Just.. cosmetics ;)

2025-01-24 00:04:23 +03:00 · 2011-01-31 22:51:14 +00:00 · 2011-01-31 22:51:14 +00:00 · 6761933f75
commit 6761933f75
parent 35b6d7278a
7 changed files with 18 additions and 7 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -322,8 +322,9 @@ def checkSqlInjection(place, parameter, value):
                            # Perform the test's request and grep the response
                            # body for the test's <grep> regular expression
                            page, headers = Request.queryPage(reqPayload, place, content=True, raise404=False)
-                            output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE)\
-                              or extractRegexResult(check, listToStrValue(headers.headers if headers else None), re.DOTALL | re.IGNORECASE)
+                            output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
+                                     or extractRegexResult(check, listToStrValue(headers.headers \
+                                     if headers else None), re.DOTALL | re.IGNORECASE)

                            if output:
                                result = output.replace(kb.misc.space, " ") == "1"
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -196,7 +196,7 @@ def start():
                if conf.forms:
                    message = "[#%d] form:\n%s %s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl)
                else:
-                    message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl,  " (PR: %s)" % get_pagerank(targetUrl) if conf.googleDork else "")
+                    message = "url %d:\n%s %s%s" % (hostCount, conf.method or HTTPMETHOD.GET, targetUrl,  " (PageRank: %s)" % get_pagerank(targetUrl) if conf.googleDork else "")

                if conf.cookie:
                    message += "\nCookie: %s" % conf.cookie
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2300,6 +2300,10 @@ def listToStrValue(value):
    >>> listToStrValue([1,2,3])
    '1, 2, 3'
    """
+
+    if isinstance(value, (set, tuple)):
+        value = list(value)
+
    if isinstance(value, list):
        retValue = value.__str__().lstrip('[').rstrip(']')
    else:
--- a/lib/core/update.py
+++ b/lib/core/update.py
@ -83,5 +83,6 @@ def update():
            logger.error(errMsg)
        elif svnStdout:
            revision = re.search("revision\s+([\d]+)", svnStdout, re.I)
+
            if revision:
                logger.info('updated to the latest revision %s' % revision.group(1))
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -257,6 +257,7 @@ class Connect:
        except urllib2.HTTPError, e:
            page = None
            responseHeaders = None
+
            try:
                page = e.read()
                responseHeaders = e.info()
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -147,8 +147,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None

    def validateChar(idx, value):
        """
-        used in time based inference (in case that original and retrieved value are not equal there will be deliberate delay)
+        Used in time-based inference (in case that original and retrieved
+        value are not equal there will be a deliberate delay).
        """
+
        forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value))
        queriesCount[0] += 1
        result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
@ -240,9 +242,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                            return None
                    else:
                        retVal = minValue + 1
+
                        if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload):
                            if timeBasedCompare and not validateChar(idx, retVal):
-                                errMsg = "invalid character detected. retrying..."
+                                errMsg = "invalid character detected. retrying.."
                                logger.error(errMsg)

                                conf.timeSec += 1
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -61,8 +61,9 @@ def __oneShotErrorUse(expression, field):

    # Parse the returned page to get the exact error-based
    # sql injection output
-    output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE)\
-      or extractRegexResult(check, listToStrValue(headers.headers if headers else None), re.DOTALL | re.IGNORECASE)
+    output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
+             or extractRegexResult(check, listToStrValue(headers.headers \
+             if headers else None), re.DOTALL | re.IGNORECASE)

    dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(output)))