Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2cc167a

Browse files
stamparmstamparm
committed
fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"
1 parent bf09b8a commit 2cc167a

2 files changed

Lines changed: 17 additions & 13 deletions

File tree

lib/core/common.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1639,3 +1639,6 @@ def trimAlphaNum(value):
16391639
value = value[1:]
16401640

16411641
return value
1642+
1643+
def isNumPosStrValue(value):
1644+
return value and isinstance(value, basestring) and value.isdigit() and value != "0"

plugins/generic/enumeration.py

Lines changed: 14 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,7 @@
1717
from lib.core.common import getConsoleWidth
1818
from lib.core.common import getFileItems
1919
from lib.core.common import getUnicode
20+
from lib.core.common import isNumPosStrValue
2021
from lib.core.common import parsePasswordHash
2122
from lib.core.common import popValue
2223
from lib.core.common import pushValue
@@ -159,7 +160,7 @@ def getUsers(self):
159160
query = rootQuery.blind.count
160161
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
161162

162-
if not count.isdigit() or not len(count) or count == "0":
163+
if not isNumPosStrValue(count):
163164
errMsg = "unable to retrieve the number of database users"
164165
raise sqlmapNoneDataException, errMsg
165166

@@ -268,7 +269,7 @@ def getPasswordHashes(self):
268269
query = rootQuery.blind.count % user
269270
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
270271

271-
if not count.isdigit() or not len(count) or count == "0":
272+
if not isNumPosStrValue(count):
272273
warnMsg = "unable to retrieve the number of password "
273274
warnMsg += "hashes for user '%s'" % user
274275
logger.warn(warnMsg)
@@ -547,8 +548,8 @@ def getPrivileges(self, query2=False):
547548
query = rootQuery.blind.count % queryUser
548549
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
549550

550-
if not count.isdigit() or not len(count) or count == "0":
551-
if not count.isdigit() and kb.dbms == DBMS.ORACLE and not query2:
551+
if not isNumPosStrValue(count):
552+
if not (isinstance(count, basestring) and count.isdigit()) and kb.dbms == DBMS.ORACLE and not query2:
552553
infoMsg = "trying with table USER_SYS_PRIVS"
553554
logger.info(infoMsg)
554555

@@ -686,7 +687,7 @@ def getDbs(self):
686687
query = rootQuery.blind.count
687688
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
688689

689-
if not count.isdigit() or not len(count) or count == "0":
690+
if not isNumPosStrValue(count):
690691
errMsg = "unable to retrieve the number of databases"
691692
raise sqlmapNoneDataException, errMsg
692693

@@ -811,7 +812,7 @@ def getTables(self):
811812
query = rootQuery.blind.count % db
812813
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
813814

814-
if not count.isdigit() or not len(count) or count == "0":
815+
if not isNumPosStrValue(count):
815816
warnMsg = "unable to retrieve the number of "
816817
warnMsg += "tables for database '%s'" % db
817818
logger.warn(warnMsg)
@@ -982,7 +983,7 @@ def getColumns(self, onlyColNames=False):
982983

983984
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
984985

985-
if not count.isdigit() or not len(count) or count == "0":
986+
if not isNumPosStrValue(count):
986987
errMsg = "unable to retrieve the number of columns "
987988
errMsg += "for table '%s' " % conf.tbl
988989
errMsg += "on database '%s'" % conf.db
@@ -1165,7 +1166,7 @@ def dumpTable(self):
11651166
query = rootQuery.blind.count % (conf.db, conf.tbl)
11661167
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
11671168

1168-
if not count.isdigit() or not len(count) or count == "0":
1169+
if not isNumPosStrValue(count):
11691170
warnMsg = "unable to retrieve the number of "
11701171
if conf.col:
11711172
warnMsg += "columns '%s' " % colString
@@ -1400,7 +1401,7 @@ def searchDb(self):
14001401
query += exclDbsQuery
14011402
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
14021403

1403-
if not count.isdigit() or not len(count) or count == "0":
1404+
if not isNumPosStrValue(count):
14041405
warnMsg = "no database"
14051406
if dbConsider == "1":
14061407
warnMsg += "s like"
@@ -1485,7 +1486,7 @@ def searchTable(self):
14851486
query += exclDbsQuery
14861487
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
14871488

1488-
if not count.isdigit() or not len(count) or count == "0":
1489+
if not isNumPosStrValue(count):
14891490
warnMsg = "no databases have table"
14901491
if tblConsider == "1":
14911492
warnMsg += "s like"
@@ -1522,7 +1523,7 @@ def searchTable(self):
15221523
query += " AND %s" % tblQuery
15231524
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
15241525

1525-
if not count.isdigit() or not len(count) or count == "0":
1526+
if not isNumPosStrValue(count):
15261527
warnMsg = "no table"
15271528
if tblConsider == "1":
15281529
warnMsg += "s like"
@@ -1624,7 +1625,7 @@ def searchColumn(self):
16241625
query += exclDbsQuery
16251626
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
16261627

1627-
if not count.isdigit() or not len(count) or count == "0":
1628+
if not isNumPosStrValue(count):
16281629
warnMsg = "no databases have tables containing column"
16291630
if colConsider == "1":
16301631
warnMsg += "s like"
@@ -1664,7 +1665,7 @@ def searchColumn(self):
16641665
query += " AND %s" % colQuery
16651666
count = inject.getValue(query, inband=False, expected="int", charsetType=2)
16661667

1667-
if not count.isdigit() or not len(count) or count == "0":
1668+
if not isNumPosStrValue(count):
16681669
warnMsg = "no tables contain column"
16691670
if colConsider == "1":
16701671
warnMsg += "s like"

0 commit comments

Comments
 (0)