removing junk

2025-02-03 05:04:11 +03:00 · 2010-12-08 12:30:25 +00:00 · 2010-12-08 12:30:25 +00:00 · 537b619165
commit 537b619165
parent b5e45939e3
1 changed files with 0 additions and 66 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -336,72 +336,6 @@ def __goError(expression, resumeValue=True):

    return result

-def __goTimeBlind(expression, resumeValue=True):
-    """
-    Retrieve the output of a SQL query taking advantage of an error-based
-    SQL injection vulnerability on the affected parameter.
-    """
-
-    result = None
-
-    if conf.direct:
-        return direct(expression), None
-
-    condition = (
-                  kb.resumedQueries and conf.url in kb.resumedQueries.keys()
-                  and expression in kb.resumedQueries[conf.url].keys()
-                )
-
-    if condition and resumeValue:
-        result = resume(expression, None)
-
-    if not result:
-        result = timeBlindUse(expression)
-        dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(result)))
-
-    return result
-
-def timeBlindUse(expression):
-    """
-    Retrieve the output of a SQL query taking advantage of an error SQL
-    injection vulnerability on the affected parameter.
-    """
-
-    output = None
-    import pdb
-    pdb.set_trace()
-    vector = agent.cleanupPayload(kb.injection.data[5].vector)
-    query = unescaper.unescape(vector)
-    query = agent.prefixQuery(query)
-    query = agent.suffixQuery(query)
-    check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
-
-    _, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
-    nulledCastedField = agent.nullAndCastField(fieldToCastStr)
-
-    if kb.dbms == DBMS.MYSQL:
-        nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))") # fix for that 'Subquery returns more than 1 row'
-
-    expression = expression.replace(fieldToCastStr, nulledCastedField, 1)
-    expression = unescaper.unescape(expression)
-    expression = safeStringFormat(query, expression)
-
-    debugMsg = "query: %s" % expression
-    logger.debug(debugMsg)
-
-    payload = agent.payload(newValue=expression)
-    reqBody, _ = Request.queryPage(payload, content=True)
-    output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE)
-
-    if output:
-        output = output.replace(kb.misc.space, " ")
-
-        if conf.verbose > 0:
-            infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
-            logger.info(infoMsg)
-
-    return output
-
 def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=True, dump=False):
    """
    Retrieve the output of a SQL query taking advantage of an inband SQL