refactoring

lib/techniques/error/use.py

@@ -60,8 +60,8 @@ def __oneShotErrorUse(expression, field):
 
     if not retVal:
         while True:
-            check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
-            trimcheck = "%s(?P<result>.*?)</" % (kb.misc.start)
+            check = "%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
+            trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
 
             nulledCastedField = agent.nullAndCastField(field)
 
@@ -189,7 +189,7 @@ def __errorReplaceChars(value):
     retVal = value
 
     if value:
-        retVal = retVal.replace(kb.misc.space, " ").replace(kb.misc.dollar, "$").replace(kb.misc.at, "@")
+        retVal = retVal.replace(kb.chars.space, " ").replace(kb.chars.dollar, "$").replace(kb.chars.at, "@")
 
     return retVal
 

lib/techniques/union/test.py

@@ -176,7 +176,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
     for position in positions:
         # Prepare expression with delimiters
         randQuery = randomStr(UNION_MIN_RESPONSE_CHARS)
-        phrase = "%s%s%s".lower() % (kb.misc.start, randQuery, kb.misc.stop)
+        phrase = "%s%s%s".lower() % (kb.chars.start, randQuery, kb.chars.stop)
         randQueryProcessed = agent.concatQuery("\'%s\'" % randQuery)
         randQueryUnescaped = unescaper.unescape(randQueryProcessed)
 
@@ -197,7 +197,7 @@ def __unionPosition(comment, place, parameter, value, prefix, suffix, count, whe
             if where == PAYLOAD.WHERE.ORIGINAL:
                 # Prepare expression with delimiters
                 randQuery2 = randomStr(UNION_MIN_RESPONSE_CHARS)
-                phrase2 = "%s%s%s".lower() % (kb.misc.start, randQuery2, kb.misc.stop)
+                phrase2 = "%s%s%s".lower() % (kb.chars.start, randQuery2, kb.chars.stop)
                 randQueryProcessed2 = agent.concatQuery("\'%s\'" % randQuery2)
                 randQueryUnescaped2 = unescaper.unescape(randQueryProcessed2)
 

lib/techniques/union/use.py

@@ -53,12 +53,12 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
     retVal = conf.hashDB.retrieve(expression) if not conf.freshQueries else None
 
     if not retVal:
-        check = "(?P<result>%s.*%s)" % (kb.misc.start, kb.misc.stop)
-        trimcheck = "%s(?P<result>.*?)</" % (kb.misc.start)
+        check = "(?P<result>%s.*%s)" % (kb.chars.start, kb.chars.stop)
+        trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
 
         # Prepare expression with delimiters
-        expression = agent.concatQuery(expression, unpack)
-        expression = unescaper.unescape(expression)
+        injExpression = agent.concatQuery(expression, unpack)
+        injExpression = unescaper.unescape(injExpression)
 
         if conf.limitStart or conf.limitStop:
             where = PAYLOAD.WHERE.NEGATIVE
@@ -67,7 +67,7 @@ def __oneShotUnionUse(expression, unpack=True, limited=False):
 
         # Forge the inband SQL injection request
         vector = kb.injection.data[PAYLOAD.TECHNIQUE.UNION].vector
-        query = agent.forgeInbandQuery(expression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], None, limited)
+        query = agent.forgeInbandQuery(injExpression, vector[0], vector[1], vector[2], vector[3], vector[4], vector[5], None, limited)
         payload = agent.payload(newValue=query, where=where)
 
         # Perform the request
@@ -317,13 +317,13 @@ def unionUse(expression, unpack=True, dump=False):
                             break
 
                         if output:
-                            if all(map(lambda x: x in output, [kb.misc.start, kb.misc.stop])):
-                                items = extractRegexResult(r'%s(?P<result>.*?)%s' % (kb.misc.start, kb.misc.stop), output, re.DOTALL | re.IGNORECASE).split(kb.misc.delimiter)
+                            if all(map(lambda x: x in output, [kb.chars.start, kb.chars.stop])):
+                                items = extractRegexResult(r'%s(?P<result>.*?)%s' % (kb.chars.start, kb.chars.stop), output, re.DOTALL | re.IGNORECASE).split(kb.chars.delimiter)
                                 kb.locks.value.acquire()
                                 threadData.shared.value.append(items[0] if len(items) == 1 else items)
                                 kb.locks.value.release()
                             else:
-                                items = output.replace(kb.misc.start, "").replace(kb.misc.stop, "").split(kb.misc.delimiter)
+                                items = output.replace(kb.chars.start, "").replace(kb.chars.stop, "").split(kb.chars.delimiter)
 
                             if conf.verbose == 1:
                                 status = "[%s] [INFO] retrieved: %s\r\n" % (time.strftime("%X"), safecharencode(",".join(map(lambda x: "\"%s\"" % x, items))))