From 16b286982d9fd4527fe234e63c13690c3ec713cc Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 7 Mar 2011 09:50:43 +0000 Subject: [PATCH] fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split') --- lib/core/common.py | 11 +++++++++++ plugins/generic/enumeration.py | 9 +++++---- 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/lib/core/common.py b/lib/core/common.py index 65d268c71..89302340a 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2195,6 +2195,17 @@ def arrayizeValue(value): return value +def unArrayizeValue(value): + """ + Makes a value out of iterable if it is a list, tuple or set + itself + """ + + if isinstance(value, (list, tuple, set)): + value = value[0] if len(value) > 0 else None + + return value + def getSortedInjectionTests(): """ Returns prioritized test list by eventually detected DBMS from error diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index 0eaa9111c..8062c1e06 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -30,6 +30,7 @@ from lib.core.common import randomStr from lib.core.common import readInput from lib.core.common import safeStringFormat from lib.core.common import strToHex +from lib.core.common import unArrayizeValue from lib.core.convert import utf8decode from lib.core.data import conf from lib.core.data import kb @@ -90,7 +91,7 @@ class Enumeration: logger.info(infoMsg) query = queries[Backend.getIdentifiedDbms()].banner.query - kb.data.banner = inject.getValue(query) + kb.data.banner = unArrayizeValue(inject.getValue(query)) bannerParser(kb.data.banner) if conf.os and conf.os == "windows": @@ -114,7 +115,7 @@ class Enumeration: query = queries[Backend.getIdentifiedDbms()].current_user.query if not kb.data.currentUser: - kb.data.currentUser = inject.getValue(query) + kb.data.currentUser = unArrayizeValue(inject.getValue(query)) return kb.data.currentUser @@ -125,7 +126,7 @@ class Enumeration: query = queries[Backend.getIdentifiedDbms()].current_db.query if not kb.data.currentDb: - kb.data.currentDb = inject.getValue(query) + kb.data.currentDb = unArrayizeValue(inject.getValue(query)) return kb.data.currentDb @@ -145,7 +146,7 @@ class Enumeration: isDba = inject.getValue(query, charsetType=1) if user is None: - kb.data.isDba = isDba + kb.data.isDba = unArrayizeValue(isDba) return isDba == "1"