@@ -367,7 +367,7 @@ def __goInband(expression, expected=None, sort=True, resumeValue=True, unpack=Tr
367367
368368 return data
369369
370- def getValue (expression , blind = True , inband = True , error = True , time = True , fromUser = False , expected = None , batch = False , unpack = True , sort = True , resumeValue = True , charsetType = None , firstChar = None , lastChar = None , dump = False , suppressOutput = False ):
370+ def getValue (expression , blind = True , inband = True , error = True , time = True , fromUser = False , expected = None , batch = False , unpack = True , sort = True , resumeValue = True , charsetType = None , firstChar = None , lastChar = None , dump = False , suppressOutput = False , expectingNone = False ):
371371 """
372372 Called each time sqlmap inject a SQL query on the SQL injection
373373 affected parameter. It can call a function to retrieve the output
@@ -379,54 +379,59 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
379379 pushValue (conf .verbose )
380380 conf .verbose = 0
381381
382- if conf .direct :
383- value = direct (expression )
384- elif kb .booleanTest is not None or kb .errorTest is not None or kb .unionTest is not None or kb .timeTest is not None :
385- expression = cleanQuery (expression )
386- expression = expandAsteriskForColumns (expression )
387- value = None
388- expression = expression .replace ("DISTINCT " , "" )
389-
390- if inband and kb .unionTest is not None :
391- kb .technique = PAYLOAD .TECHNIQUE .UNION
392- value = __goInband (expression , expected , sort , resumeValue , unpack , dump )
393-
394- if not value :
395- warnMsg = "for some reason(s) it was not possible to retrieve "
396- warnMsg += "the query output through inband SQL injection "
397- warnMsg += "technique, sqlmap is going blind"
398- logger .warn (warnMsg )
382+ try :
383+ if conf .direct :
384+ value = direct (expression )
385+ elif kb .booleanTest is not None or kb .errorTest is not None or kb .unionTest is not None or kb .timeTest is not None :
386+ expression = cleanQuery (expression )
387+ expression = expandAsteriskForColumns (expression )
388+ value = None
389+ found = False
390+ expression = expression .replace ("DISTINCT " , "" )
399391
400- oldParamNegative = kb .unionNegative
401- kb .unionNegative = False
392+ if inband and kb .unionTest is not None :
393+ kb .technique = PAYLOAD .TECHNIQUE .UNION
394+ value = __goInband (expression , expected , sort , resumeValue , unpack , dump )
395+ found = value or (value is None and expectingNone )
402396
403- if error and kb .errorTest and not value :
404- kb .technique = PAYLOAD .TECHNIQUE .ERROR
405- value = __goError (expression , resumeValue )
397+ if not found :
398+ warnMsg = "for some reason(s) it was not possible to retrieve "
399+ warnMsg += "the query output through inband SQL injection "
400+ warnMsg += "technique, sqlmap is going blind"
401+ logger .warn (warnMsg )
406402
407- if blind and kb .booleanTest and not value :
408- kb .technique = PAYLOAD .TECHNIQUE .BOOLEAN
409- value = __goInferenceProxy (expression , fromUser , expected , batch , resumeValue , unpack , charsetType , firstChar , lastChar )
403+ oldParamNegative = kb .unionNegative
404+ kb .unionNegative = False
410405
411- if time and kb .timeTest and not value :
412- kb .technique = PAYLOAD .TECHNIQUE .TIME
406+ if error and kb .errorTest and not found :
407+ kb .technique = PAYLOAD .TECHNIQUE .ERROR
408+ value = __goError (expression , resumeValue )
409+ found = value or (value is None and expectingNone )
413410
414- while len (kb .responseTimes ) < MIN_TIME_RESPONSES :
415- _ = Request .queryPage (content = True )
411+ if blind and kb .booleanTest and not found :
412+ kb .technique = PAYLOAD .TECHNIQUE .BOOLEAN
413+ value = __goInferenceProxy (expression , fromUser , expected , batch , resumeValue , unpack , charsetType , firstChar , lastChar )
414+ found = value or (value is None and expectingNone )
416415
417- value = __goInferenceProxy (expression , fromUser , expected , batch , resumeValue , unpack , charsetType , firstChar , lastChar )
416+ if time and kb .timeTest and not found :
417+ kb .technique = PAYLOAD .TECHNIQUE .TIME
418418
419- kb .unionNegative = oldParamNegative
419+ while len (kb .responseTimes ) < MIN_TIME_RESPONSES :
420+ _ = Request .queryPage (content = True )
420421
421- if value and isinstance (value , basestring ):
422- value = value .strip ()
423- else :
424- errMsg = "none of the injection types identified can be "
425- errMsg += "leveraged to retrieve queries output"
426- raise sqlmapNotVulnerableException , errMsg
422+ value = __goInferenceProxy (expression , fromUser , expected , batch , resumeValue , unpack , charsetType , firstChar , lastChar )
427423
428- if suppressOutput :
429- conf .verbose = popValue ()
424+ kb .unionNegative = oldParamNegative
425+
426+ if value and isinstance (value , basestring ):
427+ value = value .strip ()
428+ else :
429+ errMsg = "none of the injection types identified can be "
430+ errMsg += "leveraged to retrieve queries output"
431+ raise sqlmapNotVulnerableException , errMsg
432+ finally :
433+ if suppressOutput :
434+ conf .verbose = popValue ()
430435
431436 return value
432437
@@ -449,5 +454,5 @@ def goStacked(expression, silent=False):
449454
450455 return payload , page
451456
452- def checkBooleanExpression (expression ):
453- return getValue (agent .forgeCaseStatement (expression ), expected = "int" , charsetType = 1 ) == "1"
457+ def checkBooleanExpression (expression , expectingNone = False ):
458+ return getValue (agent .forgeCaseStatement (expression ), expected = "int" , charsetType = 1 , expectingNone = expectingNone ) == "1"
0 commit comments