diff --git a/lib/core/settings.py b/lib/core/settings.py index 3d07ba48d..6013aa90f 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -246,3 +246,6 @@ MAX_RATIO = 1.0 # Character used for marking injectable position inside URI URI_INJECTION_MARK_CHAR = '*' + +# Maximum length used for retrieving data over MySQL error based payload due to "known" problems with longer result strings +MYSQL_ERROR_TRIM_LENGTH = 100 diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index d5320da14..c0d44e3ad 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -29,6 +29,7 @@ from lib.core.enums import DBMS from lib.core.enums import EXPECTED from lib.core.enums import PAYLOAD from lib.core.settings import FROM_TABLE +from lib.core.settings import MYSQL_ERROR_TRIM_LENGTH from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.utils.resume import resume @@ -43,7 +44,7 @@ def __oneShotErrorUse(expression, field): if Backend.getIdentifiedDbms() == DBMS.MYSQL: # Fix for MySQL odd behaviour ('Subquery returns more than 1 row') - nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))") + nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(%d))" % MYSQL_ERROR_TRIM_LENGTH) # Forge the error-based SQL injection request vector = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector)