Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 06805b2

Browse files
stamparmstamparm
committed
Bug fix (time was also meant to be disabled in case of error/inband getvalues)
1 parent 7207cf2 commit 06805b2

9 files changed

Lines changed: 19 additions & 19 deletions

File tree

lib/takeover/xp_cmdshell.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -210,7 +210,7 @@ def xpCmdshellEvalCmd(self, cmd, first=None, last=None):
210210
query = "SELECT %s FROM %s" % (self.tblField, self.cmdTblName)
211211

212212
if conf.direct or any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)):
213-
output = inject.getValue(query, resumeValue=False, blind=False)
213+
output = inject.getValue(query, resumeValue=False, blind=False, time=False)
214214
else:
215215
output = []
216216
count = inject.getValue("SELECT COUNT(*) FROM %s" % self.cmdTblName, resumeValue=False, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)

lib/utils/pivotdumptable.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -35,7 +35,7 @@ def pivotDumpTable(table, colList, count=None, blind=True):
3535

3636
if count is None:
3737
query = dumpNode.count % table
38-
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, expected=EXPECTED.INT)
38+
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, time=False, expected=EXPECTED.INT)
3939

4040
if isinstance(count, basestring) and count.isdigit():
4141
count = int(count)

plugins/dbms/mssqlserver/enumeration.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -96,7 +96,7 @@ def getTables(self):
9696

9797
for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3):
9898
query = query.replace("%s", db)
99-
value = inject.getValue(query, blind=False)
99+
value = inject.getValue(query, blind=False, time=False)
100100
if not isNoneValue(value):
101101
break
102102

@@ -199,7 +199,7 @@ def searchTable(self):
199199
if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
200200
query = rootQuery.inband.query.replace("%s", db)
201201
query += tblQuery
202-
values = inject.getValue(query, blind=False)
202+
values = inject.getValue(query, blind=False, time=False)
203203

204204
if not isNoneValue(values):
205205
if isinstance(values, basestring):
@@ -321,7 +321,7 @@ def searchColumn(self):
321321
query = rootQuery.inband.query % (db, db, db, db, db, db)
322322
query += " AND %s" % colQuery.replace("[DB]", db)
323323
query += whereTblsQuery.replace("[DB]", db)
324-
values = inject.getValue(query, blind=False)
324+
values = inject.getValue(query, blind=False, time=False)
325325

326326
if not isNoneValue(values):
327327
if isinstance(values, basestring):

plugins/dbms/mssqlserver/filesystem.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -138,7 +138,7 @@ def stackedReadFile(self, rFile):
138138
inject.goStacked(binToHexQuery)
139139

140140
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
141-
result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, error=False)
141+
result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, time=False, error=False)
142142

143143
if not result:
144144
result = []

plugins/dbms/oracle/enumeration.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -54,7 +54,7 @@ def getRoles(self, query2=False):
5454
query += " WHERE "
5555
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
5656

57-
values = inject.getValue(query, blind=False)
57+
values = inject.getValue(query, blind=False, time=False)
5858

5959
if not values and not query2:
6060
infoMsg = "trying with table USER_ROLE_PRIVS"

plugins/generic/databases.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -103,7 +103,7 @@ def getDbs(self):
103103
query = rootQuery.inband.query2
104104
else:
105105
query = rootQuery.inband.query
106-
value = inject.getValue(query, blind=False)
106+
value = inject.getValue(query, blind=False, time=False)
107107

108108
if not isNoneValue(value):
109109
kb.data.cachedDbs = arrayizeValue(value)
@@ -266,7 +266,7 @@ def getTables(self, bruteForce=None):
266266
if len(dbs) < 2 and ("%s," % condition) in query:
267267
query = query.replace("%s," % condition, "", 1)
268268

269-
value = inject.getValue(query, blind=False)
269+
value = inject.getValue(query, blind=False, time=False)
270270

271271
if not isNoneValue(value):
272272
value = filter(None, arrayizeValue(value))
@@ -518,7 +518,7 @@ def getColumns(self, onlyColNames=False, colTuple=None, bruteForce=None):
518518
elif Backend.isDbms(DBMS.SQLITE):
519519
query = rootQuery.inband.query % tbl
520520

