sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix for Issue #45

Browse Source
This commit is contained in:
Miroslav Stampar 2012-06-29 10:31:03 +02:00
parent e51d3a02f1
commit c0f16f0c1a
1 changed files with 16 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
lib/techniques/union/use.py
View File

@ -54,9 +54,6 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
threadData.resumed = retVal is not None threadData.resumed = retVal is not None
if retVal is None: if retVal is None:
check = "(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop)
trimcheck = "%s(?P<result>.*?)<" % (kb.chars.start)
# Prepare expression with delimiters # Prepare expression with delimiters
injExpression = unescaper.unescape(agent.concatQuery(expression, unpack)) injExpression = unescaper.unescape(agent.concatQuery(expression, unpack))
@ -75,11 +72,20 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
# Parse the returned page to get the exact union-based # Parse the returned page to get the exact union-based
# SQL injection output # SQL injection output
retVal = reduce(lambda x, y: x if x is not None else y, ( \ def _(regex):
extractRegexResult(check, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \ return reduce(lambda x, y: x if x is not None else y, ( \
extractRegexResult(check, removeReflectiveValues(listToStrValue(headers.headers \ extractRegexResult(regex, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), \ extractRegexResult(regex, removeReflectiveValues(listToStrValue(headers.headers \
None) if headers else None), payload, True), re.DOTALL | re.IGNORECASE)), \
None)
# Automatically patching last char trimming cases
if kb.chars.stop not in page and kb.chars.stop[:-1] in page:
warnMsg = "automatically patching last char trimming output"
singleTimeWarnMessage(warnMsg)
page = page.replace(kb.chars.stop[:-1], kb.chars.stop)
retVal = _("(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop))
if retVal is not None: if retVal is not None:
retVal = getUnicode(retVal, kb.pageEncoding) retVal = getUnicode(retVal, kb.pageEncoding)
@ -90,12 +96,10 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
hashDBWrite("%s%s" % (conf.hexConvert, expression), retVal) hashDBWrite("%s%s" % (conf.hexConvert, expression), retVal)
else: else:
trimmed = extractRegexResult(trimcheck, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE) \ trimmed = _("%s(?P<result>.*?)<" % (kb.chars.start))
or extractRegexResult(trimcheck, removeReflectiveValues(listToStrValue(headers.headers \
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)
if trimmed: if trimmed:
warnMsg = "possible server trimmed output detected (due to its length): " warnMsg = "possible server trimmed output detected (probably due to its length): "
warnMsg += trimmed warnMsg += trimmed
logger.warn(warnMsg) logger.warn(warnMsg)