Trying something out

2025-03-03 11:45:46 +03:00 · 2019-05-09 17:39:16 +02:00 · 2019-05-09 17:39:16 +02:00 · 31f88a8005
commit 31f88a8005
parent 4b7f27263b
2 changed files with 30 additions and 10 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -2598,18 +2598,17 @@ def adjustTimeDelay(lastQueryDuration, lowerStdLimit):
    Provides tip for adjusting time delay in time-based data retrieval
    """

-    candidate = 1 + int(round(lowerStdLimit))
+    candidate = (1 if not isHeavyQueryBased() else 2) + int(round(lowerStdLimit))

-    if candidate:
-        kb.delayCandidates = [candidate] + kb.delayCandidates[:-1]
+    kb.delayCandidates = [candidate] + kb.delayCandidates[:-1]

-        if all((_ == candidate for _ in kb.delayCandidates)) and candidate < conf.timeSec:
-            if lastQueryDuration / (1.0 * conf.timeSec / candidate) > MIN_VALID_DELAYED_RESPONSE:  # Note: to prevent problems with fast responses for heavy-queries like RANDOMBLOB
-                conf.timeSec = candidate
+    if all((_ == candidate for _ in kb.delayCandidates)) and candidate < conf.timeSec:
+        if lastQueryDuration / (1.0 * conf.timeSec / candidate) > MIN_VALID_DELAYED_RESPONSE:  # Note: to prevent problems with fast responses for heavy-queries like RANDOMBLOB
+            conf.timeSec = candidate

-                infoMsg = "adjusting time delay to "
-                infoMsg += "%d second%s due to good response times" % (conf.timeSec, 's' if conf.timeSec > 1 else '')
-                logger.info(infoMsg)
+            infoMsg = "adjusting time delay to "
+            infoMsg += "%d second%s due to good response times" % (conf.timeSec, 's' if conf.timeSec > 1 else '')
+            logger.info(infoMsg)

 def getLastRequestHTTPError():
    """
@ -3162,6 +3161,27 @@ def isTechniqueAvailable(technique):
    else:
        return getTechniqueData(technique) is not None

+def isHeavyQueryBased():
+    """
+    Returns True whether time-based or stacked payloads are based on heavy queries
+
+    >>> pushValue(kb.injection.data)
+    >>> kb.injection.data[PAYLOAD.TECHNIQUE.STACKED] = [test for test in getSortedInjectionTests() if "heavy" in test["title"].lower()][0]
+    >>> isHeavyQueryBased()
+    True
+    >>> kb.injection.data = popValue()
+    """
+
+    retVal = False
+
+    for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
+        data = getTechniqueData(technique)
+        if data and "heavy query" in data["title"].lower():
+            retVal = True
+            break
+
+    return retVal
+
 def isStackingAvailable():
    """
    Returns True whether techniques using stacking are available
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty import six

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.3.5.75"
+VERSION = "1.3.5.76"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)