mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 05:31:04 +03:00 
			
		
		
		
	update regarding time based payloads
This commit is contained in:
		
							parent
							
								
									bdff4aba6a
								
							
						
					
					
						commit
						1ae2fa7f1a
					
				|  | @ -14,7 +14,6 @@ import time | ||||||
| from difflib import SequenceMatcher | from difflib import SequenceMatcher | ||||||
| 
 | 
 | ||||||
| from lib.core.agent import agent | from lib.core.agent import agent | ||||||
| from lib.core.common import average |  | ||||||
| from lib.core.common import beep | from lib.core.common import beep | ||||||
| from lib.core.common import calculateDeltaSeconds | from lib.core.common import calculateDeltaSeconds | ||||||
| from lib.core.common import extractRegexResult | from lib.core.common import extractRegexResult | ||||||
|  | @ -26,7 +25,6 @@ from lib.core.common import randomStr | ||||||
| from lib.core.common import readInput | from lib.core.common import readInput | ||||||
| from lib.core.common import removeDynamicContent | from lib.core.common import removeDynamicContent | ||||||
| from lib.core.common import showStaticWords | from lib.core.common import showStaticWords | ||||||
| from lib.core.common import stdev |  | ||||||
| from lib.core.common import trimAlphaNum | from lib.core.common import trimAlphaNum | ||||||
| from lib.core.common import wasLastRequestDBMSError | from lib.core.common import wasLastRequestDBMSError | ||||||
| from lib.core.common import DynamicContentItem | from lib.core.common import DynamicContentItem | ||||||
|  | @ -351,12 +349,7 @@ def checkSqlInjection(place, parameter, value): | ||||||
|                         socket.setdefaulttimeout(120) |                         socket.setdefaulttimeout(120) | ||||||
| 
 | 
 | ||||||
|                         # Perform the test's request |                         # Perform the test's request | ||||||
|                         _ = Request.queryPage(reqPayload, place, content=True, noteResponseTime=False) |                         trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True) | ||||||
| 
 |  | ||||||
|                         # 99.9999999997440% of all non time-based sql injection  |  | ||||||
|                         # affected durations should be inside +-7*stdev(durations) |  | ||||||
|                         # (Reference: http://www.answers.com/topic/standard-deviation) |  | ||||||
|                         trueResult = (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * stdev(kb.responseTimes)) |  | ||||||
| 
 | 
 | ||||||
|                         if trueResult: |                         if trueResult: | ||||||
|                             infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) |                             infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) | ||||||
|  |  | ||||||
|  | @ -17,12 +17,14 @@ import traceback | ||||||
| 
 | 
 | ||||||
| from lib.contrib import multipartpost | from lib.contrib import multipartpost | ||||||
| from lib.core.agent import agent | from lib.core.agent import agent | ||||||
|  | from lib.core.common import average | ||||||
| from lib.core.common import calculateDeltaSeconds | from lib.core.common import calculateDeltaSeconds | ||||||
| from lib.core.common import extractErrorMessage | from lib.core.common import extractErrorMessage | ||||||
| from lib.core.common import getFilteredPageContent | from lib.core.common import getFilteredPageContent | ||||||
| from lib.core.common import getUnicode | from lib.core.common import getUnicode | ||||||
| from lib.core.common import logHTTPTraffic | from lib.core.common import logHTTPTraffic | ||||||
| from lib.core.common import readInput | from lib.core.common import readInput | ||||||
|  | from lib.core.common import stdev | ||||||
| from lib.core.convert import urlencode | from lib.core.convert import urlencode | ||||||
| from lib.core.common import urlEncodeCookieValues | from lib.core.common import urlEncodeCookieValues | ||||||
| from lib.core.data import conf | from lib.core.data import conf | ||||||
|  | @ -321,7 +323,7 @@ class Connect: | ||||||
|         return page, responseHeaders |         return page, responseHeaders | ||||||
| 
 | 
 | ||||||
|     @staticmethod |     @staticmethod | ||||||
|     def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None, response=False, raise404 = None, noteResponseTime = True): |     def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent=False, method=None, auxHeaders=None, response=False, raise404 = None, noteResponseTime = True, timeBasedCompare = False): | ||||||
|         """ |         """ | ||||||
|         This method calls a function to get the target url page content |         This method calls a function to get the target url page content | ||||||
|         and returns its page MD5 hash or a boolean value in case of |         and returns its page MD5 hash or a boolean value in case of | ||||||
|  | @ -417,7 +419,12 @@ class Connect: | ||||||
|             if conf.cj: |             if conf.cj: | ||||||
|                 conf.cj.clear() |                 conf.cj.clear() | ||||||
| 
 | 
 | ||||||
|         if noteResponseTime: |         if timeBasedCompare: | ||||||
|  |             # 99.9999999997440% of all non time-based sql injection | ||||||
|  |             # affected durations should be inside +-7*stdev(durations) | ||||||
|  |             # (Reference: http://www.answers.com/topic/standard-deviation) | ||||||
|  |             return (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * stdev(kb.responseTimes)) | ||||||
|  |         elif noteResponseTime: | ||||||
|             kb.responseTimes.append(kb.lastQueryDuration) |             kb.responseTimes.append(kb.lastQueryDuration) | ||||||
| 
 | 
 | ||||||
|         if content or response: |         if content or response: | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user