compatibility with partial union and error technique resumed data

2025-02-03 05:04:11 +03:00 · 2011-12-22 12:20:21 +00:00 · 2011-12-22 12:20:21 +00:00 · f622995a29
commit f622995a29
parent 58a4a02b7e
5 changed files with 11 additions and 4 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -472,7 +472,6 @@ def checkSqlInjection(place, parameter, value):
                        injection.data[stype].comment = comment
                        injection.data[stype].templatePayload = templatePayload
                        injection.data[stype].matchRatio = kb.matchRatio
-                        injection.data[stype].chars = kb.chars

                        injection.conf.textOnly = conf.textOnly
                        injection.conf.titles = conf.titles
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -176,12 +176,16 @@ def __saveToSessionFile():

        setInjection(inj)

-def __saveAbsFilePaths():
+def __saveToHashDB():
    key = "kb.absFilePaths"
    value = unserializeObject(conf.hashDB.retrieve(key)) or set()
    value.update(kb.absFilePaths)
    conf.hashDB.write(key, serializeObject(value))

+    key = "kb.chars"
+    if not conf.hashDB.retrieve(key):
+        conf.hashDB.write(key, serializeObject(kb.chars))
+
 def __saveToResultsFile():
    if not conf.resultsFP:
        return
@ -568,7 +572,7 @@ def start():

                __saveToSessionFile()
                __saveToResultsFile()
-                __saveAbsFilePaths()
+                __saveToHashDB()
                __showInjections()
                __selectInjection()

--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2505,7 +2505,6 @@ def initTechnique(technique=None):
        if data:
            kb.pageTemplate, kb.errorIsNone = getPageTemplate(data.templatePayload, kb.injection.place)
            kb.matchRatio = data.matchRatio
-            kb.chars = data.chars

            # Restoring stored conf options
            for key, value in kb.injection.conf.items():
--- a/lib/core/target.py
+++ b/lib/core/target.py
@ -210,6 +210,7 @@ def __resumeHashDBValues():
    """

    kb.absFilePaths = unserializeObject(conf.hashDB.retrieve("kb.absFilePaths")) or kb.absFilePaths
+    kb.chars = unserializeObject(conf.hashDB.retrieve("kb.chars")) or kb.chars

 def __setOutputResume():
    """
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -130,6 +130,10 @@ def __oneShotErrorUse(expression, field):

        conf.hashDB.write(expression, retVal)

+    else:
+        check = "%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
+        retVal = extractRegexResult(check, retVal, re.DOTALL | re.IGNORECASE) or retVal
+
    return safecharencode(retVal) if kb.safeCharEncode else retVal

 def __errorFields(expression, expressionFields, expressionFieldsList, expected=None, num=None, resumeValue=True):