Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 886aa22

Browse files
stamparmstamparm
committed
minor update
1 parent 5039888 commit 886aa22

3 files changed

Lines changed: 15 additions & 11 deletions

File tree

lib/techniques/union/use.py

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -309,13 +309,14 @@ def unionThread():
309309
if isNoneValue(items):
310310
continue
311311
kb.locks.value.acquire()
312-
threadData.shared.value.append(unArrayizeValue(items))
312+
for item in items:
313+
threadData.shared.value.append(item)
313314
kb.locks.value.release()
314315
else:
315316
items = output.replace(kb.chars.start, "").replace(kb.chars.stop, "").split(kb.chars.delimiter)
316317

317318
if conf.verbose == 1:
318-
status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", safecharencode(",".join(map(lambda x: "\"%s\"" % x, arrayizeValue(items)))))
319+
status = "[%s] [INFO] %s: %s" % (time.strftime("%X"), "resumed" if threadData.resumed else "retrieved", safecharencode(",".join("\"%s\"" % _ for _ in unArrayizeValue(items))))
319320

320321
if len(status) > width:
321322
status = "%s..." % status[:width - 3]

plugins/dbms/mssqlserver/enumeration.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -121,12 +121,12 @@ def getTables(self):
121121

122122
for query in (rootQuery.blind.count, rootQuery.blind.count2, rootQuery.blind.count3):
123123
_ = query.replace("%s", db)
124-
count = inject.getValue(_, inband=False, error=False, charsetType=CHARSET_TYPE.DIGITS)
124+
count = inject.getValue(_, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
125125
if not isNoneValue(count):
126126
break
127127

128128
if not isNumPosStrValue(count):
129-
if count != "0":
129+
if count != 0:
130130
warnMsg = "unable to retrieve the number of "
131131
warnMsg += "tables for database '%s'" % db
132132
logger.warn(warnMsg)

plugins/generic/enumeration.py

Lines changed: 10 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1369,11 +1369,14 @@ def __pivotDumpTable(self, table, colList, count=None, blind=True):
13691369
validColumnList = False
13701370
validPivotValue = False
13711371

1372-
if not count:
1372+
if count is None:
13731373
query = dumpNode.count % table
1374-
count = inject.getValue(query, inband=False, error=False) if blind else inject.getValue(query, blind=False)
1374+
count = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS) if blind else inject.getValue(query, blind=False, expected=EXPECTED.INT)
13751375

1376-
if count == "0":
1376+
if isinstance(count, basestring) and count.isdigit():
1377+
count = int(count)
1378+
1379+
if count == 0:
13771380
infoMsg = "table '%s' appears to be empty" % unsafeSQLIdentificatorNaming(table)
13781381
logger.info(infoMsg)
13791382

@@ -1400,9 +1403,9 @@ def __pivotDumpTable(self, table, colList, count=None, blind=True):
14001403
query = dumpNode.count2 % (column, table)
14011404

14021405
if blind:
1403-
value = inject.getValue(query, inband=False, error=False)
1406+
value = inject.getValue(query, inband=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
14041407
else:
1405-
value = inject.getValue(query, blind=False)
1408+
value = inject.getValue(query, blind=False, expected=EXPECTED.INT)
14061409

14071410
if isNumPosStrValue(value):
14081411
validColumnList = True
@@ -1424,14 +1427,14 @@ def __pivotDumpTable(self, table, colList, count=None, blind=True):
14241427

14251428
if not validPivotValue:
14261429
warnMsg = "no proper pivot column provided (with unique values)."
1427-
warnMsg += " It's not possible to retrieve all rows."
1430+
warnMsg += " It won't be possible to retrieve all rows"
14281431
logger.warn(warnMsg)
14291432

14301433
pivotValue = " "
14311434
breakRetrieval = False
14321435

14331436
try:
1434-
for i in xrange(int(count)):
1437+
for i in xrange(count):
14351438
if breakRetrieval:
14361439
break
14371440

0 commit comments

Comments
 (0)