Proper return from error-based technique enumeration

This commit is contained in:
Bernardo Damele 2011-01-31 21:13:29 +00:00
parent fa58a9c86b
commit e3a3ae11cc
3 changed files with 13 additions and 12 deletions

View File

@ -97,6 +97,8 @@ def __errorFields(expression, expressionFields, expressionFieldsList, expected=N
logger.warn(warnMsg)
output = __oneShotErrorUse(expressionReplaced, field)
if output is not None:
logger.info("retrieved: %s" % output)
if isinstance(num, int):
@ -145,7 +147,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
# entry per time
# NOTE: I assume that only queries that get data from a table can
# return multiple entries
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper() and "(CASE" not in expression.upper():
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
@ -258,6 +260,9 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
try:
for num in xrange(startLimit, stopLimit):
output = __errorFields(expression, expressionFields, expressionFieldsList, expected, num, resumeValue)
if output and isinstance(output, list) and len(output) == 1:
output = output[0]
outputs.append(output)
except KeyboardInterrupt:
@ -270,8 +275,10 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
logger.debug(debugMsg)
return outputs
else:
return __errorFields(expression, expressionFields, expressionFieldsList)
if not outputs:
outputs = __errorFields(expression, expressionFields, expressionFieldsList)
if outputs and isinstance(outputs, list) and len(outputs) == 1:
outputs = outputs[0]
return outputs

View File

@ -254,7 +254,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
reqCount += 1
if kb.misc.start not in content or kb.misc.stop not in content:
return
return None
# Parse the returned page to get the exact inband
# sql injection output

View File

@ -267,9 +267,6 @@ class Enumeration:
if parsedUser:
user = parsedUser.groups()[0]
if isinstance(user, list):
user = user[0]
if not user or user in retrievedUsers:
continue
@ -539,9 +536,6 @@ class Enumeration:
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
unescapedUser = unescaper.unescape(user, quote=False)
if isinstance(user, list):
user = user[0]
if not user or user in retrievedUsers:
continue