sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 19:13:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

bug fix

Browse Source
This commit is contained in:
Miroslav Stampar 2012-02-03 10:38:04 +00:00
parent c0f4b4632d
commit 8c45ff0d57
3 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/core/common.py
View File

@ -2798,7 +2798,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism: if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism:
payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, ''))) payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, '')))
regex = filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX.encode("string-escape")) regex = r"\b%s\b" % filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX.encode("string-escape"))
while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex: while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX) regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)

4
lib/techniques/error/use.py
View File

@ -202,6 +202,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
initTechnique(PAYLOAD.TECHNIQUE.ERROR) initTechnique(PAYLOAD.TECHNIQUE.ERROR)
abortedFlag = False
count = None count = None
start = time.time() start = time.time()
startLimit = 0 startLimit = 0
@ -374,6 +375,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
runThreads(numThreads, errorThread) runThreads(numThreads, errorThread)
except KeyboardInterrupt: except KeyboardInterrupt:
abortedFlag = True
warnMsg = "user aborted during enumeration. sqlmap " warnMsg = "user aborted during enumeration. sqlmap "
warnMsg += "will display partial output" warnMsg += "will display partial output"
logger.warn(warnMsg) logger.warn(warnMsg)
@ -382,7 +384,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
outputs = threadData.shared.outputs outputs = threadData.shared.outputs
kb.suppressResumeInfo = False kb.suppressResumeInfo = False
if not outputs: if not outputs and not abortedFlag:
outputs = __errorFields(expression, expressionFields, expressionFieldsList) outputs = __errorFields(expression, expressionFields, expressionFieldsList)
if outputs and isinstance(outputs, list) and len(outputs) == 1 and isinstance(outputs[0], basestring): if outputs and isinstance(outputs, list) and len(outputs) == 1 and isinstance(outputs[0], basestring):

5
lib/techniques/union/use.py
View File

@ -141,6 +141,7 @@ def unionUse(expression, unpack=True, dump=False):
initTechnique(PAYLOAD.TECHNIQUE.UNION) initTechnique(PAYLOAD.TECHNIQUE.UNION)
abortedFlag = False
count = None count = None
origExpr = expression origExpr = expression
startLimit = 0 startLimit = 0
@ -331,6 +332,8 @@ def unionUse(expression, unpack=True, dump=False):
clearConsoleLine(True) clearConsoleLine(True)
except KeyboardInterrupt: except KeyboardInterrupt:
abortedFlag = True
warnMsg = "user aborted during enumeration. sqlmap " warnMsg = "user aborted during enumeration. sqlmap "
warnMsg += "will display partial output" warnMsg += "will display partial output"
logger.warn(warnMsg) logger.warn(warnMsg)
@ -339,7 +342,7 @@ def unionUse(expression, unpack=True, dump=False):
value = threadData.shared.value value = threadData.shared.value
kb.suppressResumeInfo = False kb.suppressResumeInfo = False
if not value: if not value and not abortedFlag:
expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full inband doesn't play well with ORDER BY expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full inband doesn't play well with ORDER BY
value = __oneShotUnionUse(expression, unpack) value = __oneShotUnionUse(expression, unpack)