minor update

2024-11-26 03:23:48 +03:00 · 2010-12-07 08:05:03 +00:00 · 2010-12-07 08:05:03 +00:00 · 3d87489de5
commit 3d87489de5
parent 90b776c1a2
3 changed files with 6 additions and 12 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -46,7 +46,6 @@ from lib.core.exception import sqlmapUserQuitException
 from lib.core.session import setString
 from lib.core.session import setRegexp
 from lib.core.settings import TIME_MIN_DELTA
-from lib.core.settings import TIME_N_RESPONSE
 from lib.request.connect import Connect as Request
 from plugins.dbms.firebird.syntax import Syntax as Firebird
 from plugins.dbms.postgresql.syntax import Syntax as PostgreSQL
@ -360,14 +359,11 @@ def checkSqlInjection(place, parameter, value):

                                injectable = True
                        elif check == "[DELAYED]":
-                            if duration >= max(TIME_MIN_DELTA, TIME_N_RESPONSE * kb.responseTime):
+                            if duration >= max(TIME_MIN_DELTA, kb.responseTime):
                                infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
                                logger.info(infoMsg)

                                injectable = True
-                            else:
-                                import pdb
-                                pdb.set_trace()
                        # Restore old value of socket timeout
                        socket.setdefaulttimeout(popValue())

--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -48,10 +48,8 @@ DUMP_STOP_MARKER    = "__STOP__"

 PAYLOAD_DELIMITER  = "\x00"

-# settings used for delayed time payloads
-TIME_MIN_DELTA     = 1 # minimum difference of loading time in seconds
-TIME_N_RESPONSE    = 3 # minimum multiplicant of response time
-
+# minimum difference of loading time in seconds for delayed time payloads
+TIME_MIN_DELTA     = 2

 # System variables
 IS_WIN             = subprocess.mswindows
--- a/xml/payloads.xml
+++ b/xml/payloads.xml
@ -1267,7 +1267,7 @@ Formats:
        <clause>0</clause>
        <where>1</where>
        <request>
-            <payload>; SELECT [RANDNUM] WHERE EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000));</payload>
+            <payload>; SELECT [RANDNUM] WHERE EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000));</payload>
            <comment>--</comment>
        </request>
        <response>
@ -1503,7 +1503,7 @@ Formats:
        <clause>1,2,3</clause>
        <where>1</where>
        <request>
-            <payload>AND EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000))</payload>
+            <payload>AND EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000))</payload>
        </request>
        <response>
            <time>[DELAYED]</time>
@ -1658,7 +1658,7 @@ Formats:
        <clause>1,2,3</clause>
        <where>2</where>
        <request>
-            <payload>OR EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000))</payload>
+            <payload>OR EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000))</payload>
        </request>
        <response>
            <time>[DELAYED]</time>