bug fix

stamparm · stamparm · commit 8c45ff0d57c8 · 2012-02-03T10:38:04.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -2798,7 +2798,7 @@ def removeReflectiveValues(content, payload, suppressWarning=False):
     if all([content, payload]) and isinstance(content, unicode) and kb.reflectiveMechanism:
         payload = getUnicode(urldecode(payload.replace(PAYLOAD_DELIMITER, '')))
 
-        regex = filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX.encode("string-escape"))
+        regex = r"\b%s\b" % filterStringValue(payload, r'[A-Za-z0-9]', REFLECTED_NON_ALPHA_NUM_REGEX.encode("string-escape"))
 
         while 2 * REFLECTED_NON_ALPHA_NUM_REGEX in regex:
             regex = regex.replace(2 * REFLECTED_NON_ALPHA_NUM_REGEX, REFLECTED_NON_ALPHA_NUM_REGEX)
diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py
@@ -202,6 +202,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
 
     initTechnique(PAYLOAD.TECHNIQUE.ERROR)
 
+    abortedFlag = False
     count = None
     start = time.time()
     startLimit = 0
@@ -374,6 +375,7 @@ def errorThread():
                 runThreads(numThreads, errorThread)
 
             except KeyboardInterrupt:
+                abortedFlag = True
                 warnMsg = "user aborted during enumeration. sqlmap "
                 warnMsg += "will display partial output"
                 logger.warn(warnMsg)
@@ -382,7 +384,7 @@ def errorThread():
                 outputs = threadData.shared.outputs
                 kb.suppressResumeInfo = False
 
-    if not outputs:
+    if not outputs and not abortedFlag:
         outputs = __errorFields(expression, expressionFields, expressionFieldsList)
 
     if outputs and isinstance(outputs, list) and len(outputs) == 1 and isinstance(outputs[0], basestring):
diff --git a/lib/techniques/union/use.py b/lib/techniques/union/use.py
@@ -141,6 +141,7 @@ def unionUse(expression, unpack=True, dump=False):
 
     initTechnique(PAYLOAD.TECHNIQUE.UNION)
 
+    abortedFlag = False
     count = None
     origExpr = expression
     startLimit = 0
@@ -331,6 +332,8 @@ def unionThread():
                     clearConsoleLine(True)
 
             except KeyboardInterrupt:
+                abortedFlag = True
+
                 warnMsg = "user aborted during enumeration. sqlmap "
                 warnMsg += "will display partial output"
                 logger.warn(warnMsg)
@@ -339,7 +342,7 @@ def unionThread():
                 value = threadData.shared.value
                 kb.suppressResumeInfo = False
 
-    if not value:
+    if not value and not abortedFlag:
         expression = re.sub("\s*ORDER BY\s+[\w,]+", "", expression, re.I) # full inband doesn't play well with ORDER BY
         value = __oneShotUnionUse(expression, unpack)
 
