now [SLEEPTIME] is changeable properly in vivo

2025-02-03 05:04:11 +03:00 · 2012-01-05 14:45:05 +00:00 · 2012-01-05 14:45:05 +00:00 · 1f085a0241
commit 1f085a0241
parent 9d50c806e1
5 changed files with 9 additions and 4 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -464,6 +464,9 @@ def checkSqlInjection(place, parameter, value):
                        if vector is None and "vector" in test and test.vector is not None:
                            vector = "%s%s" % (test.vector, comment or "")

+                        if method == PAYLOAD.METHOD.TIME:
+                            reqPayload = reqPayload.replace(test.request.payload.replace("[SLEEPTIME]", str(conf.timeSec)), test.request.payload)
+
                        injection.data[stype] = AttribDict()
                        injection.data[stype].title = title
                        injection.data[stype].payload = agent.removePayloadDelimiters(reqPayload)
--- a/lib/controller/controller.py
+++ b/lib/controller/controller.py
@ -135,7 +135,7 @@ def __formatInjection(inj):
                title = title.replace("columns", "column")
        data += "    Type: %s\n" % PAYLOAD.SQLINJECTION[stype]
        data += "    Title: %s\n" % title
-        data += "    Payload: %s\n\n" % sdata.payload
+        data += "    Payload: %s\n\n" % (sdata.payload if stype != PAYLOAD.TECHNIQUE.TIME else sdata.payload.replace("[SLEEPTIME]", str(conf.timeSec)))

    return data

--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@ -218,8 +218,7 @@ class Agent:
        _ = (
                ("[RANDNUM]", str(randInt)), ("[RANDNUM1]", str(randInt1)), ("[RANDSTR]", randStr),\
                ("[RANDSTR1]", randStr1), ("[DELIMITER_START]", kb.chars.start), ("[DELIMITER_STOP]", kb.chars.stop),\
-                ("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar),\
-                ("[SLEEPTIME]", str(conf.timeSec))
+                ("[AT_REPLACE]", kb.chars.at), ("[SPACE_REPLACE]", kb.chars.space), ("[DOLLAR_REPLACE]", kb.chars.dollar)
            )
        payload = reduce(lambda x, y: x.replace(y[0], y[1]), _, payload)

--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -551,6 +551,9 @@ class Connect:
        threadData = getCurrentThreadData()

        if payload:
+            if timeBasedCompare:
+                payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
+
            if kb.tamperFunctions:
                for function in kb.tamperFunctions:
                    payload = function(payload)
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@ -405,7 +405,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None

        finally:
            value = threadData.shared.value
-            
+
        infoMsg = None

        # If we have got one single character not correctly fetched it