From 9c4a62f725797f7c6d0f443e974ed5c338e2f824 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Wed, 11 Jul 2012 11:58:47 +0200 Subject: [PATCH] Some work on Issue #68 --- lib/request/inject.py | 4 ++-- lib/takeover/udf.py | 7 +------ plugins/dbms/mysql/filesystem.py | 2 +- plugins/generic/enumeration.py | 14 ++++---------- 4 files changed, 8 insertions(+), 19 deletions(-) diff --git a/lib/request/inject.py b/lib/request/inject.py index d14f29b3d..8d8f613c2 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -233,7 +233,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, u countedExpression = countedExpression[:untilOrderChar] if not stopLimit: - count = __goInference(payload, countedExpression, CHARSET_TYPE.DIGITS, firstChar, lastChar) + count = __goInference(payload, countedExpression, charsetType=CHARSET_TYPE.DIGITS, firstChar=firstChar, lastChar=lastChar) if isNumPosStrValue(count): count = int(count) @@ -485,4 +485,4 @@ def goStacked(expression, silent=False): Request.queryPage(payload, content=False, silent=silent, noteResponseTime=False, timeBasedCompare=True) def checkBooleanExpression(expression, expectingNone=True): - return getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, suppressOutput=True, expectingNone=expectingNone) + return getValue(unescaper.unescape(expression), expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY, suppressOutput=True, expectingNone=expectingNone) diff --git a/lib/takeover/udf.py b/lib/takeover/udf.py index a6fe79dc4..c1ff58cd9 100644 --- a/lib/takeover/udf.py +++ b/lib/takeover/udf.py @@ -53,12 +53,7 @@ class UDF: logger.info("checking if UDF '%s' already exist" % udf) query = agent.forgeCaseStatement(queries[Backend.getIdentifiedDbms()].check_udf.query % (udf, udf)) - exists = inject.getValue(query, resumeValue=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) - - if exists == "1": - return True - else: - return False + return inject.getValue(query, resumeValue=False, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY) def udfCheckAndOverwrite(self, udf): exists = self.__checkExistUdf(udf) diff --git a/plugins/dbms/mysql/filesystem.py b/plugins/dbms/mysql/filesystem.py index 3f233ba36..4bb0bcdc0 100644 --- a/plugins/dbms/mysql/filesystem.py +++ b/plugins/dbms/mysql/filesystem.py @@ -29,7 +29,7 @@ class Filesystem(GenericFilesystem): infoMsg = "fetching file: '%s'" % rFile logger.info(infoMsg) - result = inject.getValue("SELECT HEX(LOAD_FILE('%s'))" % rFile) + result = inject.getValue("SELECT HEX(LOAD_FILE('%s'))" % rFile, charsetType=CHARSET_TYPE.HEXADECIMAL) return result diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py index af4d858f7..311e3f338 100644 --- a/plugins/generic/enumeration.py +++ b/plugins/generic/enumeration.py @@ -163,7 +163,7 @@ class Enumeration: query = queries[Backend.getIdentifiedDbms()].is_dba.query query = agent.forgeCaseStatement(query) - kb.data.isDba = unArrayizeValue(inject.getValue(query, charsetType=CHARSET_TYPE.BINARY)) + kb.data.isDba = unArrayizeValue(inject.getValue(query, expected=EXPECTED.BOOL, charsetType=CHARSET_TYPE.BINARY)) return kb.data.isDba == "1" @@ -928,6 +928,7 @@ class Enumeration: query = rootQuery.blind.count else: query = rootQuery.blind.count % unsafeSQLIdentificatorNaming(db) + count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if not isNumPosStrValue(count): @@ -1423,11 +1424,7 @@ class Enumeration: logger.info(infoMsg) query = dumpNode.count2 % (column, table) - - if blind: - value = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) - else: - value = inject.getValue(query, blind=False, expected=EXPECTED.INT) + value = inject.getValue(query, blind=blind, inband=not blind, error=not blind, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if isNumPosStrValue(value): validColumnList = True @@ -1472,10 +1469,7 @@ class Enumeration: else: query = dumpNode.query2 % (column, table, colList[0], pivotValue) - if blind: - value = inject.getValue(query, inband=False, error=False) - else: - value = inject.getValue(query, blind=False) + value = inject.getValue(query, blind=blind, inband=not blind, error=not blind) if column == colList[0]: if isNoneValue(value):