diff --git a/lib/core/common.py b/lib/core/common.py index 4048efcf6..2496c7c69 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -21,6 +21,7 @@ import urlparse import ntpath import posixpath import subprocess +import threading from ConfigParser import DEFAULTSECT from ConfigParser import RawConfigParser @@ -1533,14 +1534,17 @@ def pushValue(value): Push value to the stack """ - kb.valueStack.append(value) + threadId = threading.currentThread().ident + if threadId not in kb.valueStack: + kb.valueStack[threadId] = [] + kb.valueStack[threadId].append(value) def popValue(): """ Pop value from the stack """ - return kb.valueStack.pop() + return kb.valueStack[threading.currentThread().ident].pop() def wasLastRequestDBMSError(): """ diff --git a/lib/core/option.py b/lib/core/option.py index 09190fb8a..cb9a52645 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1118,7 +1118,6 @@ def __setConfAttributes(): conf.sessionFP = None conf.start = True conf.tests = [] - conf.threadContinue = True conf.threadException = False conf.trafficFP = None conf.wFileType = None @@ -1198,11 +1197,12 @@ def __setKnowledgeBaseAttributes(flushAll=True): kb.technique = None kb.testMode = False kb.testQueryCount = 0 + kb.threadContinue = True kb.unionComment = "" kb.unionCount = None kb.unionPosition = None kb.unionNegative = False - kb.valueStack = [] + kb.valueStack = {} if flushAll: kb.keywords = set(getFileItems(paths.SQL_KEYWORDS)) diff --git a/lib/request/inject.py b/lib/request/inject.py index e59db2077..b9488b3e4 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -422,7 +422,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse found = value or (value is None and expectingNone) - pushValue(kb.unionNegative) + oldUnionNegative = kb.unionNegative kb.unionNegative = False if error and isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and not found: @@ -456,7 +456,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse else: value = __goInferenceProxy(query, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar) - kb.unionNegative = popValue() + kb.unionNegative = oldUnionNegative if value and isinstance(value, basestring): value = value.strip() diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 608d2c711..0a2a5ecc8 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -260,11 +260,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None iolock = threading.Lock() valuelock = threading.Lock() kb.locks.seqLock = threading.Lock() - conf.threadContinue = True + kb.threadContinue = True def downloadThread(): try: - while conf.threadContinue: + while kb.threadContinue: idxlock.acquire() if index[0] >= length: @@ -276,7 +276,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None curidx = index[0] idxlock.release() - if conf.threadContinue: + if kb.threadContinue: charStart = time.time() val = getChar(curidx) if val is None: @@ -289,7 +289,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None currentValue = list(value) valuelock.release() - if conf.threadContinue: + if kb.threadContinue: if showEta: etaProgressUpdate(time.time() - charStart, index[0]) elif conf.verbose >= 1: @@ -327,7 +327,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None dataToStdout("\r[%s] [INFO] retrieved: %s" % (time.strftime("%X"), replaceNewlineTabs(output, stdout=True))) iolock.release() - if not conf.threadContinue: + if not kb.threadContinue: if int(threading.currentThread().getName()) == numThreads - 1: partialValue = unicode() for v in value: @@ -380,7 +380,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None alive = True thread.join(5) except KeyboardInterrupt: - conf.threadContinue = False + kb.threadContinue = False raise infoMsg = None