Fixed previous bug in getErrorParsedDBMSes() call in detection phase.

Added minor support to escape quotes in UNION payloads during detection phase.
2025-12-06 12:41:30 +00:00 · 2011-01-11 23:47:32 +00:00
parent aa49aa579f
commit 5c7c3c76c3
5 changed files with 27 additions and 25 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -149,14 +149,15 @@ def checkSqlInjection(place, parameter, value):

                    continue

-                # NOTE: Leave this commented for the time being
-                #if getErrorParsedDBMSes() and dbms not in getErrorParsedDBMSes() and kb.skipTests is None:
-                #    msg = "parsed error message(s) showed that the "
-                #    msg += "back-end DBMS could be '%s'. " % getErrorParsedDBMSesFormatted()
-                #    msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"
-                #    kb.skipTests = conf.realTest or readInput(msg, default="Y") not in ("n", "N")
+                if getErrorParsedDBMSes() and dbms not in getErrorParsedDBMSes() and kb.skipOthersDbms is None:
+                    msg = "parsed error message(s) showed that the "
+                    msg += "back-end DBMS could be '%s'. " % getErrorParsedDBMSesFormatted()
+                    msg += "Do you want to skip test payloads specific for other DBMSes? [Y/n]"

-                if kb.skipTests:
+                    if conf.realTest or readInput(msg, default="Y") in ("y", "Y"):
+                        kb.skipOthersDbms = getErrorParsedDBMSes()
+
+                if kb.skipOthersDbms and dbms not in kb.skipOthersDbms:
                    debugMsg = "skipping test '%s' because " % title
                    debugMsg += "the parsed error message(s) showed "
                    debugMsg += "that the back-end DBMS could be "
@@ -378,7 +379,8 @@ def checkSqlInjection(place, parameter, value):
                        elif method == PAYLOAD.METHOD.UNION:
                            configUnion(test.request.char, test.request.columns)

-                            reqPayload, unionVector = unionTest(comment, place, parameter, value, prefix, suffix)
+                            dbmsToUnescape = dbms if dbms is not None else injection.dbms
+                            reqPayload, unionVector = unionTest(comment, place, parameter, value, prefix, suffix, dbmsToUnescape)

                            if isinstance(reqPayload, basestring):
                                infoMsg = "%s parameter '%s' is '%s' injectable" % (place, parameter, title)