mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
Proper return from error-based technique enumeration
This commit is contained in:
parent
fa58a9c86b
commit
e3a3ae11cc
|
@ -97,6 +97,8 @@ def __errorFields(expression, expressionFields, expressionFieldsList, expected=N
|
|||
logger.warn(warnMsg)
|
||||
|
||||
output = __oneShotErrorUse(expressionReplaced, field)
|
||||
|
||||
if output is not None:
|
||||
logger.info("retrieved: %s" % output)
|
||||
|
||||
if isinstance(num, int):
|
||||
|
@ -145,7 +147,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
|||
# entry per time
|
||||
# NOTE: I assume that only queries that get data from a table can
|
||||
# return multiple entries
|
||||
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
|
||||
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper() and "(CASE" not in expression.upper():
|
||||
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
|
||||
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
|
||||
|
||||
|
@ -258,6 +260,9 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
|||
try:
|
||||
for num in xrange(startLimit, stopLimit):
|
||||
output = __errorFields(expression, expressionFields, expressionFieldsList, expected, num, resumeValue)
|
||||
if output and isinstance(output, list) and len(output) == 1:
|
||||
output = output[0]
|
||||
|
||||
outputs.append(output)
|
||||
|
||||
except KeyboardInterrupt:
|
||||
|
@ -270,8 +275,10 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
|
|||
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
|
||||
logger.debug(debugMsg)
|
||||
|
||||
return outputs
|
||||
else:
|
||||
return __errorFields(expression, expressionFields, expressionFieldsList)
|
||||
if not outputs:
|
||||
outputs = __errorFields(expression, expressionFields, expressionFieldsList)
|
||||
|
||||
if outputs and isinstance(outputs, list) and len(outputs) == 1:
|
||||
outputs = outputs[0]
|
||||
|
||||
return outputs
|
||||
|
|
|
@ -254,7 +254,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
|
|||
reqCount += 1
|
||||
|
||||
if kb.misc.start not in content or kb.misc.stop not in content:
|
||||
return
|
||||
return None
|
||||
|
||||
# Parse the returned page to get the exact inband
|
||||
# sql injection output
|
||||
|
|
|
@ -267,9 +267,6 @@ class Enumeration:
|
|||
if parsedUser:
|
||||
user = parsedUser.groups()[0]
|
||||
|
||||
if isinstance(user, list):
|
||||
user = user[0]
|
||||
|
||||
if not user or user in retrievedUsers:
|
||||
continue
|
||||
|
||||
|
@ -539,9 +536,6 @@ class Enumeration:
|
|||
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
|
||||
unescapedUser = unescaper.unescape(user, quote=False)
|
||||
|
||||
if isinstance(user, list):
|
||||
user = user[0]
|
||||
|
||||
if not user or user in retrievedUsers:
|
||||
continue
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user