Implements #2908

2025-12-07 13:11:29 +00:00 · 2019-06-27 17:28:43 +02:00
parent c938d77be9
commit aa9b5e4e0c
20 changed files with 1790 additions and 34 deletions
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -43,6 +43,7 @@ from lib.core.dicts import FROM_DUMMY_TABLE
 from lib.core.enums import DBMS
 from lib.core.enums import HASHDB_KEYS
 from lib.core.enums import HTTP_HEADER
+from lib.core.enums import PAYLOAD
 from lib.core.exception import SqlmapDataException
 from lib.core.settings import CHECK_ZERO_COLUMNS_THRESHOLD
 from lib.core.settings import MAX_ERROR_CHUNK_LENGTH
@@ -123,7 +124,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False):
                        nulledCastedField = queries[Backend.getIdentifiedDbms()].substring.query % (nulledCastedField, offset, kb.errorChunkLength)

                # Forge the error-based SQL injection request
-                vector = kb.injection.data[kb.technique].vector
+                vector = kb.injection.data[PAYLOAD.TECHNIQUE.ERROR].vector
                query = agent.prefixQuery(vector)
                query = agent.suffixQuery(query)
                injExpression = expression.replace(field, nulledCastedField, 1) if field else expression
@@ -134,7 +135,7 @@ def _oneShotErrorUse(expression, field=None, chunkTest=False):
                # Perform the request
                page, headers, _ = Request.queryPage(payload, content=True, raise404=False)

-                incrementCounter(kb.technique)
+                incrementCounter(PAYLOAD.TECHNIQUE.ERROR)

                if page and conf.noEscape:
                    page = re.sub(r"('|\%%27)%s('|\%%27).*?('|\%%27)%s('|\%%27)" % (kb.chars.start, kb.chars.stop), "", page)
@@ -247,7 +248,7 @@ def _errorFields(expression, expressionFields, expressionFieldsList, num=None, e
        if not kb.threadContinue:
            return None

-        if not suppressOutput:
+        if not any((suppressOutput, kb.bruteMode)):
            if kb.fileReadMode and output and output.strip():
                print()
            elif output is not None and not (threadData.resumed and kb.suppressResumeInfo) and not (emptyFields and field in emptyFields):
@@ -298,7 +299,7 @@ def errorUse(expression, dump=False):
    SQL injection vulnerability on the affected parameter.
    """

-    initTechnique(kb.technique)
+    initTechnique(PAYLOAD.TECHNIQUE.ERROR)

    abortedFlag = False
    count = None
@@ -460,7 +461,7 @@ def errorUse(expression, dump=False):
    duration = calculateDeltaSeconds(start)

    if not kb.bruteMode:
-        debugMsg = "performed %d queries in %.2f seconds" % (kb.counters[kb.technique], duration)
+        debugMsg = "performed %d queries in %.2f seconds" % (kb.counters[PAYLOAD.TECHNIQUE.ERROR], duration)
        logger.debug(debugMsg)

    return value