Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12

2025-02-03 05:04:11 +03:00 · 2010-01-05 11:43:16 +00:00 · 2010-01-05 11:43:16 +00:00 · 954a927cee
commit 954a927cee
parent 71547a3496
2 changed files with 13 additions and 6 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -692,8 +692,8 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
        data = data[0]

    return data
-    
-def getDelayQuery():
+
+def getDelayQuery(andCond=False):
    query = None

    if kb.dbms in ("MySQL", "PostgreSQL"):
@ -704,6 +704,10 @@ def getDelayQuery():

        if (kb.dbms == "MySQL" and banVer >= "5.0.12") or (kb.dbms == "PostgreSQL" and banVer >= "8.2"):
            query = queries[kb.dbms].timedelay % conf.timeSec
+
+            if kb.dbms == "MySQL" and andCond:
+                query = query.replace("SELECT ", "")
+
        else:
            query = queries[kb.dbms].timedelay2 % conf.timeSec
    else:
--- a/lib/techniques/blind/timebased.py
+++ b/lib/techniques/blind/timebased.py
@ -31,12 +31,13 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.request import inject
 from lib.request.connect import Connect as Request
+
 def timeTest():
    infoMsg  = "testing time based blind sql injection on parameter "
    infoMsg += "'%s' with AND condition syntax" % kb.injParameter
    logger.info(infoMsg)

-    timeQuery = getDelayQuery()
+    timeQuery = getDelayQuery(andCond=True)
    query     = agent.prefixQuery(" AND %s" % timeQuery)
    query     = agent.postfixQuery(query)
    payload   = agent.payload(newValue=query)
@ -60,9 +61,10 @@ def timeTest():
        infoMsg += "'%s' with stacked query syntax" % kb.injParameter
        logger.info(infoMsg)

-        start         = time.time()
-        payload, _    = inject.goStacked(timeQuery)
-        duration      = int(time.time() - start)
+        timeQuery  = getDelayQuery(andCond=True)
+        start      = time.time()
+        payload, _ = inject.goStacked(timeQuery)
+        duration   = int(time.time() - start)

        if duration >= conf.timeSec:
            infoMsg  = "the parameter '%s' is affected by a time " % kb.injParameter
@ -78,6 +80,7 @@ def timeTest():
            kb.timeTest = False

    return kb.timeTest
+
 def timeUse(query):
    start      = time.time()
    _, _       = inject.goStacked(query)