Bug fix (time was also meant to be disabled in case of error/inband getvalues)

2025-12-07 13:11:29 +00:00 · 2012-10-27 23:16:25 +02:00
parent 7207cf29dd
commit 06805b27f2
9 changed files with 19 additions and 19 deletions
--- a/plugins/dbms/mssqlserver/enumeration.py
+++ b/plugins/dbms/mssqlserver/enumeration.py
@@ -96,7 +96,7 @@ class Enumeration(GenericEnumeration):

                for query in (rootQuery.inband.query, rootQuery.inband.query2, rootQuery.inband.query3):
                    query = query.replace("%s", db)
-                    value = inject.getValue(query, blind=False)
+                    value = inject.getValue(query, blind=False, time=False)
                    if not isNoneValue(value):
                        break

@@ -199,7 +199,7 @@ class Enumeration(GenericEnumeration):
                if any(isTechniqueAvailable(_) for _ in (PAYLOAD.TECHNIQUE.UNION, PAYLOAD.TECHNIQUE.ERROR)) or conf.direct:
                    query = rootQuery.inband.query.replace("%s", db)
                    query += tblQuery
-                    values = inject.getValue(query, blind=False)
+                    values = inject.getValue(query, blind=False, time=False)

                    if not isNoneValue(values):
                        if isinstance(values, basestring):
@@ -321,7 +321,7 @@ class Enumeration(GenericEnumeration):
                    query = rootQuery.inband.query % (db, db, db, db, db, db)
                    query += " AND %s" % colQuery.replace("[DB]", db)
                    query += whereTblsQuery.replace("[DB]", db)
-                    values = inject.getValue(query, blind=False)
+                    values = inject.getValue(query, blind=False, time=False)

                    if not isNoneValue(values):
                        if isinstance(values, basestring):
--- a/plugins/dbms/mssqlserver/filesystem.py
+++ b/plugins/dbms/mssqlserver/filesystem.py
@@ -138,7 +138,7 @@ class Filesystem(GenericFilesystem):
        inject.goStacked(binToHexQuery)

        if isTechniqueAvailable(PAYLOAD.TECHNIQUE.UNION):
-            result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, error=False)
+            result = inject.getValue("SELECT %s FROM %s ORDER BY id ASC" % (self.tblField, hexTbl), resumeValue=False, blind=False, time=False, error=False)

        if not result:
            result = []
--- a/plugins/dbms/oracle/enumeration.py
+++ b/plugins/dbms/oracle/enumeration.py
@@ -54,7 +54,7 @@ class Enumeration(GenericEnumeration):
                query += " WHERE "
                query += " OR ".join("%s = '%s'" % (condition, user) for user in sorted(users))

-            values = inject.getValue(query, blind=False)
+            values = inject.getValue(query, blind=False, time=False)

            if not values and not query2:
                infoMsg = "trying with table USER_ROLE_PRIVS"