mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Potential patch for #1636
This commit is contained in:
parent
3c9be947c5
commit
0f8a551227
|
@ -5,6 +5,7 @@ Copyright (c) 2006-2016 sqlmap developers (http://sqlmap.org/)
|
||||||
See the file 'doc/COPYING' for copying permission
|
See the file 'doc/COPYING' for copying permission
|
||||||
"""
|
"""
|
||||||
|
|
||||||
|
import re
|
||||||
import threading
|
import threading
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
@ -25,6 +26,7 @@ from lib.core.common import getPartRun
|
||||||
from lib.core.common import hashDBRetrieve
|
from lib.core.common import hashDBRetrieve
|
||||||
from lib.core.common import hashDBWrite
|
from lib.core.common import hashDBWrite
|
||||||
from lib.core.common import incrementCounter
|
from lib.core.common import incrementCounter
|
||||||
|
from lib.core.common import randomInt
|
||||||
from lib.core.common import safeStringFormat
|
from lib.core.common import safeStringFormat
|
||||||
from lib.core.common import singleTimeWarnMessage
|
from lib.core.common import singleTimeWarnMessage
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
|
@ -42,6 +44,7 @@ from lib.core.settings import INFERENCE_UNKNOWN_CHAR
|
||||||
from lib.core.settings import INFERENCE_GREATER_CHAR
|
from lib.core.settings import INFERENCE_GREATER_CHAR
|
||||||
from lib.core.settings import INFERENCE_EQUALS_CHAR
|
from lib.core.settings import INFERENCE_EQUALS_CHAR
|
||||||
from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
|
from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
|
||||||
|
from lib.core.settings import MIN_TIME_RESPONSES
|
||||||
from lib.core.settings import MAX_BISECTION_LENGTH
|
from lib.core.settings import MAX_BISECTION_LENGTH
|
||||||
from lib.core.settings import MAX_TIME_REVALIDATION_STEPS
|
from lib.core.settings import MAX_TIME_REVALIDATION_STEPS
|
||||||
from lib.core.settings import PARTIAL_HEX_VALUE_MARKER
|
from lib.core.settings import PARTIAL_HEX_VALUE_MARKER
|
||||||
|
@ -267,6 +270,21 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
|
unescapedCharValue = unescaper.escape("'%s'" % decodeIntToUnicode(posValue))
|
||||||
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
|
forgedPayload = safeStringFormat(payload, (expressionUnescaped, idx)).replace(markingValue, unescapedCharValue)
|
||||||
|
|
||||||
|
if timeBasedCompare and kb.whereCollectTimes:
|
||||||
|
kb.responseTimes = []
|
||||||
|
|
||||||
|
warnMsg = "\n[%s] [WARNING] time-based comparison requires " % time.strftime("%X")
|
||||||
|
warnMsg += "larger statistical model, please wait"
|
||||||
|
dataToStdout(warnMsg)
|
||||||
|
|
||||||
|
while len(kb.responseTimes) < MIN_TIME_RESPONSES:
|
||||||
|
falseWherePayload = re.sub(r"\b%s\b" % posValue, str(randomInt(6)), forgedPayload)
|
||||||
|
Request.queryPage(falseWherePayload, content=True, raise404=False)
|
||||||
|
dataToStdout('.')
|
||||||
|
|
||||||
|
dataToStdout("\n")
|
||||||
|
kb.whereCollectTimes = False
|
||||||
|
|
||||||
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
|
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
|
||||||
incrementCounter(kb.technique)
|
incrementCounter(kb.technique)
|
||||||
|
|
||||||
|
|
|
@ -237,7 +237,7 @@ class Entries:
|
||||||
query = whereQuery(query)
|
query = whereQuery(query)
|
||||||
|
|
||||||
if conf.dumpWhere:
|
if conf.dumpWhere:
|
||||||
kb.whereResponseTimes = True
|
kb.whereCollectTimes = True
|
||||||
pushValue(kb.responseTimes)
|
pushValue(kb.responseTimes)
|
||||||
|
|
||||||
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
count = inject.getValue(query, union=False, error=False, expected=EXPECTED.INT, charsetType=CHARSET_TYPE.DIGITS)
|
||||||
|
@ -330,7 +330,7 @@ class Entries:
|
||||||
|
|
||||||
if conf.dumpWhere:
|
if conf.dumpWhere:
|
||||||
kb.responseTimes = popValue()
|
kb.responseTimes = popValue()
|
||||||
kb.whereResponseTimes = False
|
kb.whereCollectTimes = False
|
||||||
|
|
||||||
for column, columnEntries in entries.items():
|
for column, columnEntries in entries.items():
|
||||||
length = max(lengths[column], len(column))
|
length = max(lengths[column], len(column))
|
||||||
|
|
Loading…
Reference in New Issue
Block a user