Fix for an Issue #137

stamparm · stamparm · commit 464945060394 · 2012-08-16T22:20:24.000+02:00
diff --git a/lib/core/option.py b/lib/core/option.py
@@ -1555,7 +1555,6 @@ def __setKnowledgeBaseAttributes(flushAll=True):
     kb.threadException = False
     kb.timeValidCharsRun = 0
     kb.uChar = NULL
-    kb.unescape = True
     kb.unionDuplicates = False
     kb.xpCmdshellAvailable = False
 
diff --git a/lib/core/unescaper.py b/lib/core/unescaper.py
@@ -13,7 +13,7 @@
 
 class Unescaper(AttribDict):
     def unescape(self, expression, quote=True, dbms=None):
-        if not kb.unescape or conf.noUnescape:
+        if conf.noUnescape:
             return expression
 
         if expression is None:
diff --git a/plugins/generic/custom.py b/plugins/generic/custom.py
@@ -34,7 +34,6 @@ def sqlQuery(self, query):
         output = None
         sqlType = None
         query = query.rstrip(';')
-        kb.unescape = False
 
         for sqlTitle, sqlStatements in SQL_STATEMENTS.items():
             for sqlStatement in sqlStatements:
@@ -47,16 +46,13 @@ def sqlQuery(self, query):
             logger.info(infoMsg)
 
             output = inject.getValue(query, fromUser=True)
-            kb.unescape = True
 
             return output
         elif not isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED) and not conf.direct:
                 warnMsg = "execution of custom SQL queries is only "
                 warnMsg += "available when stacked queries are supported"
                 logger.warn(warnMsg)
 
-                kb.unescape = True
-
                 return None
         else:
             if sqlType:
@@ -72,8 +68,6 @@ def sqlQuery(self, query):
 
             output = False
 
-        kb.unescape = True
-
         return output
 
     def sqlShell(self):
