Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1bdc07c

Browse files
stamparmstamparm
committed
minor update
1 parent 8b9c5c6 commit 1bdc07c

1 file changed

Lines changed: 6 additions & 0 deletions

File tree

lib/techniques/union/use.py

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -29,6 +29,8 @@
2929
from lib.core.common import parseUnionPage
3030
from lib.core.common import removeReflectiveValues
3131
from lib.core.common import singleTimeWarnMessage
32+
from lib.core.common import wasLastRequestDBMSError
33+
from lib.core.convert import htmlunescape
3234
from lib.core.data import conf
3335
from lib.core.data import kb
3436
from lib.core.data import logger
@@ -79,6 +81,10 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
7981

8082
if retVal is not None:
8183
retVal = getUnicode(retVal, kb.pageEncoding)
84+
85+
# Special case when DBMS is Microsoft SQL Server and error message is used as a result of inband injection
86+
if Backend.isDbms(DBMS.MSSQL) and wasLastRequestDBMSError():
87+
retVal = htmlunescape(retVal).replace("<br>", "\n")
8288
else:
8389
trimmed = extractRegexResult(trimcheck, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE) \
8490
or extractRegexResult(trimcheck, removeReflectiveValues(listToStrValue(headers.headers \

0 commit comments

Comments
 (0)