First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.

Major refactoring to Agent.payload() method. Minor bug fixes, some code refactoring and a lot of core adjustments here and there. Added more checks for injection in GROUP BY and ORDER BY.
2025-12-07 05:01:30 +00:00 · 2011-01-11 22:18:47 +00:00
parent 06230e4d92
commit 300128042c
10 changed files with 254 additions and 200 deletions
--- a/lib/core/session.py
+++ b/lib/core/session.py
@@ -204,70 +204,18 @@ def setUnion(comment=None, count=None, position=None, negative=False, char=None,
    """

    if comment:
-        condition = (
-                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                      not kb.resumedQueries[conf.url].has_key("Union comment") )
-                    )
-
-        if condition:
-            dataToSessionFile("[%s][%s][%s][Union comment][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), safeFormatString(comment)))
-
        kb.unionComment = comment

    if count:
-        condition = (
-                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                      not kb.resumedQueries[conf.url].has_key("Union count") )
-                    )
-
-        if condition:
-            dataToSessionFile("[%s][%s][%s][Union count][%d]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), count))
-
        kb.unionCount = count

    if position is not None:
-        condition = (
-                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                      not kb.resumedQueries[conf.url].has_key("Union position") )
-                    )
-
-        if condition:
-            dataToSessionFile("[%s][%s][%s][Union position][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), position))
-
        kb.unionPosition = position

    if negative:
-        condition = (
-                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                      ( not kb.resumedQueries[conf.url].has_key("Union negative")
-                      ) )
-                    )
-
-        if condition:
-            dataToSessionFile("[%s][%s][%s][Union negative][Yes]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place])))
-
        kb.unionNegative = True

-    if char:
-        condition = (
-                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                      ( not kb.resumedQueries[conf.url].has_key("Union char")
-                      ) )
-                    )
-
-        if condition:
-            dataToSessionFile("[%s][%s][%s][Union char][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), char))
-
    if payload:
-        condition = (
-                      not kb.resumedQueries or ( kb.resumedQueries.has_key(conf.url) and
-                      ( not kb.resumedQueries[conf.url].has_key("Union payload")
-                      ) )
-                    )
-
-        if condition:
-            dataToSessionFile("[%s][%s][%s][Union payload][%s]\n" % (conf.url, kb.injection.place, safeFormatString(conf.parameters[kb.injection.place]), payload))
-
        kb.unionTest = payload

 def setRemoteTempPath():