PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 12:41:30 +00:00
Code Issues Projects Releases Wiki Activity

now showing trimmed output in for of warning message (UNION and ERROR techniques affected)

Browse Source
This commit is contained in:
Miroslav Stampar
2011-04-20 12:41:58 +00:00
parent 7993f3f12d
commit 1286cc0913
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
lib/techniques/error/use.py
View File

@@ -52,6 +52,8 @@ def __oneShotErrorUse(expression, field):
while True:
check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
trimcheck = "%s(?P<result>.*?)</" % (kb.misc.start)
nulledCastedField = agent.nullAndCastField(field)
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
@@ -82,6 +84,18 @@ def __oneShotErrorUse(expression, field):
if output:
output = getUnicode(output, kb.pageEncoding)
else:
trimmed = extractRegexResult(trimcheck, page, re.DOTALL | re.IGNORECASE) \
or extractRegexResult(trimcheck, listToStrValue(headers.headers \
if headers else None), re.DOTALL | re.IGNORECASE) \
or extractRegexResult(trimcheck, threadData.lastRedirectMsg[1] \
if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \
threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)
if trimmed:
warnMsg = "trimmed output output detected: "
warnMsg += trimmed
logger.warn(warnMsg)
if isinstance(output, basestring):
output = htmlunescape(output).replace("<br>", "\n")