Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase

2025-06-14 18:13:06 +03:00 · 2011-02-10 11:14:05 +00:00 · 2011-02-10 11:14:05 +00:00 · 864eade744
commit 864eade744
parent aa0fb276ba
3 changed files with 12 additions and 9 deletions
--- a/lib/core/session.py
+++ b/lib/core/session.py
@ -20,6 +20,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.datatype import injectionDict
 from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.settings import METADB_SUFFIX
@ -237,9 +238,10 @@ def resumeConfKb(expression, url, value):
    elif expression == "TABLE_EXISTS" and url == conf.url:
        table = unSafeFormatString(value[:-1])
        split = '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.'
-        if '.' in table:
+        if split in table:
-            db, table = table.split('.')
+            db, table = table.split(split)
        else:
            db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)
@ -252,9 +254,10 @@ def resumeConfKb(expression, url, value):
    elif expression == "COLUMN_EXISTS" and url == conf.url:
        table, column = unSafeFormatString(value[:-1]).split('|')
        colName, colType = column.split(' ')
        split = '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.'
-        if '.' in table:
+        if split in table:
-            db, table = table.split('.')
+            db, table = table.split(split)
        else:
            db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -502,4 +502,8 @@ def goStacked(expression, silent=False):
    Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True)
 def checkBooleanExpression(expression, expectingNone=True):
-    return getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
+    kb.suppressSession = True
    value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
    kb.suppressSession = False
    return value
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@ -55,7 +55,6 @@ def tableExists(tableFile, regex=None):
    tbllock = threading.Lock()
    iolock = threading.Lock()
    kb.threadContinue = True
    kb.suppressSession = True
    def tableExistsThread():
        while count[0] < length and kb.threadContinue:
@ -131,7 +130,6 @@ def tableExists(tableFile, regex=None):
    finally:
        kb.threadContinue = True
        kb.threadException = False
        kb.suppressSession = False
    clearConsoleLine(True)
    dataToStdout("\n")
@ -171,7 +169,6 @@ def columnExists(columnFile, regex=None):
    collock = threading.Lock()
    iolock = threading.Lock()
    kb.threadContinue = True
    kb.suppressSession = True
    def columnExistsThread():
        while count[0] < length and kb.threadContinue:
@ -238,7 +235,6 @@ def columnExists(columnFile, regex=None):
    finally:
        kb.threadContinue = True
        kb.threadException = False
        kb.suppressSession = False
    clearConsoleLine(True)
    dataToStdout("\n")