Minor bug fix to properly execute --time-test also on MySQL >= 5.0.12

lib/core/common.py

@@ -693,7 +693,7 @@ def parseUnionPage(output, expression, partial=False, condition=None, sort=True)
 
     return data
 
-def getDelayQuery():
+def getDelayQuery(andCond=False):
     query = None
 
     if kb.dbms in ("MySQL", "PostgreSQL"):
@@ -704,6 +704,10 @@ def getDelayQuery():
 
         if (kb.dbms == "MySQL" and banVer >= "5.0.12") or (kb.dbms == "PostgreSQL" and banVer >= "8.2"):
             query = queries[kb.dbms].timedelay % conf.timeSec
+
+            if kb.dbms == "MySQL" and andCond:
+                query = query.replace("SELECT ", "")
+
         else:
             query = queries[kb.dbms].timedelay2 % conf.timeSec
     else:

lib/techniques/blind/timebased.py

@@ -31,12 +31,13 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.request import inject
 from lib.request.connect import Connect as Request
+
 def timeTest():
     infoMsg  = "testing time based blind sql injection on parameter "
     infoMsg += "'%s' with AND condition syntax" % kb.injParameter
     logger.info(infoMsg)
 
-    timeQuery = getDelayQuery()
+    timeQuery = getDelayQuery(andCond=True)
     query     = agent.prefixQuery(" AND %s" % timeQuery)
     query     = agent.postfixQuery(query)
     payload   = agent.payload(newValue=query)
@@ -60,6 +61,7 @@ def timeTest():
         infoMsg += "'%s' with stacked query syntax" % kb.injParameter
         logger.info(infoMsg)
 
+        timeQuery  = getDelayQuery(andCond=True)
         start      = time.time()
         payload, _ = inject.goStacked(timeQuery)
         duration   = int(time.time() - start)
@@ -78,6 +80,7 @@ def timeTest():
             kb.timeTest = False
 
     return kb.timeTest
+
 def timeUse(query):
     start      = time.time()
     _, _       = inject.goStacked(query)