Just.. cosmetics ;)

2026-01-27 08:39:03 +00:00 · 2011-01-31 22:51:14 +00:00
parent 35b6d7278a
commit 6761933f75
7 changed files with 18 additions and 7 deletions
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -147,8 +147,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None

    def validateChar(idx, value):
        """
-        used in time based inference (in case that original and retrieved value are not equal there will be deliberate delay)
+        Used in time-based inference (in case that original and retrieved
+        value are not equal there will be a deliberate delay).
        """
+
        forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value))
        queriesCount[0] += 1
        result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
@@ -240,9 +242,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
                            return None
                    else:
                        retVal = minValue + 1
+
                        if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload):
                            if timeBasedCompare and not validateChar(idx, retVal):
-                                errMsg = "invalid character detected. retrying..."
+                                errMsg = "invalid character detected. retrying.."
                                logger.error(errMsg)

                                conf.timeSec += 1
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -61,8 +61,9 @@ def __oneShotErrorUse(expression, field):

    # Parse the returned page to get the exact error-based
    # sql injection output
-    output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE)\
-      or extractRegexResult(check, listToStrValue(headers.headers if headers else None), re.DOTALL | re.IGNORECASE)
+    output = extractRegexResult(check, page, re.DOTALL | re.IGNORECASE) \
+             or extractRegexResult(check, listToStrValue(headers.headers \
+             if headers else None), re.DOTALL | re.IGNORECASE)

    dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(output)))