Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 537b619

Browse files
stamparmstamparm
committed
removing junk
1 parent b5e4593 commit 537b619

1 file changed

Lines changed: 0 additions & 66 deletions

File tree

lib/request/inject.py

Lines changed: 0 additions & 66 deletions
Original file line numberDiff line numberDiff line change
@@ -336,72 +336,6 @@ def __goError(expression, resumeValue=True):
336336

337337
return result
338338

339-
def __goTimeBlind(expression, resumeValue=True):
340-
"""
341-
Retrieve the output of a SQL query taking advantage of an error-based
342-
SQL injection vulnerability on the affected parameter.
343-
"""
344-
345-
result = None
346-
347-
if conf.direct:
348-
return direct(expression), None
349-
350-
condition = (
351-
kb.resumedQueries and conf.url in kb.resumedQueries.keys()
352-
and expression in kb.resumedQueries[conf.url].keys()
353-
)
354-
355-
if condition and resumeValue:
356-
result = resume(expression, None)
357-
358-
if not result:
359-
result = timeBlindUse(expression)
360-
dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(result)))
361-
362-
return result
363-
364-
def timeBlindUse(expression):
365-
"""
366-
Retrieve the output of a SQL query taking advantage of an error SQL
367-
injection vulnerability on the affected parameter.
368-
"""
369-
370-
output = None
371-
import pdb
372-
pdb.set_trace()
373-
vector = agent.cleanupPayload(kb.injection.data[5].vector)
374-
query = unescaper.unescape(vector)
375-
query = agent.prefixQuery(query)
376-
query = agent.suffixQuery(query)
377-
check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
378-
379-
_, _, _, _, _, _, fieldToCastStr = agent.getFields(expression)
380-
nulledCastedField = agent.nullAndCastField(fieldToCastStr)
381-
382-
if kb.dbms == DBMS.MYSQL:
383-
nulledCastedField = nulledCastedField.replace("AS CHAR)", "AS CHAR(100))") # fix for that 'Subquery returns more than 1 row'
384-
385-
expression = expression.replace(fieldToCastStr, nulledCastedField, 1)
386-
expression = unescaper.unescape(expression)
387-
expression = safeStringFormat(query, expression)
388-
389-
debugMsg = "query: %s" % expression
390-
logger.debug(debugMsg)
391-
392-
payload = agent.payload(newValue=expression)
393-
reqBody, _ = Request.queryPage(payload, content=True)
394-
output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE)
395-
396-
if output:
397-
output = output.replace(kb.misc.space, " ")
398-
399-
if conf.verbose > 0:
400-
infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
401-
logger.info(infoMsg)
402-
403-
return output
404-
405339
def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=True, dump=False):
406340
"""
407341
Retrieve the output of a SQL query taking advantage of an inband SQL

0 commit comments

Comments
 (0)