Code cleanup

2025-02-03 05:04:11 +03:00 · 2011-02-06 22:32:44 +00:00 · 2011-02-06 22:32:44 +00:00 · f3d6be7868
commit f3d6be7868
parent ecaf5729fd
3 changed files with 19 additions and 13 deletions
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -249,3 +249,6 @@ URI_INJECTION_MARK_CHAR = '*'

 # Maximum length used for retrieving data over MySQL error based payload due to "known" problems with longer result strings
 MYSQL_ERROR_TRIM_LENGTH = 100
+
+#
+EXCLUDE_UNESCAPE = ("WAITFOR DELAY ", " INTO DUMPFILE ")
--- a/lib/core/unescaper.py
+++ b/lib/core/unescaper.py
@ -9,16 +9,20 @@ See the file 'doc/COPYING' for copying permission

 from lib.core.common import Backend
 from lib.core.datatype import advancedDict
+from lib.core.settings import EXCLUDE_UNESCAPE

 class Unescaper(advancedDict):
    def unescape(self, expression, quote=True, dbms=None):
+        if expression is None:
+            return expression
+
+        for exclude in EXCLUDE_UNESCAPE:
+            if exclude in expression:
+                return expression
+
        identifiedDbms = Backend.getIdentifiedDbms()

-        if not expression:
-            return expression
-        elif "WAITFOR DELAY " in expression:
-            return expression
-        elif dbms is not None:
+        if dbms is not None:
            return self[dbms](expression, quote=quote)
        elif identifiedDbms is not None:
            return self[identifiedDbms](expression, quote=quote)
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -32,13 +32,12 @@ from lib.utils.resume import resume

 reqCount = 0

-def __oneShotUnionUse(expression, unpack=True, unescape=True):
+def __oneShotUnionUse(expression, unpack=True):
    global reqCount

    # Prepare expression with delimiters
-    if unescape:
-        expression = agent.concatQuery(expression, unpack)
-        expression = unescaper.unescape(expression)
+    expression = agent.concatQuery(expression, unpack)
+    expression = unescaper.unescape(expression)

    if conf.limitStart or conf.limitStop:
        where = PAYLOAD.WHERE.NEGATIVE
@ -102,7 +101,7 @@ def configUnion(char=None, columns=None):
    elif isinstance(columns, basestring):
        __configUnionCols(columns)

-def unionUse(expression, unescape=True, unpack=True, dump=False):
+def unionUse(expression, unpack=True, dump=False):
    """
    This function tests for an inband SQL injection on the target
    url then call its subsidiary function to effectively perform an
@ -204,7 +203,7 @@ def unionUse(expression, unescape=True, unpack=True, dump=False):
            count = parseUnionPage(count, countedExpression)

            if not count or not count.isdigit():
-                output = __oneShotUnionUse(countedExpression, unpack=unpack)
+                output = __oneShotUnionUse(countedExpression, unpack)

                if output:
                    count = parseUnionPage(output, countedExpression)
@ -239,7 +238,7 @@ def unionUse(expression, unescape=True, unpack=True, dump=False):
                    output = resume(limitedExpr, None)

                    if not output:
-                        output = __oneShotUnionUse(limitedExpr, unescape=unescape, unpack=unpack)
+                        output = __oneShotUnionUse(limitedExpr, unpack)

                    if output:
                        value += output
@ -251,7 +250,7 @@ def unionUse(expression, unescape=True, unpack=True, dump=False):
                logger.warn(warnMsg)

    if not value:
-        value = __oneShotUnionUse(expression, unescape=unescape, unpack=unpack)
+        value = __oneShotUnionUse(expression, unpack)

    duration = calculateDeltaSeconds(start)