sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-25 11:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity

implemented validation for time-based inference

Browse Source
This commit is contained in:
Miroslav Stampar 2011-01-31 16:07:23 +00:00
parent 25463bc67c
commit b1dc928e68
2 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/settings.py
View File

@ -86,6 +86,9 @@ INFERENCE_GREATER_CHAR = ">"
# character used for operation "equals" in inference # character used for operation "equals" in inference
INFERENCE_EQUALS_CHAR = "=" INFERENCE_EQUALS_CHAR = "="
# character used for operation "not-equals" in inference
INFERENCE_NOT_EQUALS_CHAR = "!="
# string used for representation of unknown dbms version # string used for representation of unknown dbms version
UNKNOWN_DBMS_VERSION = "Unknown" UNKNOWN_DBMS_VERSION = "Unknown"

15
lib/techniques/blind/inference.py
View File

@ -40,6 +40,7 @@ from lib.core.settings import INFERENCE_BLANK_BREAK
from lib.core.settings import INFERENCE_UNKNOWN_CHAR from lib.core.settings import INFERENCE_UNKNOWN_CHAR
from lib.core.settings import INFERENCE_GREATER_CHAR from lib.core.settings import INFERENCE_GREATER_CHAR
from lib.core.settings import INFERENCE_EQUALS_CHAR from lib.core.settings import INFERENCE_EQUALS_CHAR
from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
@ -144,6 +145,16 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
return None return None
def validateChar(idx, value):
"""
used in time based inferences (in case of delay compared values are not equal)
"""
forgedPayload = safeStringFormat(payload.replace(INFERENCE_GREATER_CHAR, INFERENCE_NOT_EQUALS_CHAR), (expressionUnescaped, idx, value))
queriesCount[0] += 1
result = Request.queryPage(forgedPayload, timeBasedCompare=timeBasedCompare, raise404=False)
return not result
def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is None): def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is None):
""" """
continuousOrder means that distance between each two neighbour's continuousOrder means that distance between each two neighbour's
@ -230,6 +241,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
else: else:
retVal = minValue + 1 retVal = minValue + 1
if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload): if retVal in originalTbl or (retVal == ord('\n') and CHAR_INFERENCE_MARK in payload):
if timeBasedCompare and not validateChar(idx, retVal):
logger.error("invalid character detected. retrying...")
return getChar(idx, originalTbl, continuousOrder, expand)
else:
return chr(retVal) if retVal < 128 else decodeIntToUnicode(retVal) return chr(retVal) if retVal < 128 else decodeIntToUnicode(retVal)
else: else:
return None return None