minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None)

2024-11-22 09:36:35 +03:00 · 2011-06-01 22:06:06 +00:00 · 2011-06-01 22:06:06 +00:00 · fc96764f80
commit fc96764f80
parent 091c174bc4
2 changed files with 14 additions and 10 deletions
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -85,14 +85,16 @@ def __oneShotErrorUse(expression, field):

        # Parse the returned page to get the exact error-based
        # sql injection output
-        output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
-                or extractRegexResult(check, listToStrValue(headers.headers \
-                if headers else None), re.DOTALL | re.IGNORECASE) \
-                or extractRegexResult(check, threadData.lastRedirectMsg[1] \
+        output = reduce(lambda x, y: x if x is not None else y, [ \
+                extractRegexResult(check, page, re.DOTALL | re.IGNORECASE), \
+                extractRegexResult(check, listToStrValue(headers.headers \
+                if headers else None), re.DOTALL | re.IGNORECASE), \
+                extractRegexResult(check, threadData.lastRedirectMsg[1] \
                if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \
-                threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)
+                threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)], \
+                None)

-        if output:
+        if output is not None:
            output = getUnicode(output, kb.pageEncoding)
        else:
            trimmed = extractRegexResult(trimcheck, page, re.DOTALL | re.IGNORECASE) \
--- a/lib/techniques/inband/union/use.py
+++ b/lib/techniques/inband/union/use.py
@ -75,11 +75,13 @@ def __oneShotUnionUse(expression, unpack=True):

    # Parse the returned page to get the exact union-based
    # sql injection output
-    output = extractRegexResult(check, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE) \
-            or extractRegexResult(check, removeReflectiveValues(listToStrValue(headers.headers \
-            if headers else None), payload, True), re.DOTALL | re.IGNORECASE)
+    output = reduce(lambda x, y: x if x is not None else y, [ \
+            extractRegexResult(check, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE), \
+            extractRegexResult(check, removeReflectiveValues(listToStrValue(headers.headers \
+            if headers else None), payload, True), re.DOTALL | re.IGNORECASE)], \
+            None)

-    if output:
+    if output is not None:
        output = getUnicode(output, kb.pageEncoding)
    else:
        trimmed = extractRegexResult(trimcheck, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE) \