update of error based injection and bug fix for --roles on MSSQL server

2025-10-26 05:31:04 +03:00 · 2010-10-20 06:40:33 +00:00 · 2010-10-20 06:40:33 +00:00 · 82f44989ce
commit 82f44989ce
parent f2dae98448
2 changed files with 15 additions and 5 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -349,6 +349,15 @@ def __goError(expression, resumeValue=True):
    if output and ( expected is None or ( expected == "int" and output.isdigit() ) ):
        return output
    
+    if kb.misc.testedDbms != "MySQL":
+        if kb.dbmsDetected:
+            _, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
+            nulledCastedField                = agent.nullAndCastField(fieldToCastStr)
+            expressionReplaced               = expression.replace(fieldToCastStr, nulledCastedField, 1)
+            expressionUnescaped              = unescaper.unescape(expressionReplaced)
+        else:
+            expressionUnescaped              = unescaper.unescape(expression)    
+    else: #temporary (have to find out what's wrong with that "Subquery with more than 1 row")
        expressionUnescaped = unescaper.unescape(expression)

    debugMsg = "query: %s" % expressionUnescaped
@ -366,6 +375,7 @@ def __goError(expression, resumeValue=True):
            if kb.misc.testedDbms == 'MySQL':
                output = output[:-1]

+            if conf.verbose > 0:
                infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
                logger.info(infoMsg)

--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@ -22,7 +22,7 @@ class Enumeration(GenericEnumeration):
    def __init__(self):
        GenericEnumeration.__init__(self, "Microsoft SQL Server")

-    def getPrivileges(self):
+    def getPrivileges(self, _):
        warnMsg  = "on Microsoft SQL Server it is not possible to fetch "
        warnMsg += "database users privileges"
        logger.warn(warnMsg)