Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase

2024-11-22 17:46:37 +03:00 · 2011-02-10 11:14:05 +00:00 · 2011-02-10 11:14:05 +00:00 · 864eade744
commit 864eade744
parent aa0fb276ba
3 changed files with 12 additions and 9 deletions
--- a/lib/core/session.py
+++ b/lib/core/session.py
@ -20,6 +20,7 @@ from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.datatype import injectionDict
+from lib.core.enums import DBMS
 from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.settings import METADB_SUFFIX
@ -237,9 +238,10 @@ def resumeConfKb(expression, url, value):

    elif expression == "TABLE_EXISTS" and url == conf.url:
        table = unSafeFormatString(value[:-1])
+        split = '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.'

-        if '.' in table:
-            db, table = table.split('.')
+        if split in table:
+            db, table = table.split(split)
        else:
            db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)

@ -252,9 +254,10 @@ def resumeConfKb(expression, url, value):
    elif expression == "COLUMN_EXISTS" and url == conf.url:
        table, column = unSafeFormatString(value[:-1]).split('|')
        colName, colType = column.split(' ')
+        split = '..' if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE) else '.'

-        if '.' in table:
-            db, table = table.split('.')
+        if split in table:
+            db, table = table.split(split)
        else:
            db = "%s%s" % (Backend.getIdentifiedDbms(), METADB_SUFFIX)

--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@ -502,4 +502,8 @@ def goStacked(expression, silent=False):
    Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True)

 def checkBooleanExpression(expression, expectingNone=True):
-    return getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
+    kb.suppressSession = True
+    value = getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone)
+    kb.suppressSession = False
+
+    return value
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@ -55,7 +55,6 @@ def tableExists(tableFile, regex=None):
    tbllock = threading.Lock()
    iolock = threading.Lock()
    kb.threadContinue = True
-    kb.suppressSession = True

    def tableExistsThread():
        while count[0] < length and kb.threadContinue:
@ -131,7 +130,6 @@ def tableExists(tableFile, regex=None):
    finally:
        kb.threadContinue = True
        kb.threadException = False
-        kb.suppressSession = False

    clearConsoleLine(True)
    dataToStdout("\n")
@ -171,7 +169,6 @@ def columnExists(columnFile, regex=None):
    collock = threading.Lock()
    iolock = threading.Lock()
    kb.threadContinue = True
-    kb.suppressSession = True

    def columnExistsThread():
        while count[0] < length and kb.threadContinue:
@ -238,7 +235,6 @@ def columnExists(columnFile, regex=None):
    finally:
        kb.threadContinue = True
        kb.threadException = False
-        kb.suppressSession = False

    clearConsoleLine(True)
    dataToStdout("\n")