Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit d3e7e89

Browse files
stamparmstamparm
committed
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
1 parent 620fa1c commit d3e7e89

16 files changed

Lines changed: 35 additions & 42 deletions

File tree

lib/core/agent.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,8 +36,8 @@ def __init__(self):
3636
kb.misc.stop = randomStr(6)
3737

3838
def payloadDirect(self, query):
39-
if query.startswith(" AND "):
40-
query = query.replace(" AND ", "SELECT ", 1)
39+
if query.startswith("AND "):
40+
query = query.replace("AND ", "SELECT ", 1)
4141
elif query.startswith(" UNION ALL "):
4242
query = query.replace(" UNION ALL ", "", 1)
4343
elif query.startswith("; "):

lib/request/connect.py

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -318,6 +318,11 @@ def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent
318318

319319
value = agent.replacePayload(value, payload)
320320

321+
payload = agent.extractPayload(value)
322+
if payload:
323+
debugMsg = "payload: %s" % payload
324+
logger.debug(debugMsg)
325+
321326
if place == "Cookie" and conf.cookieUrlencode:
322327
value = agent.removePayloadDelimiters(value, False)
323328
value = urlEncodeCookieValues(value)

lib/request/inject.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -399,9 +399,6 @@ def goStacked(expression, silent=False):
399399
query = agent.prefixQuery("; %s" % expression)
400400
query = agent.postfixQuery("%s;%s" % (query, comment))
401401

402-
debugMsg = "query: %s" % query
403-
logger.debug(debugMsg)
404-
405402
payload = agent.payload(newValue=query)
406403
page, _ = Request.queryPage(payload, content=True, silent=silent)
407404

lib/techniques/blind/inference.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -75,9 +75,6 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
7575
else:
7676
expressionUnescaped = unescaper.unescape(expression)
7777

78-
debugMsg = "query: %s" % expressionUnescaped
79-
logger.debug(debugMsg)
80-
8178
if length and not isinstance(length, int) and length.isdigit():
8279
length = int(length)
8380

lib/techniques/error/use.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -64,9 +64,6 @@ def errorUse(expression, returnPayload=False):
6464

6565
forgedQuery = safeStringFormat(query, (logic, randInt, startLimiter, expressionUnescaped, endLimiter))
6666

67-
debugMsg = "query: %s" % forgedQuery
68-
logger.debug(debugMsg)
69-
7067
payload = agent.payload(newValue=forgedQuery)
7168
result = Request.queryPage(payload, content=True)
7269
match = re.search('%s(?P<result>.*?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)

lib/techniques/inband/union/use.py

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -197,9 +197,6 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
197197
query = agent.forgeInbandQuery(expression, nullChar=nullChar)
198198
payload = agent.payload(newValue=query)
199199

200-
debugMsg = "query: %s" % query
201-
logger.debug(debugMsg)
202-
203200
# Perform the request
204201
resultPage, _ = Request.queryPage(payload, content=True)
205202
reqCount += 1

lib/utils/parenthesis.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,8 +45,8 @@ def checkForParenthesis():
4545
randInt = randomInt()
4646
randStr = randomStr()
4747

48-
query = case.usage.prefix.format % eval(case.usage.prefix.params) +\
49-
case.usage.postfix.format % eval(case.usage.postfix.params)
48+
query = case.usage.prefix.format % eval(case.usage.prefix.params)
49+
query = query[:-1] + case.usage.postfix.format % eval(case.usage.postfix.params)
5050

5151
payload = agent.payload(newValue=query)
5252
result = Request.queryPage(payload)

plugins/dbms/access/fingerprint.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -161,14 +161,14 @@ def checkDbms(self):
161161
logMsg = "testing Microsoft Access"
162162
logger.info(logMsg)
163163

164-
payload = agent.fullPayload(" AND VAL(CVAR(1))=1")
164+
payload = agent.fullPayload("AND VAL(CVAR(1))=1")
165165
result = Request.queryPage(payload)
166166

167167
if result:
168168
logMsg = "confirming Microsoft Access"
169169
logger.info(logMsg)
170170

171-
payload = agent.fullPayload(" AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
171+
payload = agent.fullPayload("AND IIF(ATN(2)>0,1,0) BETWEEN 2 AND 0")
172172
result = Request.queryPage(payload)
173173

174174
if not result:

plugins/dbms/firebird/fingerprint.py

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -72,10 +72,10 @@ def getFingerprint(self):
7272
def __sysTablesCheck(self):
7373
retVal = None
7474
table = (
75-
("1.0", [" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
76-
("1.5", [" AND NULLIF(%d,%d) IS NULL", " AND EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
77-
("2.0", [" AND EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", " AND BIT_LENGTH(%d)>0", " AND CHAR_LENGTH(%d)>0"]),
78-
("2.1", [" AND BIN_XOR(%d,%d)=0", " AND PI()>0.%d", " AND RAND()<1.%d", " AND FLOOR(1.%d)>=0"])
75+
("1.0", ["AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)"]),
76+
("1.5", ["AND NULLIF(%d,%d) IS NULL", "AND EXISTS(SELECT CURRENT_TRANSACTION FROM RDB$DATABASE)"]),
77+
("2.0", ["AND EXISTS(SELECT CURRENT_TIME(0) FROM RDB$DATABASE)", "AND BIT_LENGTH(%d)>0", "AND CHAR_LENGTH(%d)>0"]),
78+
("2.1", ["AND BIN_XOR(%d,%d)=0", "AND PI()>0.%d", "AND RAND()<1.%d", "AND FLOOR(1.%d)>=0"])
7979
)
8080

8181
for i in xrange(len(table)):
@@ -97,7 +97,7 @@ def __sysTablesCheck(self):
9797
def __dialectCheck(self):
9898
retVal = None
9999
if kb.dbms:
100-
payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
100+
payload = agent.fullPayload("AND EXISTS(SELECT CURRENT_DATE FROM RDB$DATABASE)")
101101
result = Request.queryPage(payload)
102102
retVal = "dialect 3" if result else "dialect 1"
103103
return retVal
@@ -116,14 +116,14 @@ def checkDbms(self):
116116

117117
randInt = randomInt()
118118

119-
payload = agent.fullPayload(" AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
119+
payload = agent.fullPayload("AND EXISTS(SELECT * FROM RDB$DATABASE WHERE %d=%d)" % (randInt, randInt))
120120
result = Request.queryPage(payload)
121121

122122
if result:
123123
logMsg = "confirming Firebird"
124124
logger.info(logMsg)
125125

126-
payload = agent.fullPayload(" AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
126+
payload = agent.fullPayload("AND EXISTS(SELECT CURRENT_USER FROM RDB$DATABASE)")
127127
result = Request.queryPage(payload)
128128

129129
if not result:

plugins/dbms/maxdb/fingerprint.py

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -118,14 +118,14 @@ def checkDbms(self):
118118

119119
randInt = randomInt()
120120

121-
payload = agent.fullPayload(" AND NOROUND(%d)=%d" % (randInt, randInt))
121+
payload = agent.fullPayload("AND NOROUND(%d)=%d" % (randInt, randInt))
122122
result = Request.queryPage(payload)
123123

124124
if result:
125125
logMsg = "confirming SAP MaxDB"
126126
logger.info(logMsg)
127127

128-
payload = agent.fullPayload(" AND MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
128+
payload = agent.fullPayload("AND MAPCHAR(NULL,1,DEFAULTMAP) IS NULL")
129129
result = Request.queryPage(payload)
130130

131131
if not result:

0 commit comments

Comments
 (0)