Minor code adjustments

lib/request/inject.py

@@ -96,7 +96,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
     advantage of an blind SQL injection vulnerability on the affected
     parameter through a bisection algorithm.
     """
-    query          = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].inference.query)
+
+    query          = agent.prefixQuery(queries[kb.misc.testedDbms].inference.query)
     query          = agent.postfixQuery(query)
     payload        = agent.payload(newValue=query)
     count          = None
@@ -394,12 +395,13 @@ def goStacked(expression, silent=False):
     if conf.direct:
         return direct(expression), None
 
-    debugMsg = "query: %s" % expression
-    logger.debug(debugMsg)
-
     comment = queries[kb.dbms].comment.query
     query   = agent.prefixQuery("; %s" % expression)
     query   = agent.postfixQuery("%s;%s" % (query, comment))
+
+    debugMsg = "query: %s" % query
+    logger.debug(debugMsg)
+
     payload = agent.payload(newValue=query)
     page, _ = Request.queryPage(payload, content=True, silent=silent)
 

lib/techniques/blind/inference.py

@@ -441,7 +441,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                 if commonValue is not None:
                     # One-shot query containing equals commonValue
                     testValue = unescaper.unescape("'%s'" % commonValue) if "'" not in commonValue else unescaper.unescape("%s" % commonValue, quote=False)
-                    query = agent.prefixQuery(" %s" % safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
+                    query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
                     query = agent.postfixQuery(query)
                     queriesCount[0] += 1
                     result = Request.queryPage(urlencode(agent.payload(newValue=query)))
@@ -465,7 +465,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                     # Substring-query containing equals commonPattern
                     subquery = queries[kb.dbms].substring.query % (expressionUnescaped, 1, len(commonPattern))
                     testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
-                    query = agent.prefixQuery(" %s" % safeStringFormat("AND (%s) = %s", (subquery, testValue)))
+                    query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
                     query = agent.postfixQuery(query)
                     queriesCount[0] += 1
                     result = Request.queryPage(urlencode(agent.payload(newValue=query)))

lib/techniques/error/use.py

@@ -35,12 +35,12 @@ def errorUse(expression):
     Retrieve the output of a SQL query taking advantage of an error SQL
     injection vulnerability on the affected parameter.
     """
+
     output         = None
     logic          = conf.logic
     randInt        = randomInt(1)
-    query          = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error.query)
+    query          = agent.prefixQuery(queries[kb.misc.testedDbms].error.query)
     query          = agent.postfixQuery(query)
-    payload        = agent.payload(newValue=query)
     startLimiter   = ""
     endLimiter     = ""
 
@@ -62,11 +62,13 @@ def errorUse(expression):
         startLimiter                     = kb.misc.handler.unescape("'%s'" % ERROR_START_CHAR)
         endLimiter                       = kb.misc.handler.unescape("'%s'" % ERROR_END_CHAR)
 
-    debugMsg = "query: %s" % expressionUnescaped
+    forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
+
+    debugMsg = "query: %s" % forgedQuery
     logger.debug(debugMsg)
 
-    forgedPayload = safeStringFormat(payload, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
-    result = Request.queryPage(urlencode(forgedPayload), content=True)
+    payload = agent.payload(newValue=forgedQuery)
+    result = Request.queryPage(urlencode(payload), content=True)
 
     match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
     if match:

lib/techniques/inband/union/use.py

@@ -196,8 +196,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
         query = agent.forgeInbandQuery(expression, nullChar=nullChar)
         payload = agent.payload(newValue=query)
 
-        # NOTE: for debug purposes only
-        #debugMsg = "query: %s" % payload
         debugMsg = "query: %s" % query
         logger.debug(debugMsg)