mirror of
				https://github.com/sqlmapproject/sqlmap.git
				synced 2025-10-22 11:44:40 +03:00 
			
		
		
		
	Added counter of total HTTP(s) requests done during detection phase
This commit is contained in:
		
							parent
							
								
									effd2ca0e3
								
							
						
					
					
						commit
						8e78057ac8
					
				|  | @ -269,6 +269,7 @@ def checkSqlInjection(place, parameter, value): | ||||||
|                     # as we are changing parameters value, which will result |                     # as we are changing parameters value, which will result | ||||||
|                     # most definitely with a different content |                     # most definitely with a different content | ||||||
|                     kb.pageTemplate, _ = Request.queryPage(agent.payload(place, parameter, value, origValue), place, content=True) |                     kb.pageTemplate, _ = Request.queryPage(agent.payload(place, parameter, value, origValue), place, content=True) | ||||||
|  |                     kb.testCount += 1 | ||||||
|                 elif where == 3: |                 elif where == 3: | ||||||
|                     origValue = "" |                     origValue = "" | ||||||
|                     kb.pageTemplate = kb.originalPage |                     kb.pageTemplate = kb.originalPage | ||||||
|  | @ -306,12 +307,15 @@ def checkSqlInjection(place, parameter, value): | ||||||
|                         # the False response content |                         # the False response content | ||||||
|                         conf.matchRatio = None |                         conf.matchRatio = None | ||||||
|                         _ = Request.queryPage(cmpPayload, place) |                         _ = Request.queryPage(cmpPayload, place) | ||||||
|  |                         kb.testCount += 1 | ||||||
| 
 | 
 | ||||||
|                         # Compare True and False response contents |                         # Compare True and False response contents | ||||||
|                         trueResult = Request.queryPage(reqPayload, place) |                         trueResult = Request.queryPage(reqPayload, place) | ||||||
|  |                         kb.testCount += 1 | ||||||
| 
 | 
 | ||||||
|                         if trueResult: |                         if trueResult: | ||||||
|                             falseResult = Request.queryPage(cmpPayload, place) |                             falseResult = Request.queryPage(cmpPayload, place) | ||||||
|  |                             kb.testCount += 1 | ||||||
| 
 | 
 | ||||||
|                             if not falseResult: |                             if not falseResult: | ||||||
|                                 infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) |                                 infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) | ||||||
|  | @ -320,13 +324,12 @@ def checkSqlInjection(place, parameter, value): | ||||||
|                                 kb.paramMatchRatio[(place, parameter)] = conf.matchRatio |                                 kb.paramMatchRatio[(place, parameter)] = conf.matchRatio | ||||||
|                                 injectable = True |                                 injectable = True | ||||||
| 
 | 
 | ||||||
|                         kb.paramMatchRatio[(place, parameter)] = conf.matchRatio |  | ||||||
| 
 |  | ||||||
|                     # In case of error-based or UNION query SQL injections |                     # In case of error-based or UNION query SQL injections | ||||||
|                     elif method == PAYLOAD.METHOD.GREP: |                     elif method == PAYLOAD.METHOD.GREP: | ||||||
|                         # Perform the test's request and grep the response |                         # Perform the test's request and grep the response | ||||||
|                         # body for the test's <grep> regular expression |                         # body for the test's <grep> regular expression | ||||||
|                         reqBody, _ = Request.queryPage(reqPayload, place, content=True) |                         reqBody, _ = Request.queryPage(reqPayload, place, content=True) | ||||||
|  |                         kb.testCount += 1 | ||||||
|                         output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE) |                         output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE) | ||||||
| 
 | 
 | ||||||
|                         if output: |                         if output: | ||||||
|  | @ -343,28 +346,32 @@ def checkSqlInjection(place, parameter, value): | ||||||
|                     elif method == PAYLOAD.METHOD.TIME: |                     elif method == PAYLOAD.METHOD.TIME: | ||||||
|                         # Store old value of socket timeout |                         # Store old value of socket timeout | ||||||
|                         pushValue(socket.getdefaulttimeout()) |                         pushValue(socket.getdefaulttimeout()) | ||||||
