Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ea9c661

Browse files
bdamelebdamele
committed
cleanup for issue #68 
1 parent 569c921 commit ea9c661

2 files changed

Lines changed: 16 additions & 38 deletions

File tree

lib/request/inject.py

Lines changed: 13 additions & 35 deletions
Original file line numberDiff line numberDiff line change
@@ -94,7 +94,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
9494

9595
return value
9696

97-
def __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected=None, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False):
97+
def __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=None, charsetType=None, firstChar=None, lastChar=None, dump=False):
9898
outputs = []
9999
origExpr = None
100100

@@ -122,7 +122,7 @@ def __goInferenceFields(expression, expressionFields, expressionFieldsList, payl
122122

123123
return outputs
124124

125-
def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, unpack=True, charsetType=None, firstChar=None, lastChar=None, dump=False):
125+
def __goInferenceProxy(expression, fromUser=False, batch=False, unpack=True, charsetType=None, firstChar=None, lastChar=None, dump=False):
126126
"""
127127
Retrieve the output of a SQL query characted by character taking
128128
advantage of an blind SQL injection vulnerability on the affected
@@ -304,7 +304,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, u
304304

305305
try:
306306
for num in xrange(startLimit, stopLimit):
307-
output = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, num, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
307+
output = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, num=num, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
308308
outputs.append(output)
309309

310310
except KeyboardInterrupt:
@@ -317,7 +317,7 @@ def __goInferenceProxy(expression, fromUser=False, expected=None, batch=False, u
317317
elif Backend.getIdentifiedDbms() in FROM_DUMMY_TABLE and expression.upper().startswith("SELECT ") and " FROM " not in expression.upper():
318318
expression += FROM_DUMMY_TABLE[Backend.getIdentifiedDbms()]
319319

320-
outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, expected, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
320+
outputs = __goInferenceFields(expression, expressionFields, expressionFieldsList, payload, charsetType=charsetType, firstChar=firstChar, lastChar=lastChar, dump=dump)
321321

322322
return ", ".join(output for output in outputs) if not isNoneValue(outputs) else None
323323

@@ -345,23 +345,14 @@ def __goBooleanProxy(expression):
345345

346346
return output
347347

348-
def __goError(expression, expected=None, dump=False):
349-
"""
350-
Retrieve the output of a SQL query taking advantage of an error-based
351-
SQL injection vulnerability on the affected parameter.
352-
"""
353-
354-
output = errorUse(expression, expected, dump)
355-
356-
return output
357-
358-
def __goInband(expression, expected=None, unpack=True, dump=False):
348+
def __goInband(expression, unpack=True, dump=False):
359349
"""
360350
Retrieve the output of a SQL query taking advantage of an inband SQL
361351
injection vulnerability on the affected parameter.
362352
"""
363353

364354
output = unionUse(expression, unpack=unpack, dump=dump)
355+
365356
if isinstance(output, basestring):
366357
output = parseUnionPage(output)
367358

@@ -392,41 +383,27 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
392383
forgeCaseExpression = agent.forgeCaseStatement(expression)
393384

394385
if conf.direct:
395-
if expected == EXPECTED.BOOL:
396-
value = direct(forgeCaseExpression)
397-
else:
398-
value = direct(expression)
386+
value = direct(forgeCaseExpression if expected == EXPECTED.BOOL else expression)
399387

400388
elif any(map(isTechniqueAvailable, getPublicTypeMembers(PAYLOAD.TECHNIQUE, onlyValues=True))):
401389
query = cleanQuery(expression)
402390
query = expandAsteriskForColumns(query)
403391
value = None
404392
found = False
393+
count = 0
405394

406395
if query and not 'COUNT(*)' in query:
407396
query = query.replace("DISTINCT ", "")
408397

409-
count = 0
410-
411398
if inband and isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
412399
kb.technique = PAYLOAD.TECHNIQUE.UNION
413-
414-
if expected == EXPECTED.BOOL:
415-
value = __goInband(forgeCaseExpression, expected, unpack, dump)
416-
else:
417-
value = __goInband(query, expected, unpack, dump)
418-
400+
value = __goInband(forgeCaseExpression if expected == EXPECTED.BOOL else query, unpack, dump)
419401
count += 1
420402
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
421403

422404
if error and isTechniqueAvailable(PAYLOAD.TECHNIQUE.ERROR) and not found:
423405
kb.technique = PAYLOAD.TECHNIQUE.ERROR
424-
425-
if expected == EXPECTED.BOOL:
426-
value = __goError(forgeCaseExpression, expected, dump)
427-
else:
428-
value = __goError(query, expected, dump)
429-
406+
value = errorUse(forgeCaseExpression if expected == EXPECTED.BOOL else query, dump)
430407
count += 1
431408
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
432409

@@ -436,7 +413,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
436413
if expected == EXPECTED.BOOL:
437414
value = __goBooleanProxy(booleanExpression)
438415
else:
439-
value = __goInferenceProxy(query, fromUser, expected, batch, unpack, charsetType, firstChar, lastChar, dump)
416+
value = __goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)
440417

441418
count += 1
442419
found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE
@@ -450,7 +427,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
450427
if expected == EXPECTED.BOOL:
451428
value = __goBooleanProxy(booleanExpression)
452429
else:
453-
value = __goInferenceProxy(query, fromUser, expected, batch, unpack, charsetType, firstChar, lastChar, dump)
430+
value = __goInferenceProxy(query, fromUser, batch, unpack, charsetType, firstChar, lastChar, dump)
454431

455432
if value and isinstance(value, basestring):
456433
value = value.strip()
@@ -461,6 +438,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
461438

462439
finally:
463440
kb.resumeValues = True
441+
464442
if suppressOutput is not None:
465443
getCurrentThreadData().disableStdOut = popValue()
466444

lib/techniques/error/use.py

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -153,7 +153,7 @@ def __oneShotErrorUse(expression, field=None):
153153

154154
return safecharencode(retVal) if kb.safeCharEncode else retVal
155155

156-
def __errorFields(expression, expressionFields, expressionFieldsList, expected=None, num=None, emptyFields=None):
156+
def __errorFields(expression, expressionFields, expressionFieldsList, num=None, emptyFields=None):
157157
outputs = []
158158
origExpr = None
159159

@@ -217,7 +217,7 @@ def __formatPartialContent(value):
217217
value = safecharencode(value)
218218
return value
219219

220-
def errorUse(expression, expected=None, dump=False):
220+
def errorUse(expression, dump=False):
221221
"""
222222
Retrieve the output of a SQL query taking advantage of the error-based
223223
SQL injection vulnerability on the affected parameter.
@@ -380,7 +380,7 @@ def errorThread():
380380
except StopIteration:
381381
break
382382

383-
output = __errorFields(expression, expressionFields, expressionFieldsList, expected, num, emptyFields)
383+
output = __errorFields(expression, expressionFields, expressionFieldsList, num, emptyFields)
384384

385385
if not kb.threadContinue:
386386
break

0 commit comments

Comments
 (0)