important update - finally found what was causing headache for UNION payloads in noticeable number of cases

2024-11-22 09:36:35 +03:00 · 2011-05-26 21:54:19 +00:00 · 2011-05-26 21:54:19 +00:00 · 45caadbd4a
commit 45caadbd4a
parent 97bd5355dd
3 changed files with 14 additions and 1 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -414,6 +414,8 @@ def checkSqlInjection(place, parameter, value):
                                # by unionTest() directly
                                where = vector[6]

+                        kb.previousMethod = method
+
                    # If the injection test was successful feed the injection
                    # object with the test's details
                    if injectable is True:
--- a/lib/core/enums.py
+++ b/lib/core/enums.py
@ -100,6 +100,7 @@ class WARNFLAGS:
    DATA_TO_STDOUT = 'dataToStdout'
    THREADS = 'threads'
    PIVOT_LIMIT = 'pivotLimit'
+    TIME_UNRECOVERED = 'timeUnrecovered'

 class EXPECTED:
    BOOL = "bool"
--- a/lib/request/connect.py
+++ b/lib/request/connect.py
@ -42,6 +42,7 @@ from lib.core.data import logger
 from lib.core.enums import HTTPHEADER
 from lib.core.enums import HTTPMETHOD
 from lib.core.enums import NULLCONNECTION
+from lib.core.enums import PAYLOAD
 from lib.core.enums import PLACE
 from lib.core.enums import WARNFLAGS
 from lib.core.exception import sqlmapConnectionException
@ -397,7 +398,16 @@ class Connect:
                warnMsg += ", sqlmap is going to retry the request"
                logger.critical(warnMsg)

-                if kb.originalPage is None:
+                if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME:
+                    # timed based payloads can cause web server unresponsiveness
+                    # if the injectable piece of code is some kind of JOIN-like query
+                    warnMsg = "most probably web server instance hasn't recovered yet "
+                    warnMsg += "from previous timed based payload. if the problem "
+                    warnMsg += "persists please wait for few minutes and rerun "
+                    warnMsg += "without flag T in --technique option "
+                    warnMsg += "(e.g. --technique=BEUS)"
+                    singleTimeLogMessage(warnMsg, logging.WARN, WARNFLAGS.TIME_UNRECOVERED)                
+                elif kb.originalPage is None:
                    warnMsg = "if the problem persists please try to rerun "
                    warnMsg += "with the --random-agent switch turned on "
                    warnMsg += "and/or try to use proxy switches (--ignore-proxy, --proxy,...)"