update of error based injection and bug fix for --roles on MSSQL server

2025-02-18 04:20:35 +03:00 · 2010-10-20 06:40:33 +00:00 · 2010-10-20 06:40:33 +00:00 · 82f44989ce
commit 82f44989ce
parent f2dae98448
2 changed files with 15 additions and 5 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -349,6 +349,15 @@ def __goError(expression, resumeValue=True):
    if output and ( expected is None or ( expected == "int" and output.isdigit() ) ):
        return output
    if kb.misc.testedDbms != "MySQL":
        if kb.dbmsDetected:
            _, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
            nulledCastedField                = agent.nullAndCastField(fieldToCastStr)
            expressionReplaced               = expression.replace(fieldToCastStr, nulledCastedField, 1)
            expressionUnescaped              = unescaper.unescape(expressionReplaced)
        else:
            expressionUnescaped              = unescaper.unescape(expression)    
    else: #temporary (have to find out what's wrong with that "Subquery with more than 1 row")
        expressionUnescaped = unescaper.unescape(expression)
    debugMsg = "query: %s" % expressionUnescaped
@ -366,6 +375,7 @@ def __goError(expression, resumeValue=True):
            if kb.misc.testedDbms == 'MySQL':
                output = output[:-1]
            if conf.verbose > 0:
                infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
                logger.info(infoMsg)
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@ -22,7 +22,7 @@ class Enumeration(GenericEnumeration):
    def __init__(self):
        GenericEnumeration.__init__(self, "Microsoft SQL Server")
-    def getPrivileges(self):
+    def getPrivileges(self, _):
        warnMsg  = "on Microsoft SQL Server it is not possible to fetch "
        warnMsg += "database users privileges"
        logger.warn(warnMsg)