Consistency between --*-test switches/output

2024-11-26 03:23:48 +03:00 · 2010-11-08 16:46:25 +00:00 · 2010-11-08 16:46:25 +00:00 · 45ec8c169a
commit 45ec8c169a
parent dac7436edf
7 changed files with 38 additions and 15 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1112,6 +1112,7 @@ def __setKnowledgeBaseAttributes():
    kb.unionPosition   = None
    kb.unionNegative   = False
    kb.unionFalseCond  = False
    kb.unionTest       = None
    kb.userAgents      = None
    kb.valueStack      = []
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -353,7 +353,7 @@ def getValue(expression, blind=True, inband=True, error=True, fromUser=False, ex
        expression = expression.replace("DISTINCT ", "")
        if error and conf.errorTest:
-            value = errorUse(expression)
+            value = goError(expression)
            if not value:
                warnMsg  = "for some reason(s) it was not possible to retrieve "
@ -408,7 +408,12 @@ def goStacked(expression, silent=False):
    return payload, page
 def goError(expression, suppressOutput=False, returnPayload=False):
-    #expression = cleanQuery(expression)
+    """
    Retrieve the output of a SQL query taking advantage of an error-based
    SQL injection vulnerability on the affected parameter.
    """
    result = None
    if suppressOutput:
        pushValue(conf.verbose)
@ -417,9 +422,21 @@ def goError(expression, suppressOutput=False, returnPayload=False):
    if conf.direct:
        return direct(expression), None
-    result, payload = errorUse(expression, returnPayload)
+    condition = (
                  kb.resumedQueries and conf.url in kb.resumedQueries.keys()
                  and expression in kb.resumedQueries[conf.url].keys()
                )
    if condition:
        result = resume(expression, None)
    if not result:
        result = errorUse(expression, returnPayload)
        if not returnPayload:
            dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injPlace, conf.parameters[kb.injPlace], expression, result))
    if suppressOutput:
        conf.verbose = popValue()
-    return result, payload
+    return result
--- a/lib/techniques/blind/timebased.py
+++ b/lib/techniques/blind/timebased.py
@ -19,6 +19,9 @@ from lib.request import inject
 from lib.request.connect import Connect as Request
 def timeTest():
    if kb.timeTest is not None:
        return kb.timeTest
    infoMsg  = "testing time-based blind sql injection on parameter "
    infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
    logger.info(infoMsg)
@ -37,7 +40,7 @@ def timeTest():
        infoMsg += "'%s'" % kb.injParameter
        logger.info(infoMsg)
-        kb.timeTest = payload
+        kb.timeTest = agent.removePayloadDelimiters(payload, False)
    else:
        warnMsg  = "the target url is not affected by a time-based blind "
        warnMsg += "sql injection with AND condition syntax on parameter "
@ -59,7 +62,7 @@ def timeTest():
            infoMsg += "'%s'" % kb.injParameter
            logger.info(infoMsg)
-            kb.timeTest = payload
+            kb.timeTest = agent.removePayloadDelimiters(payload, False)
        else:
            warnMsg  = "the target url is not affected by a time-based blind "
            warnMsg += "sql injection with stacked queries syntax on parameter "
--- a/lib/techniques/error/test.py
+++ b/lib/techniques/error/test.py
@ -9,6 +9,7 @@ See the file 'doc/COPYING' for copying permission
 import time
 from lib.core.agent import agent
 from lib.core.common import getUnicode
 from lib.core.common import randomInt
 from lib.core.data import conf
@ -38,7 +39,7 @@ def errorTest():
        infoMsg += "injection on parameter '%s'" % kb.injParameter
        logger.info(infoMsg)
-        kb.errorTest = True
+        kb.errorTest = agent.removePayloadDelimiters(usedPayload, False)
    else:
        warnMsg  = "the target url is not affected by an error-based sql "
        warnMsg += "injection on parameter '%s'" % kb.injParameter
@ -48,7 +49,4 @@ def errorTest():
    setError()
-    if kb.errorTest:
+    return kb.errorTest
        return usedPayload
    else:
        return False
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -73,6 +73,7 @@ def errorUse(expression, returnPayload=False):
    if match:
        output = match.group('result')
        if output:
            output = output.replace(ERROR_SPACE, " ").replace(ERROR_EMPTY_CHAR, "")
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@ -174,8 +174,8 @@ def unionTest():
    if conf.direct:
        return
-    if kb.unionCount is not None and kb.unionPosition is not None:
+    if kb.unionTest is not None:
-        return
+        return kb.unionTest
    if conf.uTech == "orderby":
        technique = "ORDER BY clause bruteforcing"
@ -209,5 +209,7 @@ def unionTest():
    if validPayload is None:
        validPayload = ""
    elif isinstance(validPayload, basestring):
        kb.unionTest = agent.removePayloadDelimiters(validPayload, False)
-    return validPayload
+    return kb.unionTest
--- a/lib/techniques/outband/stacked.py
+++ b/lib/techniques/outband/stacked.py
@ -9,6 +9,7 @@ See the file 'doc/COPYING' for copying permission
 import time
 from lib.core.agent import agent
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import getDelayQuery
 from lib.core.data import conf
@ -38,7 +39,7 @@ def stackedTest():
        infoMsg += "sql injection on parameter '%s'" % kb.injParameter
        logger.info(infoMsg)
-        kb.stackedTest = payload
+        kb.stackedTest = agent.removePayloadDelimiters(payload, False)
    else:
        warnMsg  = "the target url is not affected by a stacked queries "
        warnMsg += "sql injection on parameter '%s'" % kb.injParameter