeration:
         if "." in conf.tbl:
             if not conf.db:
                 conf.db, conf.tbl = conf.tbl.split(".")
-        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+        elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
             conf.tbl = "dbo.%s" % conf.tbl
 
         self.forceDbmsEnum()
@@ -1125,6 +1125,7 @@ class Enumeration:
             logger.info(infoMsg)
 
             query = dumpNode.count2 % (column, table)
+
             if blind:
                 value = inject.getValue(query, inband=False, error=False)
             else:
@@ -1178,6 +1179,9 @@ class Enumeration:
                 if blind:
                     value = inject.getValue(query, inband=False, error=False)
                 else:
+                    print 1111
+                    import pdb
+                    pdb.set_trace()
                     value = inject.getValue(query, blind=False)
 
                 if column == colList[0]:
@@ -1209,7 +1213,7 @@ class Enumeration:
         if "." in conf.tbl:
             if not conf.db:
                 conf.db, conf.tbl = conf.tbl.split(".")
-        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+        elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
             conf.tbl = "dbo.%s" % conf.tbl
 
         self.forceDbmsEnum()