|  | 
 | ||||||
|                         # Set socket timeout to 2 minutes as some |                         # Set socket timeout to 2 minutes as some | ||||||
|                         # time based checks can take awhile |                         # time based checks can take awhile | ||||||
|                         socket.setdefaulttimeout(120) |                         socket.setdefaulttimeout(120) | ||||||
|  | 
 | ||||||
|                         # Perform the test's request and check how long |                         # Perform the test's request and check how long | ||||||
|                         # it takes to get the response back |                         # it takes to get the response back | ||||||
|                         start = time.time() |                         start = time.time() | ||||||
|  | 
 | ||||||
|                         _ = Request.queryPage(reqPayload, place) |                         _ = Request.queryPage(reqPayload, place) | ||||||
|  |                         kb.testCount += 1 | ||||||
|                         duration = calculateDeltaSeconds(start) |                         duration = calculateDeltaSeconds(start) | ||||||
| 
 | 
 | ||||||
|                         if check.isdigit(): |                         # Threat sleep and delayed (heavy query) differently | ||||||
|                             if duration >= int(check): |                         if check.isdigit() and duration >= int(check): | ||||||
|                             infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) |                             infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) | ||||||
|                             logger.info(infoMsg) |                             logger.info(infoMsg) | ||||||
| 
 | 
 | ||||||
|                             injectable = True |                             injectable = True | ||||||
|                         elif check == "[DELAYED]": |                         elif check == "[DELAYED]" and duration >= max(TIME_MIN_DELTA, kb.responseTime): | ||||||
|                             if duration >= max(TIME_MIN_DELTA, kb.responseTime): |  | ||||||
|                             infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) |                             infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) | ||||||
|                             logger.info(infoMsg) |                             logger.info(infoMsg) | ||||||
| 
 | 
 | ||||||
|                             injectable = True |                             injectable = True | ||||||
|                         # Restore old value of socket timeout | 
 | ||||||
|  |                         # Restore value of socket timeout | ||||||
|                         socket.setdefaulttimeout(popValue()) |                         socket.setdefaulttimeout(popValue()) | ||||||
| 
 | 
 | ||||||
|                 # If the injection test was successful feed the injection |                 # If the injection test was successful feed the injection | ||||||
|  | @ -398,7 +405,7 @@ def checkSqlInjection(place, parameter, value): | ||||||
|                     injection.data[stype].comment = comment |                     injection.data[stype].comment = comment | ||||||
|                     injection.data[stype].pageTemplate = kb.pageTemplate |                     injection.data[stype].pageTemplate = kb.pageTemplate | ||||||
| 
 | 
 | ||||||
|                     if "details" in test: |                     if hasattr(test, "details"): | ||||||
|                         for detailKey, detailValue in test.details.items(): |                         for detailKey, detailValue in test.details.items(): | ||||||
|                             if detailKey == "dbms" and injection.dbms is None: |                             if detailKey == "dbms" and injection.dbms is None: | ||||||
|                                 injection.dbms = detailValue |                                 injection.dbms = detailValue | ||||||
|  |  | ||||||
|  | @ -115,6 +115,7 @@ def __formatInjection(inj): | ||||||
| 
 | 
 | ||||||
| def __showInjections(): | def __showInjections(): | ||||||
|     header = "sqlmap identified the following injection points " |     header = "sqlmap identified the following injection points " | ||||||
|  |     header += "with %d HTTP(s) requests" % kb.testCount | ||||||
|     data = "" |     data = "" | ||||||
| 
 | 
 | ||||||
|     for inj in kb.injections: |     for inj in kb.injections: | ||||||
|  |  | ||||||
|  | @ -1186,6 +1186,7 @@ def __setKnowledgeBaseAttributes(): | ||||||
|     kb.userAgents      = None |     kb.userAgents      = None | ||||||
|     kb.valueStack      = [] |     kb.valueStack      = [] | ||||||
|     kb.redirectSetCookie = None |     kb.redirectSetCookie = None | ||||||
|  |     kb.testCount       = 0 | ||||||
| 
 | 
 | ||||||
| def __saveCmdline(): | def __saveCmdline(): | ||||||
|     """ |     """ | ||||||
|  |  | ||||||
		Loading…
	
		Reference in New Issue
	
	Block a user