diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py index abbba2a80..9275fbd3a 100644 --- a/lib/techniques/union/use.py +++ b/lib/techniques/union/use.py @@ -309,13 +309,14 @@ def unionUse(expression, unpack=True, dump=False): if isNoneValue(items): continue kb.locks.value.acquire() - threadData.shared.value.append(unArrayizeValue(items)) + for item in items: + threadData.shared.value.append(item) kb.locks.value.release() else: items = output.replace(kb.chars.start, "").replace(kb.chars.stop, "").split(kb.chars.delimiter) if conf.verbose == 1: - status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", safecharencode(",".join(map(lambda x: "\"%s\"" % x, arrayizeValue(items))))) + status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", safecharencode(",".join("\"%s\"" % _ for _ in unArrayizeValue(items)))) if len(status) > width: status = "%s..." % status[:width - 3] diff --git a/plugins/dbms/mssqlserver/enumeration.py b/plugins/dbms/mssqlserver/enumeration.py index 5f74e16c3..ffa6c6c36 100644 --- a/plugins/dbms/mssqlserver/enumeration.py +++ b/plugins/dbms/mssqlserver/enumeration.py @@ -121,12 +121,12 @@ class Enumeration(GenericEnumeration): for query in (rootQuery.blind.count, rootQuery.blind.count2, rootQuery.blind.count3): _ = query.replace("%s", db) - count = inject.getValue(_, inband=False, error=False, charsetType=CHARSET_TYPE.DIGITS) + count = inject.getValue(_, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if not isNoneValue(count): break if not isNumPosStrValue(count): - if count != "0": + if count != 0: warnMsg = "unable to retrieve the number of " warnMsg += "tables for database '%s'" % db logger.warn(warnMsg) diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index dbcb08660..cdc317ed3 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -1369,11 +1369,14 @@ class Enumeration: validColumnList = False validPivotValue = False - if not count: + if count is None: query = dumpNode.count % table - count = inject.getValue(query, inband=False, error=False) if blind else inject.getValue(query, blind=False) + count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, expected=EXPECTED.INT) - if count == "0": + if isinstance(count, basestring) and count.isdigit(): + count = int(count) + + if count == 0: infoMsg = "table '%s' appears to be empty" % unsafeSQLIdentificatorNaming(table) logger.info(infoMsg) @@ -1400,9 +1403,9 @@ class Enumeration: query = dumpNode.count2 % (column, table) if blind: - value = inject.getValue(query, inband=False, error=False) + value = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) else: - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=False, expected=EXPECTED.INT) if isNumPosStrValue(value): validColumnList = True @@ -1424,14 +1427,14 @@ class Enumeration: if not validPivotValue: warnMsg = "no proper pivot column provided (with unique values)." - warnMsg += " It's not possible to retrieve all rows." + warnMsg += " It won't be possible to retrieve all rows" logger.warn(warnMsg) pivotValue = " " breakRetrieval = False try: - for i in xrange(int(count)): + for i in xrange(count): if breakRetrieval: break