Fix for an Issue #137

2025-02-03 05:04:11 +03:00 · 2012-08-16 22:20:24 +02:00 · 2012-08-16 22:20:24 +02:00 · 4649450603
commit 4649450603
parent 0d8fca30c9
3 changed files with 1 additions and 8 deletions
--- a/lib/core/option.py
+++ b/lib/core/option.py
@ -1555,7 +1555,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
    kb.threadException = False
    kb.timeValidCharsRun = 0
    kb.uChar = NULL
-    kb.unescape = True
    kb.unionDuplicates = False
    kb.xpCmdshellAvailable = False

--- a/lib/core/unescaper.py
+++ b/lib/core/unescaper.py
@ -13,7 +13,7 @@ from lib.core.settings import EXCLUDE_UNESCAPE

 class Unescaper(AttribDict):
    def unescape(self, expression, quote=True, dbms=None):
-        if not kb.unescape or conf.noUnescape:
+        if conf.noUnescape:
            return expression

        if expression is None:
--- a/plugins/generic/custom.py
+++ b/plugins/generic/custom.py
@ -34,7 +34,6 @@ class Custom:
        output = None
        sqlType = None
        query = query.rstrip(';')
-        kb.unescape = False

        for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
            for sqlStatement in sqlStatements:
@ -47,7 +46,6 @@ class Custom:
            logger.info(infoMsg)

            output = inject.getValue(query, fromUser=True)
-            kb.unescape = True

            return output
        elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
@ -55,8 +53,6 @@ class Custom:
                warnMsg += "available when stacked queries are supported"
                logger.warn(warnMsg)

-                kb.unescape = True
-
                return None
        else:
            if sqlType:
@ -72,8 +68,6 @@ class Custom:

            output = False

-        kb.unescape = True
-
        return output

    def sqlShell(self):