Oracle XML based error payload has problems with char $ as with space

2025-12-06 20:51:31 +00:00 · 2011-03-21 13:13:12 +00:00
parent 1abcd507b8
commit b5c9ccb755
5 changed files with 19 additions and 6 deletions
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@@ -94,6 +94,8 @@ def __oneShotErrorUse(expression, field):
            retVal = output
            break

+    retVal = __errorReplaceChars(retVal)
+
    dataToSessionFile("[%s][%s][%s][%s][%s]\n" % (conf.url, kb.injection.place, conf.parameters[kb.injection.place], expression, replaceNewlineTabs(retVal)))

    return retVal
@@ -134,13 +136,22 @@ def __errorFields(expression, expressionFields, expressionFieldsList, expected=N
        if isinstance(num, int):
            expression = origExpr

-        if output:
-            output = output.replace(kb.misc.space, " ")
-
        outputs.append(output)

    return outputs

+def __errorReplaceChars(value):
+    """
+    Restores safely replaced characters
+    """
+
+    retVal = value
+
+    if value:
+        retVal = retVal.replace(kb.misc.space, " ").replace(kb.misc.dollar, "$")
+
+    return retVal
+
 def errorUse(expression, expected=None, resumeValue=True, dump=False):
    """
    Retrieve the output of a SQL query taking advantage of the error-based