mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-26 21:51:12 +03:00 
			
		
		
		
	it's a must to double check time based payloads
This commit is contained in:
		
							parent
							
								
									e53fef546e
								
							
						
					
					
						commit
						4959da3ce6
					
				|  | @ -355,17 +355,20 @@ def checkSqlInjection(place, parameter, value): | ||||||
|                         _ = Request.queryPage(reqPayload, place) |                         _ = Request.queryPage(reqPayload, place) | ||||||
|                         duration = calculateDeltaSeconds(start) |                         duration = calculateDeltaSeconds(start) | ||||||
| 
 | 
 | ||||||
|                         # Threat sleep and delayed (heavy query) differently |                         trueResult = (check.isdigit() and duration >= int(check)) or (check == "[DELAYED]" and duration >= max(TIME_MIN_DELTA, kb.responseTime)) | ||||||
|                         if check.isdigit() and duration >= int(check): |  | ||||||
|                             infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) |  | ||||||
|                             logger.info(infoMsg) |  | ||||||
| 
 | 
 | ||||||
|                             injectable = True |                         if trueResult: | ||||||
|                         elif check == "[DELAYED]" and duration >= max(TIME_MIN_DELTA, kb.responseTime): |                             start = time.time() | ||||||
|                             infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) |                             _ = Request.queryPage(reqPayload, place) | ||||||
|                             logger.info(infoMsg) |                             duration = calculateDeltaSeconds(start) | ||||||
| 
 | 
 | ||||||
|                             injectable = True |                             trueResult = (check.isdigit() and duration >= int(check)) or (check == "[DELAYED]" and duration >= max(TIME_MIN_DELTA, kb.responseTime)) | ||||||
|  | 
 | ||||||
|  |                             if trueResult: | ||||||
|  |                                 infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) | ||||||
|  |                                 logger.info(infoMsg) | ||||||
|  | 
 | ||||||
|  |                                 injectable = True | ||||||
| 
 | 
 | ||||||
|                         # Restore value of socket timeout |                         # Restore value of socket timeout | ||||||
|                         socket.setdefaulttimeout(popValue()) |                         socket.setdefaulttimeout(popValue()) | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user