From 59b02539cab2fbda66de6be1ab411aea1907e72b Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Tue, 22 Jan 2013 11:34:34 +0100 Subject: [PATCH] More general approach regarding that last commit --- lib/request/inject.py | 5 ----- lib/techniques/blind/inference.py | 3 ++- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/lib/request/inject.py b/lib/request/inject.py index d4d354d46..962e633da 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -119,9 +119,6 @@ def _goInferenceFields(expression, expressionFields, expressionFieldsList, paylo if isinstance(num, int): expression = origExpr - if output and isinstance(output, basestring): - output = output.strip() if output.strip() else output[:1] - outputs.append(output) return outputs @@ -390,8 +387,6 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser else: value = _goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump) - if value and isinstance(value, basestring): - value = value.strip() if value.strip() else value[:1] else: errMsg = "none of the injection types identified can be " errMsg += "leveraged to retrieve queries output" diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py index 6e78f1005..ab0dbcc98 100644 --- a/lib/techniques/blind/inference.py +++ b/lib/techniques/blind/inference.py @@ -529,8 +529,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None elif conf.verbose in (1, 2): dataToStdout(filterControlChars(val)) + # some DBMSes (e.g. Firebird, DB2, etc.) have issues with trailing spaces if len(partialValue) > INFERENCE_BLANK_BREAK and partialValue[-INFERENCE_BLANK_BREAK:].isspace() and partialValue.strip(' ')[-1:] != '\n': - finalValue = partialValue + finalValue = partialValue[:-INFERENCE_BLANK_BREAK] break except KeyboardInterrupt: