From c0d5daee99dab61d0418926b81643ac8c4d1eeb9 Mon Sep 17 00:00:00 2001 From: Bernardo Damele Date: Sun, 16 Jan 2011 00:15:30 +0000 Subject: [PATCH] More refactoring and cleanup --- lib/controller/checks.py | 8 ++++---- lib/techniques/brute/use.py | 6 ++++-- lib/techniques/inband/union/test.py | 4 ++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 3efd6068b..3513776ad 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -376,7 +376,7 @@ def checkSqlInjection(place, parameter, value): # used afterwards by Agent.forgeInbandQuery() # method to forge the UNION query payload - # Set current fingeprinted DBMS according to the + # Set fingerprinted DBMS according to the # current test settings for proper unescaping kb.misc.fpDbms = dbms @@ -387,7 +387,7 @@ def checkSqlInjection(place, parameter, value): logger.warn(warnMsg) configUnion(test.request.char, test.request.columns) - dbmsToUnescape = dbms if dbms is not None else injection.dbms + dbmsToUnescape = kb.misc.fpDbms if kb.misc.fpDbms is not None else injection.dbms reqPayload, vector = unionTest(comment, place, parameter, value, prefix, suffix, dbmsToUnescape) if isinstance(reqPayload, basestring): @@ -396,8 +396,8 @@ def checkSqlInjection(place, parameter, value): injectable = True - # Overwrite 'where' because it can differ - # in unionTest()'s vector (1 or 2) + # Overwrite 'where' because it can be set + # by unionTest() directly where = vector[6] kb.misc.fpDbms = None diff --git a/lib/techniques/brute/use.py b/lib/techniques/brute/use.py index e034d38d3..746b30309 100644 --- a/lib/techniques/brute/use.py +++ b/lib/techniques/brute/use.py @@ -88,7 +88,7 @@ def tableExists(tableFile, regex=None): if conf.verbose in (1, 2): status = '%d/%d items (%d%s)' % (count[0], length, round(100.0*count[0]/length), '%') - dataToStdout("\r[%s] [INFO] tried: %s" % (time.strftime("%X"), status), True) + dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True) iolock.release() @@ -136,6 +136,7 @@ def tableExists(tableFile, regex=None): kb.suppressSession = False clearConsoleLine(True) + dataToStdout("\n") if not retVal: warnMsg = "no table found" @@ -196,7 +197,7 @@ def columnExists(columnFile, regex=None): if conf.verbose in (1, 2): status = '%d/%d items (%d%s)' % (count[0], length, round(100.0*count[0]/length), '%') - dataToStdout("\r[%s] [INFO] tried: %s" % (time.strftime("%X"), status), True) + dataToStdout("\r[%s] [INFO] tried %s" % (time.strftime("%X"), status), True) iolock.release() @@ -244,6 +245,7 @@ def columnExists(columnFile, regex=None): kb.suppressSession = False clearConsoleLine(True) + dataToStdout("\n") if not retVal: warnMsg = "no column found" diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py index a5956f45f..9474edbb1 100644 --- a/lib/techniques/inband/union/test.py +++ b/lib/techniques/inband/union/test.py @@ -107,8 +107,8 @@ def __unionTestByCharBruteforce(comment, place, parameter, value, prefix, suffix if getIdentifiedDBMS() in INBAND_FROM_TABLE: query += INBAND_FROM_TABLE[getIdentifiedDBMS()] - status = '%d/%d (%d%s)' % (count, conf.uColsStop, round(100.0*count/conf.uColsStop), '%') - debugMsg = "testing number of columns: %s" % status + status = "%d/%d" % (count, conf.uColsStop) + debugMsg = "testing %s columns (%d%%)" % (status, round(100.0*count/conf.uColsStop)) logger.debug(debugMsg) validPayload, vector = __unionConfirm(comment, place, parameter, value, prefix, suffix, dbms, count)