diff --git a/lib/core/common.py b/lib/core/common.py index 36e7e79fb..101870e38 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -692,8 +692,8 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True) data = data[0] return data - -def getDelayQuery(): + +def getDelayQuery(andCond=False): query = None if kb.dbms in ("MySQL", "PostgreSQL"): @@ -704,6 +704,10 @@ def getDelayQuery(): if (kb.dbms == "MySQL" and banVer >= "5.0.12") or (kb.dbms == "PostgreSQL" and banVer >= "8.2"): query = queries[kb.dbms].timedelay % conf.timeSec + + if kb.dbms == "MySQL" and andCond: + query = query.replace("SELECT ", "") + else: query = queries[kb.dbms].timedelay2 % conf.timeSec else: diff --git a/lib/techniques/blind/timebased.py b/lib/techniques/blind/timebased.py index e0465c6df..601101a2f 100644 --- a/lib/techniques/blind/timebased.py +++ b/lib/techniques/blind/timebased.py @@ -31,12 +31,13 @@ from lib.core.data import kb from lib.core.data import logger from lib.request import inject from lib.request.connect import Connect as Request + def timeTest(): infoMsg = "testing time based blind sql injection on parameter " infoMsg += "'%s' with AND condition syntax" % kb.injParameter logger.info(infoMsg) - timeQuery = getDelayQuery() + timeQuery = getDelayQuery(andCond=True) query = agent.prefixQuery(" AND %s" % timeQuery) query = agent.postfixQuery(query) payload = agent.payload(newValue=query) @@ -60,9 +61,10 @@ def timeTest(): infoMsg += "'%s' with stacked query syntax" % kb.injParameter logger.info(infoMsg) - start = time.time() - payload, _ = inject.goStacked(timeQuery) - duration = int(time.time() - start) + timeQuery = getDelayQuery(andCond=True) + start = time.time() + payload, _ = inject.goStacked(timeQuery) + duration = int(time.time() - start) if duration >= conf.timeSec: infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter @@ -78,6 +80,7 @@ def timeTest(): kb.timeTest = False return kb.timeTest + def timeUse(query): start = time.time() _, _ = inject.goStacked(query)