521-
value = inject.getValue(query, blind=False)
521+
value = inject.getValue(query, blind=False, time=False)
522522

523523
if Backend.isDbms(DBMS.SQLITE):
524524
parseSqliteTableSchema(unArrayizeValue(value))

plugins/generic/entries.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -147,7 +147,7 @@ def dumpTable(self, foundData=None):
147147
if not (isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION) and kb.injection.data[PAYLOAD.TECHNIQUE.UNION].where == PAYLOAD.WHERE.ORIGINAL):
148148
table = "%s.%s" % (conf.db, tbl)
149149

150-
retVal = pivotDumpTable(table, colList, blind=False)
150+
retVal = pivotDumpTable(table, colList, blind=False, time=False)
151151

152152
if retVal:
153153
entries, _ = retVal
@@ -160,7 +160,7 @@ def dumpTable(self, foundData=None):
160160
query = rootQuery.inband.query % (colString, conf.db, tbl)
161161

162162
if not entries and query:
163-
entries = inject.getValue(query, blind=False, dump=True)
163+
entries = inject.getValue(query, blind=False, time=False, dump=True)
164164

165165
if isNoneValue(entries):
166166
entries = []

plugins/generic/search.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,7 @@ def searchDb(self):
8181
query = rootQuery.inband.query
8282
query += dbQuery
8383
query += exclDbsQuery
84-
values = inject.getValue(query, blind=False)
84+
values = inject.getValue(query, blind=False, time=False)
8585

8686
if not isNoneValue(values):
8787
values = arrayizeValue(values)
@@ -190,7 +190,7 @@ def searchTable(self):
190190
query = rootQuery.inband.query
191191
query += tblQuery
192192
query += whereDbsQuery
193-
values = inject.getValue(query, blind=False)
193+
values = inject.getValue(query, blind=False, time=False)
194194

195195
for foundDb, foundTbl in filterPairValues(values):
196196
foundDb = safeSQLIdentificatorNaming(foundDb)
@@ -378,7 +378,7 @@ def searchColumn(self):
378378
query += colQuery
379379
query += whereDbsQuery
380380
query += whereTblsQuery
381-
values = inject.getValue(query, blind=False)
381+
values = inject.getValue(query, blind=False, time=False)
382382
else:
383383
# Assume provided databases' tables contain the
384384
# column(s) provided

plugins/generic/users.py

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,7 @@ def getUsers(self):
9797
query = rootQuery.inband.query2
9898
else:
9999
query = rootQuery.inband.query
100-
value = unArrayizeValue(inject.getValue(query, blind=False))
100+
value = unArrayizeValue(inject.getValue(query, blind=False, time=False))
101101

102102
if not isNoneValue(value):
103103
kb.data.cachedUsers = arrayizeValue(value)
@@ -182,7 +182,7 @@ def getPasswordHashes(self):
182182
randStr = randomStr()
183183
getCurrentThreadData().disableStdOut = True
184184

185-
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False)
185+
retVal = pivotDumpTable("(%s) AS %s" % (query, randStr), ['%s.name' % randStr, '%s.password' % randStr], blind=False, time=False)
186186

187187
if retVal:
188188
for user, password in filterPairValues(zip(retVal[0]["%s.name" % randStr], retVal[0]["%s.password" % randStr])):
@@ -194,7 +194,7 @@ def getPasswordHashes(self):
194194

195195
getCurrentThreadData().disableStdOut = False
196196
else:
197-
value = inject.getValue(query, blind=False)
197+
value = inject.getValue(query, blind=False, time=False)
198198

199199
for user, password in filterPairValues(value):
200200
if not user or user == " ":
@@ -363,7 +363,7 @@ def getPrivileges(self, query2=False):
363363
else:
364364
query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))
365365

366-
values = inject.getValue(query, blind=False)
366+
values = inject.getValue(query, blind=False, time=False)
367367

368368
if not values and Backend.isDbms(DBMS.ORACLE) and not query2:
369369
infoMsg = "trying with table USER_SYS_PRIVS"

0 commit comments

Comments
 (0)