some changes regarding --common-outputs feature

lib/core/common.py

@@ -54,6 +54,8 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.data import queries
 from lib.core.data import temp
+from lib.core.convert import md5hash
+from lib.core.convert import sha1hash
 from lib.core.convert import urlencode
 from lib.core.convert import utf8decode
 from lib.core.exception import sqlmapFilePathException
@@ -1224,7 +1226,9 @@ def initCommonOutputs():
                 if key not in kb.commonOutputs:
                     kb.commonOutputs[key] = []
 
-                kb.commonOutputs[key].append(line.strip())
+                item = line.strip()
+                if item not in kb.commonOutputs[key]:
+                    kb.commonOutputs[key].append(item)
 
     cfile.close()
 
@@ -1252,29 +1256,23 @@ def goGoodSamaritan(part, prevValue, originalCharset):
     predictionSet = set()
     wildIndexes = []
     singleValue = None
-    reObj = getCompiledRegex('\A%s' % prevValue)
-
-    if prevValue[-1] != '.':
-        prevValue += '.'
-
-    charIndex = 0
-    findIndex = prevValue.find('.', charIndex)
-
-    while findIndex != -1:
-        wildIndexes.append(findIndex)
-        charIndex += 1
-        findIndex = prevValue.find('.', charIndex)
 
     # If the header we are looking for has common outputs defined
     if part in kb.commonOutputs:
         for item in kb.commonOutputs[part]:
+            #if part == 'Passwords':
+                #if prevValue.startswith('*'): #MySQL_160bit
+                    #return None, None, originalCharset
+                #if item not in kb.cache.md5:
+                    #kb.cache.md5[item] = md5hash(item).upper()
+                #item = kb.cache.md5[item]
+
             # Check if the common output (item) starts with prevValue
-            if reObj.search(item):
+            if item.startswith(prevValue):
                 singleValue = item
 
-                for index in wildIndexes:
-                    char = item[index]
-
+                if len(item) > len(prevValue):
+                    char = item[len(prevValue)]
                     if char not in predictionSet:
                         predictionSet.add(char)
 

lib/techniques/blind/inference.py

@@ -214,13 +214,12 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                 else:
                     if minValue == maxChar or maxValue == minChar:
                         return None
-                    retVal = originalTbl[originalTbl.index(minValue) + 1]
+                    for retVal in (originalTbl[originalTbl.index(minValue)], originalTbl[originalTbl.index(minValue) + 1]):
                         forgedPayload = safeStringFormat(payload.replace('%3E', '%3D'), (expressionUnescaped, idx, retVal))
                         queriesCount[0] += 1
                         result = Request.queryPage(urlencode(forgedPayload))
                         if result:
                             return chr(retVal) if retVal < 128 else unichr(retVal)
-                    else: 
                     return None
 
     def etaProgressUpdate(charTime, index):

txt/common-outputs.txt

@@ -1,10 +1,14 @@
 [Databases]
+
+#MySQL
 information_schema
 mysql
 public
 master
 
 [Tables]
+
+#MySQL
 CHARACTER_SETS
 COLLATION_CHARACTER_SET_APPLICABILITY
 COLLATIONS
@@ -33,3 +37,46 @@ TABLES
 TRIGGERS
 USER_PRIVILEGES
 VIEWS
+
+#Oracle
+BONUS
+DEPT
+EMP
+SALGRADE
+USERS
+
+[Passwords]
+
+root
+test
+testpass
+password
+abc123
+qwertz
+12345
+123456
+
+[Users]
+
+#Oracle
+SCOTT
+MGMT_VIEW
+MDDATA
+SYSMAN
+MDSYS
+SI_INFORMTN_SCHEMA
+ORDPLUGINS
+ORDSYS
+OLAPSYS
+ANONYMOUS
+XDB
+CTXSYS
+EXFSYS
+WMSYS
+DBSNMP
+TSMSYS
+DMSYS
+DIP
+OUTLN
+SYSTEM
+SYS