From 45caadbd4a36579f32090ad5dc1081fdaa523a3f Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Thu, 26 May 2011 21:54:19 +0000 Subject: [PATCH] important update - finally found what was causing headache for UNION payloads in noticeable number of cases --- lib/controller/checks.py | 2 ++ lib/core/enums.py | 1 + lib/request/connect.py | 12 +++++++++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/lib/controller/checks.py b/lib/controller/checks.py index 49de58365..81a363f0c 100644 --- a/lib/controller/checks.py +++ b/lib/controller/checks.py @@ -414,6 +414,8 @@ def checkSqlInjection(place, parameter, value): # by unionTest() directly where = vector[6] + kb.previousMethod = method + # If the injection test was successful feed the injection # object with the test's details if injectable is True: diff --git a/lib/core/enums.py b/lib/core/enums.py index 044569176..2e17fc674 100644 --- a/lib/core/enums.py +++ b/lib/core/enums.py @@ -100,6 +100,7 @@ class WARNFLAGS: DATA_TO_STDOUT = 'dataToStdout' THREADS = 'threads' PIVOT_LIMIT = 'pivotLimit' + TIME_UNRECOVERED = 'timeUnrecovered' class EXPECTED: BOOL = "bool" diff --git a/lib/request/connect.py b/lib/request/connect.py index 7201d1fde..0bac726f1 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -42,6 +42,7 @@ from lib.core.data import logger from lib.core.enums import HTTPHEADER from lib.core.enums import HTTPMETHOD from lib.core.enums import NULLCONNECTION +from lib.core.enums import PAYLOAD from lib.core.enums import PLACE from lib.core.enums import WARNFLAGS from lib.core.exception import sqlmapConnectionException @@ -397,7 +398,16 @@ class Connect: warnMsg += ", sqlmap is going to retry the request" logger.critical(warnMsg) - if kb.originalPage is None: + if kb.testMode and kb.previousMethod == PAYLOAD.METHOD.TIME: + # timed based payloads can cause web server unresponsiveness + # if the injectable piece of code is some kind of JOIN-like query + warnMsg = "most probably web server instance hasn't recovered yet " + warnMsg += "from previous timed based payload. if the problem " + warnMsg += "persists please wait for few minutes and rerun " + warnMsg += "without flag T in --technique option " + warnMsg += "(e.g. --technique=BEUS)" + singleTimeLogMessage(warnMsg, logging.WARN, WARNFLAGS.TIME_UNRECOVERED) + elif kb.originalPage is None: warnMsg = "if the problem persists please try to rerun " warnMsg += "with the --random-agent switch turned on " warnMsg += "and/or try to use proxy switches (--ignore-proxy, --proxy,...)"