no more regex. web server independent.

lib/core/settings.py

@@ -36,6 +36,8 @@ LOGGER.setLevel(logging.WARN)
 # error based injection
 ERROR_SPACE        = "%c%c%c" % (58, 95, 58)
 ERROR_EMPTY_CHAR   = "%c%c%c" % (58, 120, 58)
+ERROR_START_CHAR   = "%c%c%c" % (58, 115, 58)
+ERROR_END_CHAR     = "%c%c%c" % (58, 101, 58)
 
 # System variables
 IS_WIN             = subprocess.mswindows

lib/parse/queriesfile.py

@@ -99,9 +99,6 @@ class queriesHandler(ContentHandler):
             data = sanitizeStr(attrs.get("query"))
             self.__queries.error = data
 
-            data = sanitizeStr(attrs.get("regex"))
-            self.__queries.errorRegex = data
-
         elif name == "inference":
             data = sanitizeStr(attrs.get("query"))
             self.__queries.inference = data

lib/techniques/error/use.py

@@ -27,6 +27,8 @@ from lib.utils.resume import resume
 
 from lib.core.settings import ERROR_SPACE
 from lib.core.settings import ERROR_EMPTY_CHAR
+from lib.core.settings import ERROR_START_CHAR
+from lib.core.settings import ERROR_END_CHAR
 
 def errorUse(expression, resumeValue=True):
     """
@@ -63,15 +65,12 @@ def errorUse(expression, resumeValue=True):
     forgedPayload = safeStringFormat(payload, (logic, randInt, expressionUnescaped))
     result = Request.queryPage(urlencode(forgedPayload), content=True)
 
-    match = re.search(queries[kb.misc.testedDbms].errorRegex, result[0], re.DOTALL | re.IGNORECASE)
+    match = re.search('%s(?P<result>.+?)%s' % (ERROR_START_CHAR, ERROR_END_CHAR), result[0], re.DOTALL | re.IGNORECASE)
     if match:
         output = match.group('result')
         if output:
             output = output.replace(ERROR_SPACE, " ").replace(ERROR_EMPTY_CHAR, "")
 
-            if kb.misc.testedDbms == 'MySQL':
-                output = output[:-1]
-
             if conf.verbose > 0:
                 infoMsg = "retrieved: %s" % replaceNewlineTabs(output, stdout=True)
                 logger.info(infoMsg)