mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
This commit is contained in:
parent
600ef3eace
commit
7cc5743c5d
25
doc/THANKS
25
doc/THANKS
|
@ -586,6 +586,13 @@ fufuh <fufuh@users.sourceforge.net>
|
||||||
james <james@ev6.net>
|
james <james@ev6.net>
|
||||||
for reporting a bug
|
for reporting a bug
|
||||||
|
|
||||||
|
Joe "Pragmatk" <pragmatk@gmail.com>
|
||||||
|
for reporting a few bugs
|
||||||
|
|
||||||
|
John Smith <tixos@live.com>
|
||||||
|
for reporting several bugs
|
||||||
|
for suggesting some features
|
||||||
|
|
||||||
m4l1c3 <malice.anon@gmail.com>
|
m4l1c3 <malice.anon@gmail.com>
|
||||||
for reporting considerable amount of bugs
|
for reporting considerable amount of bugs
|
||||||
|
|
||||||
|
@ -598,26 +605,22 @@ mitchell <mitchell@tufala.net>
|
||||||
nightman <nightman@email.de>
|
nightman <nightman@email.de>
|
||||||
for reporting considerable amount of bugs
|
for reporting considerable amount of bugs
|
||||||
|
|
||||||
|
Oso Dog osodog123@yahoo.com
|
||||||
|
for reporting a minor bug
|
||||||
|
|
||||||
pacman730 <pacman730@users.sourceforge.net>
|
pacman730 <pacman730@users.sourceforge.net>
|
||||||
for reporting a bug
|
for reporting a bug
|
||||||
|
|
||||||
|
pentestmonkey <pentestmonkey@pentestmonkey.net>
|
||||||
|
for reporting several bugs
|
||||||
|
for suggesting a few minor enhancements
|
||||||
|
|
||||||
Phat R. <phatthanaphol@gmail.com>
|
Phat R. <phatthanaphol@gmail.com>
|
||||||
for reporting a few bugs
|
for reporting a few bugs
|
||||||
|
|
||||||
Phil P <@superevr>
|
Phil P <@superevr>
|
||||||
for suggesting a minor enhancement
|
for suggesting a minor enhancement
|
||||||
|
|
||||||
Joe "Pragmatk" <pragmatk@gmail.com>
|
|
||||||
for reporting a few bugs
|
|
||||||
|
|
||||||
John Smith <tixos@live.com>
|
|
||||||
for reporting several bugs
|
|
||||||
for suggesting some features
|
|
||||||
|
|
||||||
pentestmonkey <pentestmonkey@pentestmonkey.net>
|
|
||||||
for reporting several bugs
|
|
||||||
for suggesting a few minor enhancements
|
|
||||||
|
|
||||||
ragos <ragos@joker.ms>
|
ragos <ragos@joker.ms>
|
||||||
for reporting a minor bug
|
for reporting a minor bug
|
||||||
|
|
||||||
|
|
|
@ -1432,6 +1432,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
kb.pageTemplates = dict()
|
kb.pageTemplates = dict()
|
||||||
kb.orderByColumns = None
|
kb.orderByColumns = None
|
||||||
kb.originalPage = None
|
kb.originalPage = None
|
||||||
|
kb.originalTimeDelay = None
|
||||||
|
|
||||||
# Back-end DBMS underlying operating system fingerprint via banner (-b)
|
# Back-end DBMS underlying operating system fingerprint via banner (-b)
|
||||||
# parsing
|
# parsing
|
||||||
|
|
|
@ -391,3 +391,6 @@ TRIM_STDOUT_DUMP_SIZE = 1024
|
||||||
|
|
||||||
# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections
|
# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections
|
||||||
ORDER_BY_STEP = 10
|
ORDER_BY_STEP = 10
|
||||||
|
|
||||||
|
# Maximum number of times for revalidation of a character in time-based injections
|
||||||
|
MAX_TIME_REVALIDATION_STEPS = 5
|
||||||
|
|
|
@ -44,6 +44,7 @@ from lib.core.settings import INFERENCE_UNKNOWN_CHAR
|
||||||
from lib.core.settings import INFERENCE_GREATER_CHAR
|
from lib.core.settings import INFERENCE_GREATER_CHAR
|
||||||
from lib.core.settings import INFERENCE_EQUALS_CHAR
|
from lib.core.settings import INFERENCE_EQUALS_CHAR
|
||||||
from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
|
from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
|
||||||
|
from lib.core.settings import MAX_TIME_REVALIDATION_STEPS
|
||||||
from lib.core.settings import PYVERSION
|
from lib.core.settings import PYVERSION
|
||||||
from lib.core.threads import getCurrentThreadData
|
from lib.core.threads import getCurrentThreadData
|
||||||
from lib.core.threads import runThreads
|
from lib.core.threads import runThreads
|
||||||
|
@ -259,7 +260,11 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
errMsg = "invalid character detected. retrying.."
|
errMsg = "invalid character detected. retrying.."
|
||||||
logger.error(errMsg)
|
logger.error(errMsg)
|
||||||
|
|
||||||
|
if not kb.originalTimeDelay:
|
||||||
|
kb.originalTimeDelay = conf.timeSec
|
||||||
|
|
||||||
conf.timeSec += 1
|
conf.timeSec += 1
|
||||||
|
if (conf.timeSec - kb.originalTimeDelay) <= MAX_TIME_REVALIDATION_STEPS:
|
||||||
warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
|
warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
|
||||||
warnMsg += "(due to invalid char)"
|
warnMsg += "(due to invalid char)"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
@ -269,6 +274,9 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
logger.debug(dbgMsg)
|
logger.debug(dbgMsg)
|
||||||
kb.adjustTimeDelay = False
|
kb.adjustTimeDelay = False
|
||||||
return getChar(idx, originalTbl, continuousOrder, expand)
|
return getChar(idx, originalTbl, continuousOrder, expand)
|
||||||
|
else:
|
||||||
|
conf.timeSec = kb.originalTimeDelay
|
||||||
|
return None
|
||||||
else:
|
else:
|
||||||
return decodeIntToUnicode(retVal)
|
return decodeIntToUnicode(retVal)
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user