More refactoring and cleanup

2024-11-22 09:36:35 +03:00 · 2011-01-16 00:15:30 +00:00 · 2011-01-16 00:15:30 +00:00 · c0d5daee99
commit c0d5daee99
parent 02b333e30b
3 changed files with 10 additions and 8 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -376,7 +376,7 @@ def checkSqlInjection(place, parameter, value):
                            # used afterwards by Agent.forgeInbandQuery()
                            # method to forge the UNION query payload

-                            # Set current fingeprinted DBMS according to the
+                            # Set fingerprinted DBMS according to the
                            # current test settings for proper unescaping
                            kb.misc.fpDbms = dbms

@ -387,7 +387,7 @@ def checkSqlInjection(place, parameter, value):
                                logger.warn(warnMsg)

                            configUnion(test.request.char, test.request.columns)
-                            dbmsToUnescape = dbms if dbms is not None else injection.dbms
+                            dbmsToUnescape = kb.misc.fpDbms if kb.misc.fpDbms is not None else injection.dbms
                            reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix, dbmsToUnescape)

                            if isinstance(reqPayload, basestring):
@ -396,8 +396,8 @@ def checkSqlInjection(place, parameter, value):

                                injectable = True

-                                # Overwrite 'where' because it can differ
-                                # in unionTest()'s vector (1 or 2)
+                                # Overwrite 'where' because it can be set
+                                # by unionTest() directly
                                where = vector[6]

                            kb.misc.fpDbms = None
--- a/lib/techniques/brute/use.py
+++ b/lib/techniques/brute/use.py
@ -88,7 +88,7 @@ def tableExists(tableFile, regex=None):

            if conf.verbose in (1, 2):
                status = '%d/%d items (%d%s)' % (count[0], length, round(100.0*count[0]/length), '%')
-                dataToStdout("\r[%s] [INFO] tried: %s" % (time.strftime("%X"), status), True)
+                dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True)

            iolock.release()

@ -136,6 +136,7 @@ def tableExists(tableFile, regex=None):
        kb.suppressSession = False

    clearConsoleLine(True)
+    dataToStdout("\n")

    if not retVal:
        warnMsg = "no table found"
@ -196,7 +197,7 @@ def columnExists(columnFile, regex=None):

            if conf.verbose in (1, 2):
                status = '%d/%d items (%d%s)' % (count[0], length, round(100.0*count[0]/length), '%')
-                dataToStdout("\r[%s] [INFO] tried: %s" % (time.strftime("%X"), status), True)
+                dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True)

            iolock.release()

@ -244,6 +245,7 @@ def columnExists(columnFile, regex=None):
        kb.suppressSession = False

    clearConsoleLine(True)
+    dataToStdout("\n")

    if not retVal:
        warnMsg = "no column found"
--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@ -107,8 +107,8 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix
        if getIdentifiedDBMS() in INBAND_FROM_TABLE:
            query += INBAND_FROM_TABLE[getIdentifiedDBMS()]

-        status = '%d/%d (%d%s)' % (count, conf.uColsStop, round(100.0*count/conf.uColsStop), '%')
-        debugMsg = "testing number of columns: %s" % status
+        status = "%d/%d" % (count, conf.uColsStop)
+        debugMsg = "testing %s columns (%d%%)" % (status, round(100.0*count/conf.uColsStop))
        logger.debug(debugMsg)

        validPayload, vector = __unionConfirm(comment, place, parameter, value, prefix, suffix, dbms, count)