fixing a huge mess going on because of counting on error and union techniques

2025-01-24 08:14:24 +03:00 · 2011-03-23 11:36:40 +00:00 · 2011-03-23 11:36:40 +00:00 · 0f7bce5c66
commit 0f7bce5c66
parent 7ea45e9032
3 changed files with 9 additions and 6 deletions
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -194,8 +194,8 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
       expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) \
       or (Backend.getIdentifiedDbms() in FROM_TABLE and not \
       expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \
-       and "EXISTS(" not in expression.upper() and "COUNT(*)" not in expression.upper() \
-       and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))):
+       and ("(CASE" not in expression.upper() or ("(CASE" in expression.upper() and "WHEN use" in expression))) \
+       and not any(map(lambda x: x in expression.upper(), ["COUNT(*)", "EXISTS(", "MAX(", "MIN("])):

        limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
        topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -137,8 +137,7 @@ def unionUse(expression, unpack=True, dump=False):
       " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() \
       not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE \
       and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) \
-       and "EXISTS(" not in expression.upper() and "COUNT(*)" not in expression.upper() \
-       and "(CASE" not in expression.upper():
+       and not any(map(lambda x: x in expression.upper(), ["(CASE", "COUNT(*)", "EXISTS(", "MAX(", "MIN("])):

        limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
        topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
--- a/plugins/generic/enumeration.py
+++ b/plugins/generic/enumeration.py
@ -898,7 +898,7 @@ class Enumeration:
        if "." in conf.tbl:
            if not conf.db:
                conf.db, conf.tbl = conf.tbl.split(".")
-        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+        elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
            conf.tbl = "dbo.%s" % conf.tbl

        self.forceDbmsEnum()
@ -1125,6 +1125,7 @@ class Enumeration:
            logger.info(infoMsg)

            query = dumpNode.count2 % (column, table)
+
            if blind:
                value = inject.getValue(query, inband=False, error=False)
            else:
@ -1178,6 +1179,9 @@ class Enumeration:
                if blind:
                    value = inject.getValue(query, inband=False, error=False)
                else:
+                    print 1111
+                    import pdb
+                    pdb.set_trace()
                    value = inject.getValue(query, blind=False)

                if column == colList[0]:
@ -1209,7 +1213,7 @@ class Enumeration:
        if "." in conf.tbl:
            if not conf.db:
                conf.db, conf.tbl = conf.tbl.split(".")
-        elif Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE):
+        elif Backend.getIdentifiedDbms() == DBMS.MSSQL:
            conf.tbl = "dbo.%s" % conf.tbl

        self.forceDbmsEnum()