bug fix

2024-11-25 11:03:47 +03:00 · 2012-02-03 10:38:04 +00:00 · 2012-02-03 10:38:04 +00:00 · 8c45ff0d57
commit 8c45ff0d57
parent c0f4b4632d
3 changed files with 8 additions and 3 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2798,7 +2798,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
    if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism:
        payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, '')))

-        regex = filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX.encode("string-escape"))
+        regex = r"\b%s\b" % filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX.encode("string-escape"))

        while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
            regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -202,6 +202,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):

    initTechnique(PAYLOAD.TECHNIQUE.ERROR)

+    abortedFlag = False
    count = None
    start = time.time()
    startLimit = 0
@ -374,6 +375,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
                runThreads(numThreads, errorThread)

            except KeyboardInterrupt:
+                abortedFlag = True
                warnMsg = "user aborted during enumeration. sqlmap "
                warnMsg += "will display partial output"
                logger.warn(warnMsg)
@ -382,7 +384,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
                outputs = threadData.shared.outputs
                kb.suppressResumeInfo = False

-    if not outputs:
+    if not outputs and not abortedFlag:
        outputs = __errorFields(expression, expressionFields, expressionFieldsList)

    if outputs and isinstance(outputs, list) and len(outputs) == 1 and isinstance(outputs[0], basestring):
--- a/lib/techniques/union/use.py
+++ b/lib/techniques/union/use.py
@ -141,6 +141,7 @@ def unionUse(expression, unpack=True, dump=False):

    initTechnique(PAYLOAD.TECHNIQUE.UNION)

+    abortedFlag = False
    count = None
    origExpr = expression
    startLimit = 0
@ -331,6 +332,8 @@ def unionUse(expression, unpack=True, dump=False):
                    clearConsoleLine(True)

            except KeyboardInterrupt:
+                abortedFlag = True
+
                warnMsg = "user aborted during enumeration. sqlmap "
                warnMsg += "will display partial output"
                logger.warn(warnMsg)
@ -339,7 +342,7 @@ def unionUse(expression, unpack=True, dump=False):
                value = threadData.shared.value
                kb.suppressResumeInfo = False

-    if not value:
+    if not value and not abortedFlag:
        expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full inband doesn't play well with ORDER BY
        value = __oneShotUnionUse(expression, unpack)