Consistency between --*-test switches/output

2025-12-16 04:39:06 +00:00 · 2010-11-08 16:46:25 +00:00
parent dac7436edf
commit 45ec8c169a
7 changed files with 38 additions and 15 deletions
--- a/lib/techniques/blind/timebased.py
+++ b/lib/techniques/blind/timebased.py
@@ -19,6 +19,9 @@ from lib.request import inject
 from lib.request.connect import Connect as Request

 def timeTest():
+    if kb.timeTest is not None:
+        return kb.timeTest
+
    infoMsg  = "testing time-based blind sql injection on parameter "
    infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
    logger.info(infoMsg)
@@ -37,7 +40,7 @@ def timeTest():
        infoMsg += "'%s'" % kb.injParameter
        logger.info(infoMsg)

-        kb.timeTest = payload
+        kb.timeTest = agent.removePayloadDelimiters(payload, False)
    else:
        warnMsg  = "the target url is not affected by a time-based blind "
        warnMsg += "sql injection with AND condition syntax on parameter "
@@ -59,7 +62,7 @@ def timeTest():
            infoMsg += "'%s'" % kb.injParameter
            logger.info(infoMsg)

-            kb.timeTest = payload
+            kb.timeTest = agent.removePayloadDelimiters(payload, False)
        else:
            warnMsg  = "the target url is not affected by a time-based blind "
            warnMsg += "sql injection with stacked queries syntax on parameter "
--- a/lib/techniques/error/test.py
+++ b/lib/techniques/error/test.py
@@ -9,6 +9,7 @@ See the file 'doc/COPYING' for copying permission

 import time

+from lib.core.agent import agent
 from lib.core.common import getUnicode
 from lib.core.common import randomInt
 from lib.core.data import conf
@@ -38,7 +39,7 @@ def errorTest():
        infoMsg += "injection on parameter '%s'" % kb.injParameter
        logger.info(infoMsg)

-        kb.errorTest = True
+        kb.errorTest = agent.removePayloadDelimiters(usedPayload, False)
    else:
        warnMsg  = "the target url is not affected by an error-based sql "
        warnMsg += "injection on parameter '%s'" % kb.injParameter
@@ -48,7 +49,4 @@ def errorTest():

    setError()

-    if kb.errorTest:
-        return usedPayload
-    else:
-        return False
+    return kb.errorTest
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -73,6 +73,7 @@ def errorUse(expression, returnPayload=False):

    if match:
        output = match.group('result')
+
        if output:
            output = output.replace(ERROR_SPACE, " ").replace(ERROR_EMPTY_CHAR, "")

--- a/lib/techniques/inband/union/test.py
+++ b/lib/techniques/inband/union/test.py
@@ -174,8 +174,8 @@ def unionTest():
    if conf.direct:
        return

-    if kb.unionCount is not None and kb.unionPosition is not None:
-        return
+    if kb.unionTest is not None:
+        return kb.unionTest

    if conf.uTech == "orderby":
        technique = "ORDER BY clause bruteforcing"
@@ -209,5 +209,7 @@ def unionTest():

    if validPayload is None:
        validPayload = ""
+    elif isinstance(validPayload, basestring):
+        kb.unionTest = agent.removePayloadDelimiters(validPayload, False)

-    return validPayload
+    return kb.unionTest
--- a/lib/techniques/outband/stacked.py
+++ b/lib/techniques/outband/stacked.py
@@ -9,6 +9,7 @@ See the file 'doc/COPYING' for copying permission

 import time

+from lib.core.agent import agent
 from lib.core.common import calculateDeltaSeconds
 from lib.core.common import getDelayQuery
 from lib.core.data import conf
@@ -38,7 +39,7 @@ def stackedTest():
        infoMsg += "sql injection on parameter '%s'" % kb.injParameter
        logger.info(infoMsg)

-        kb.stackedTest = payload
+        kb.stackedTest = agent.removePayloadDelimiters(payload, False)
    else:
        warnMsg  = "the target url is not affected by a stacked queries "
        warnMsg += "sql injection on parameter '%s'" % kb.injParameter