Skip to content

Commit 1286cc0

Browse files
stamparmstamparm
committed
now showing trimmed output in for of warning message (UNION and ERROR techniques affected)
1 parent 7993f3f commit 1286cc0

2 files changed

Lines changed: 24 additions & 0 deletions

File tree

lib/techniques/error/use.py

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,8 @@ def __oneShotErrorUse(expression, field):
5252

5353
while True:
5454
check = "%s(?P<result>.*?)%s" % (kb.misc.start, kb.misc.stop)
55+
trimcheck = "%s(?P<result>.*?)</" % (kb.misc.start)
56+
5557
nulledCastedField = agent.nullAndCastField(field)
5658

5759
if Backend.getIdentifiedDbms() == DBMS.MYSQL:
@@ -82,6 +84,18 @@ def __oneShotErrorUse(expression, field):
8284

8385
if output:
8486
output = getUnicode(output, kb.pageEncoding)
87+
else:
88+
trimmed = extractRegexResult(trimcheck, page, re.DOTALL | re.IGNORECASE) \
89+
or extractRegexResult(trimcheck, listToStrValue(headers.headers \
90+
if headers else None), re.DOTALL | re.IGNORECASE) \
91+
or extractRegexResult(trimcheck, threadData.lastRedirectMsg[1] \
92+
if threadData.lastRedirectMsg and threadData.lastRedirectMsg[0] == \
93+
threadData.lastRequestUID else None, re.DOTALL | re.IGNORECASE)
94+
95+
if trimmed:
96+
warnMsg = "trimmed output output detected: "
97+
warnMsg += trimmed
98+
logger.warn(warnMsg)
8599

86100
if isinstance(output, basestring):
87101
output = htmlunescape(output).replace("<br>", "\n")

lib/techniques/inband/union/use.py

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@ def __oneShotUnionUse(expression, unpack=True):
4444
global reqCount
4545

4646
check = "(?P<result>%s.*%s)" % (kb.misc.start, kb.misc.stop)
47+
trimcheck = "%s(?P<result>.*?)</" % (kb.misc.start)
4748

4849
# Prepare expression with delimiters
4950
expression = agent.concatQuery(expression, unpack)
@@ -72,6 +73,15 @@ def __oneShotUnionUse(expression, unpack=True):
7273

7374
if output:
7475
output = getUnicode(output, kb.pageEncoding)
76+
else:
77+
trimmed = extractRegexResult(trimcheck, removeReflectiveValues(page, payload), re.DOTALL | re.IGNORECASE) \
78+
or extractRegexResult(trimcheck, removeReflectiveValues(listToStrValue(headers.headers \
79+
if headers else None), payload, True), re.DOTALL | re.IGNORECASE)
80+
81+
if trimmed:
82+
warnMsg = "trimmed output output detected: "
83+
warnMsg += trimmed
84+
logger.warn(warnMsg)
7585

7686
return output
7787

0 commit comments

Comments
 (0)