Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e3a3ae1

Browse files
bdamelebdamele
committed
Proper return from error-based technique enumeration
1 parent fa58a9c commit e3a3ae1

3 files changed

Lines changed: 13 additions & 12 deletions

File tree

lib/techniques/error/use.py

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -97,7 +97,9 @@ def __errorFields(expression, expressionFields, expressionFieldsList, expected=N
9797
logger.warn(warnMsg)
9898

9999
output = __oneShotErrorUse(expressionReplaced, field)
100-
logger.info("retrieved: %s" % output)
100+
101+
if output is not None:
102+
logger.info("retrieved: %s" % output)
101103

102104
if isinstance(num, int):
103105
expression = origExpr
@@ -145,7 +147,7 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
145147
# entry per time
146148
# NOTE: I assume that only queries that get data from a table can
147149
# return multiple entries
148-
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper():
150+
if " FROM " in expression.upper() and ((Backend.getIdentifiedDbms() not in FROM_TABLE) or (Backend.getIdentifiedDbms() in FROM_TABLE and not expression.upper().endswith(FROM_TABLE[Backend.getIdentifiedDbms()]))) and "EXISTS(" not in expression.upper() and "(CASE" not in expression.upper():
149151
limitRegExp = re.search(queries[Backend.getIdentifiedDbms()].limitregexp.query, expression, re.I)
150152
topLimit = re.search("TOP\s+([\d]+)\s+", expression, re.I)
151153

@@ -258,6 +260,9 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
258260
try:
259261
for num in xrange(startLimit, stopLimit):
260262
output = __errorFields(expression, expressionFields, expressionFieldsList, expected, num, resumeValue)
263+
if output and isinstance(output, list) and len(output) == 1:
264+
output = output[0]
265+
261266
outputs.append(output)
262267

263268
except KeyboardInterrupt:
@@ -270,8 +275,10 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False):
270275
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
271276
logger.debug(debugMsg)
272277

273-
return outputs
274-
else:
275-
return __errorFields(expression, expressionFields, expressionFieldsList)
278+
if not outputs:
279+
outputs = __errorFields(expression, expressionFields, expressionFieldsList)
280+
281+
if outputs and isinstance(outputs, list) and len(outputs) == 1:
282+
outputs = outputs[0]
276283

277284
return outputs

lib/techniques/inband/union/use.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -254,7 +254,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, unpack
254254
reqCount += 1
255255

256256
if kb.misc.start not in content or kb.misc.stop not in content:
257-
return
257+
return None
258258

259259
# Parse the returned page to get the exact inband
260260
# sql injection output

plugins/generic/enumeration.py

Lines changed: 0 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -267,9 +267,6 @@ def getPasswordHashes(self):
267267
if parsedUser:
268268
user = parsedUser.groups()[0]
269269

270-
if isinstance(user, list):
271-
user = user[0]
272-
273270
if not user or user in retrievedUsers:
274271
continue
275272

@@ -539,9 +536,6 @@ def getPrivileges(self, query2=False):
539536
if Backend.getIdentifiedDbms() == DBMS.MYSQL and kb.data.has_information_schema:
540537
unescapedUser = unescaper.unescape(user, quote=False)
541538

542-
if isinstance(user, list):
543-
user = user[0]
544-
545539
if not user or user in retrievedUsers:
546540
continue
547541

0 commit comments

Comments
 (0)