Minor refactoring

2024-11-25 02:53:46 +03:00 · 2012-10-25 09:56:36 +02:00 · 2012-10-25 09:56:36 +02:00 · 54fbb22ab8
commit 54fbb22ab8
parent c2058dfc8f
4 changed files with 13 additions and 10 deletions
--- a/lib/takeover/udf.py
+++ b/lib/takeover/udf.py
@ -21,6 +21,7 @@ from lib.core.enums import CHARSET_TYPE
 from lib.core.enums import EXPECTED
 from lib.core.enums import OS
 from lib.core.enums import PAYLOAD
+from lib.core.common import unArrayizeValue
 from lib.core.exception import sqlmapFilePathException
 from lib.core.exception import sqlmapMissingMandatoryOptionException
 from lib.core.exception import sqlmapUnsupportedFeatureException
@ -106,15 +107,9 @@ class UDF:
            cmd = unescaper.unescape(self.udfForgeCmd(cmd))

            inject.goStacked("INSERT INTO %s(%s) VALUES (%s(%s))" % (self.cmdTblName, self.tblField, udfName, cmd))
-            output = inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False)
+            output = unArrayizeValue(inject.getValue("SELECT %s FROM %s" % (self.tblField, self.cmdTblName), resumeValue=False, firstChar=first, lastChar=last, safeCharEncode=False))
            inject.goStacked("DELETE FROM %s" % self.cmdTblName)

-            if output and isinstance(output, (list, tuple)):
-                output = output[0]
-
-                if output and isinstance(output, (list, tuple)):
-                    output = output[0]
-
        return output

    def udfCheckNeeded(self):
--- a/plugins/generic/entries.py
+++ b/plugins/generic/entries.py
@ -210,6 +210,7 @@ class Entries:
                        query = rootQuery.blind.count % tbl
                    else:
                        query = rootQuery.blind.count % (conf.db, tbl)
+
                    count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)

                    lengths = {}
--- a/plugins/generic/search.py
+++ b/plugins/generic/search.py
@ -6,6 +6,7 @@ See the file 'doc/COPYING' for copying permission
 """

 from lib.core.agent import agent
+from lib.core.common import arrayizeValue
 from lib.core.common import Backend
 from lib.core.common import filterPairValues
 from lib.core.common import getLimitRange
@ -83,8 +84,7 @@ class Search:
                values = inject.getValue(query, blind=False)

                if not isNoneValue(values):
-                    if isinstance(values, basestring):
-                        values = [values]
+                    values = arrayizeValue(values)

                    for value in values:
                        value = safeSQLIdentificatorNaming(value)
@ -100,6 +100,7 @@ class Search:
                    query = rootQuery.blind.count2
                else:
                    query = rootQuery.blind.count
+
                query += dbQuery
                query += exclDbsQuery
                count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
@ -232,6 +233,7 @@ class Search:
                    if Backend.isDbms(DBMS.DB2):
                        query += ") AS foobar"
                    query = agent.limitQuery(index, query)
+
                    foundDb = inject.getValue(query, inband=False, error=False)
                    foundDb = safeSQLIdentificatorNaming(foundDb)

@ -275,6 +277,7 @@ class Search:
                        query = query % unsafeSQLIdentificatorNaming(db)
                        query += " AND %s" % tblQuery
                        query = agent.limitQuery(index, query)
+
                        foundTbl = inject.getValue(query, inband=False, error=False)
                        kb.hintValue = foundTbl
                        foundTbl = safeSQLIdentificatorNaming(foundTbl, True)
--- a/plugins/generic/users.py
+++ b/plugins/generic/users.py
@ -97,7 +97,7 @@ class Users:
                query = rootQuery.inband.query2
            else:
                query = rootQuery.inband.query
-            value = inject.getValue(query, blind=False)
+            value = unArrayizeValue(inject.getValue(query, blind=False))

            if not isNoneValue(value):
                kb.data.cachedUsers = arrayizeValue(value)
@ -110,6 +110,7 @@ class Users:
                query = rootQuery.blind.count2
            else:
                query = rootQuery.blind.count
+
            count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)

            if not isNumPosStrValue(count):
@ -250,6 +251,7 @@ class Users:
                        query = rootQuery.blind.count2 % user
                    else:
                        query = rootQuery.blind.count % user
+
                    count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)

                    if not isNumPosStrValue(count):
@ -274,6 +276,7 @@ class Users:
                                query = rootQuery.blind.query % (user, index, user)
                        else:
                            query = rootQuery.blind.query % (user, index)
+
                        password = inject.getValue(query, inband=False, error=False)
                        password = parsePasswordHash(password)
                        passwords.append(password)
@ -463,6 +466,7 @@ class Users:
                    query = rootQuery.blind.count2 % user
                else:
                    query = rootQuery.blind.count % user
+
                count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)

                if not isNumPosStrValue(count):