Minor update

2026-02-04 20:46:33 +00:00 · 2025-12-31 14:35:21 +01:00
parent 49902fe5ef
commit 66983d31d7
3 changed files with 15 additions and 10 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -119,7 +119,10 @@ class Agent(object):
            if place == PLACE.URI:
                origValue = origValue.split(kb.customInjectionMark)[0]
            else:
-                origValue = filterNone(re.search(_, origValue.split(BOUNDED_INJECTION_MARKER)[0]) for _ in (r"\w+\Z", r"[^\"'><]+\Z", r"[^ ]+\Z"))[0].group(0)
+                try:
+                    origValue = filterNone(re.search(_, origValue.split(BOUNDED_INJECTION_MARKER)[0]) for _ in (r"\w+\Z", r"[^\"'><]+\Z", r"[^ ]+\Z"))[0].group(0)
+                except IndexError:
+                    pass
            origValue = origValue[origValue.rfind('/') + 1:]
            for char in ('?', '=', ':', ',', '&'):
                if char in origValue:
@@ -883,14 +886,16 @@ class Agent(object):
            query = query[len("TOP %s " % topNum):]
            unionQuery += "TOP %s " % topNum

-        intoRegExp = re.search(r"(\s+INTO (DUMP|OUT)FILE\s+'(.+?)')", query, re.I)
+        intoFileRegExp = re.search(r"(\s+INTO (DUMP|OUT)FILE\s+'(.+?)')", query, re.I)

-        if intoRegExp:
-            intoRegExp = intoRegExp.group(1)
-            query = query[:query.index(intoRegExp)]
+        if intoFileRegExp:
+            infoFile = intoFileRegExp.group(1)
+            query = query[:query.index(infoFile)]

            position = 0
            char = NULL
+        else:
+            infoFile = None

        for element in xrange(0, count):
            if element > 0:
@@ -909,8 +914,8 @@ class Agent(object):
        if fromTable and not unionQuery.endswith(fromTable):
            unionQuery += fromTable

-        if intoRegExp:
-            unionQuery += intoRegExp
+        if infoFile:
+            unionQuery += infoFile

        if multipleUnions:
            unionQuery += " UNION ALL SELECT "