minor refactoring

This commit is contained in:
Miroslav Stampar 2011-02-04 17:40:55 +00:00
parent fec88f6a6d
commit acb986ae80
2 changed files with 5 additions and 1 deletions

View File

@ -246,3 +246,6 @@ MAX_RATIO = 1.0
# Character used for marking injectable position inside URI
URI_INJECTION_MARK_CHAR = '*'
# Maximum length used for retrieving data over MySQL error based payload due to "known" problems with longer result strings
MYSQL_ERROR_TRIM_LENGTH = 100

View File

@ -29,6 +29,7 @@ from lib.core.enums import DBMS
from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD
from lib.core.settings import FROM_TABLE
from lib.core.settings import MYSQL_ERROR_TRIM_LENGTH
from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request
from lib.utils.resume import resume
@ -43,7 +44,7 @@ def __oneShotErrorUse(expression, field):
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
# Fix for MySQL odd behaviour ('Subquery returns more than 1 row')
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))")
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(%d))" % MYSQL_ERROR_TRIM_LENGTH)
# Forge the error-based SQL injection request
vector = agent.cleanupPayload(kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector)