diff --git a/lib/core/common.py b/lib/core/common.py index 800aeb557..febfacf0c 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -72,7 +72,7 @@ from lib.core.settings import REVISION from lib.core.settings import VERSION_STRING from lib.core.settings import SITE from lib.core.settings import ERROR_PARSING_REGEXES -from lib.core.settings import NON_PRINTABLE_CHAR_REGEX +from lib.core.settings import PRINTABLE_CHAR_REGEX from lib.core.settings import SQL_STATEMENTS from lib.core.settings import SUPPORTED_DBMS from lib.core.settings import UNKNOWN_DBMS_VERSION @@ -2131,7 +2131,7 @@ def filterControlChars(value): Returns string value with control chars being supstituted with ' ' """ - return filterStringValue(value, NON_PRINTABLE_CHAR_REGEX, ' ') + return filterStringValue(value, PRINTABLE_CHAR_REGEX, ' ') def isDBMSVersionAtLeast(version): """ diff --git a/lib/core/settings.py b/lib/core/settings.py index 9d0701ee2..efd73955b 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -57,7 +57,7 @@ URI_QUESTION_MARKER = "__QUESTION_MARK__" PAYLOAD_DELIMITER = "\x00" CHAR_INFERENCE_MARK = "%c" -NON_PRINTABLE_CHAR_REGEX = r'[^\x00-\x1f\x7f-\xff]' +PRINTABLE_CHAR_REGEX = r'[^\x00-\x1f\x7e-\xff]' # dumping characters used in GROUP_CONCAT MySQL technique CONCAT_ROW_DELIMITER = ',' diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 3c2a2c245..13f3d4924 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -136,7 +136,7 @@ def __errorFields(expression, expressionFields, expressionFieldsList, expected=N output = __oneShotErrorUse(expressionReplaced, field) if output is not None: - dataToStdout("[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), safecharencode(replaceNewlineTabs(output, stdout=True)))) + dataToStdout("[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), safecharencode(output))) if isinstance(num, int): expression = origExpr diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index be1de9cba..d44028d4e 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -24,6 +24,7 @@ from lib.core.common import isNumPosStrValue from lib.core.common import listToStrValue from lib.core.common import parseUnionPage from lib.core.common import removeReflectiveValues +from lib.core.convert import safecharencode from lib.core.data import conf from lib.core.data import kb from lib.core.data import logger @@ -253,7 +254,7 @@ def unionUse(expression, unpack=True, dump=False): if conf.verbose == 1: items = output.replace(kb.misc.start, "").replace(kb.misc.stop, "").split(kb.misc.delimiter) - status = "[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), ",".join(map(lambda x: "\"%s\"" % x, items))) + status = "[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), safecharencode(",".join(map(lambda x: "\"%s\"" % x, items)))) if len(status) > width: status = "%s..." % status[:width - 3] dataToStdout(status, True)