sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-02 20:54:13 +03:00
Code Issues Packages Projects Releases Wiki Activity

Added counter of total HTTP(s) requests done during detection phase

Browse Source
This commit is contained in:
Bernardo Damele 2010-12-07 12:33:47 +00:00
parent effd2ca0e3
commit 8e78057ac8
3 changed files with 24 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/controller/checks.py
View File

@ -269,6 +269,7 @@ def checkSqlInjection(place, parameter, value):
# as we are changing parameters value, which will result
# most definitely with a different content
kb.pageTemplate, _ = Request.queryPage(agent.payload(place, parameter, value, origValue), place, content=True)
kb.testCount += 1
elif where == 3:
origValue = ""
kb.pageTemplate = kb.originalPage
@ -306,12 +307,15 @@ def checkSqlInjection(place, parameter, value):
# the False response content
conf.matchRatio = None
_ = Request.queryPage(cmpPayload, place)
kb.testCount += 1
# Compare True and False response contents
trueResult = Request.queryPage(reqPayload, place)
kb.testCount += 1
if trueResult:
falseResult = Request.queryPage(cmpPayload, place)
kb.testCount += 1
if not falseResult:
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
@ -320,13 +324,12 @@ def checkSqlInjection(place, parameter, value):
kb.paramMatchRatio[(place, parameter)] = conf.matchRatio
injectable = True
kb.paramMatchRatio[(place, parameter)] = conf.matchRatio
# In case of error-based or UNION query SQL injections
elif method == PAYLOAD.METHOD.GREP:
# Perform the test's request and grep the response
# body for the test's <grep> regular expression
reqBody, _ = Request.queryPage(reqPayload, place, content=True)
kb.testCount += 1
output = extractRegexResult(check, reqBody, re.DOTALL | re.IGNORECASE)
if output:
@ -343,28 +346,32 @@ def checkSqlInjection(place, parameter, value):
elif method == PAYLOAD.METHOD.TIME:
# Store old value of socket timeout
pushValue(socket.getdefaulttimeout())
# Set socket timeout to 2 minutes as some
# time based checks can take awhile
socket.setdefaulttimeout(120)
# Perform the test's request and check how long
# it takes to get the response back
start = time.time()
_ = Request.queryPage(reqPayload, place)
kb.testCount += 1
duration = calculateDeltaSeconds(start)
if check.isdigit():
if duration >= int(check):
# Threat sleep and delayed (heavy query) differently
if check.isdigit() and duration >= int(check):
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg)
injectable = True
elif check == "[DELAYED]":
if duration >= max(TIME_MIN_DELTA, kb.responseTime):
elif check == "[DELAYED]" and duration >= max(TIME_MIN_DELTA, kb.responseTime):
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg)
injectable = True
# Restore old value of socket timeout
# Restore value of socket timeout
socket.setdefaulttimeout(popValue())
# If the injection test was successful feed the injection
@ -398,7 +405,7 @@ def checkSqlInjection(place, parameter, value):
injection.data[stype].comment = comment
injection.data[stype].pageTemplate = kb.pageTemplate
if "details" in test:
if hasattr(test, "details"):
for detailKey, detailValue in test.details.items():
if detailKey == "dbms" and injection.dbms is None:
injection.dbms = detailValue

3
lib/controller/controller.py
View File

@ -114,7 +114,8 @@ def __formatInjection(inj):
return data
def __showInjections():
header = "sqlmap identified the following injection points"
header = "sqlmap identified the following injection points "
header += "with %d HTTP(s) requests" % kb.testCount
data = ""
for inj in kb.injections:

1
lib/core/option.py
View File

@ -1186,6 +1186,7 @@ def __setKnowledgeBaseAttributes():
kb.userAgents = None
kb.valueStack = []
kb.redirectSetCookie = None
kb.testCount = 0
def __saveCmdline():
"""