Minor improvement of error-based SQLi when trimmed output is detected (trying to reconstruct)

2025-12-07 17:02:39 +01:00 · 2014-11-05 10:46:11 +01:00 · 2014-11-05 10:46:11 +01:00 · a074efe75e
commit a074efe75e
parent 71c43be53a
1 changed files with 5 additions and 1 deletions
--- a/lib/techniques/error/use.py
+++ b/lib/techniques/error/use.py
@ -74,7 +74,7 @@ def _oneShotErrorUse(expression, field=None):
        try:
            while True:
                check = "%s(?P<result>.*?)%s" % (kb.chars.start, kb.chars.stop)
-                trimcheck = "%s(?P<result>.*?)</" % (kb.chars.start)
+                trimcheck = "%s(?P<result>[^<]*)" % (kb.chars.start)

                if field:
                    nulledCastedField = agent.nullAndCastField(field)
@ -130,6 +130,10 @@ def _oneShotErrorUse(expression, field=None):
                        warnMsg += safecharencode(trimmed)
                        logger.warn(warnMsg)

+                        if not kb.testMode:
+                            check = "(?P<result>.*?)%s" % kb.chars.stop[:2]
+                            output = extractRegexResult(check, trimmed, re.IGNORECASE)
+
                if any(Backend.isDbms(dbms) for dbms in (DBMS.MYSQL, DBMS.MSSQL)):
                    if offset == 1:
                        retVal = output