sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 11:45:46 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor tuning (2 techniques MAX per value used)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-21 15:24:14 +00:00
parent 6c1133c4d4
commit b2e7f9484d
2 changed files with 11 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/settings.py
View File

@ -52,6 +52,9 @@ CHAR_INFERENCE_MARK = "%c"
# coefficient used for a time-based query delay checking (must be >= 7) # coefficient used for a time-based query delay checking (must be >= 7)
TIME_STDEV_COEFF = 10 TIME_STDEV_COEFF = 10
# maximum number of techniques used in inject.py/getValue() before deciding 'None' value
MAX_TECHNIQUES_BEFORE_NONE = 2
# suffix used for naming meta databases in DBMS(es) without explicit database name # suffix used for naming meta databases in DBMS(es) without explicit database name
METADB_SUFFIX = "_masterdb" METADB_SUFFIX = "_masterdb"

11
lib/request/inject.py
View File

@ -35,6 +35,7 @@ from lib.core.enums import EXPECTED
from lib.core.enums import PAYLOAD from lib.core.enums import PAYLOAD
from lib.core.exception import sqlmapNotVulnerableException from lib.core.exception import sqlmapNotVulnerableException
from lib.core.settings import MIN_TIME_RESPONSES from lib.core.settings import MIN_TIME_RESPONSES
from lib.core.settings import MAX_TECHNIQUES_BEFORE_NONE
from lib.core.unescaper import unescaper from lib.core.unescaper import unescaper
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.request.direct import direct from lib.request.direct import direct
@ -402,6 +403,7 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
value = None value = None
found = False found = False
query = query.replace("DISTINCT ", "") query = query.replace("DISTINCT ", "")
count = 0
if expected == EXPECTED.BOOL: if expected == EXPECTED.BOOL:
forgeCaseExpression = booleanExpression = expression forgeCaseExpression = booleanExpression = expression
@ -419,7 +421,8 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
else: else:
value = __goInband(query, expected, sort, resumeValue, unpack, dump) value = __goInband(query, expected, sort, resumeValue, unpack, dump)
found = value or (value is None and expectingNone) count += 1
found = value or (value is None and expectingNone) or count >= MAX_TECHNIQUES_BEFORE_NONE
oldUnionNegative = kb.unionNegative oldUnionNegative = kb.unionNegative
kb.unionNegative = False kb.unionNegative = False
@ -432,7 +435,8 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
else: else:
value = __goError(query, resumeValue) value = __goError(query, resumeValue)
found = value or (value is None and expectingNone) count += 1
found = value or (value is None and expectingNone) or count >= MAX_TECHNIQUES_BEFORE_NONE
if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found: if blind and isTechniqueAvailable(PAYLOAD.TECHNIQUE.BOOLEAN) and not found:
kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN kb.technique = PAYLOAD.TECHNIQUE.BOOLEAN
@ -442,7 +446,8 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
else: else:
value = __goInferenceProxy(query, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar) value = __goInferenceProxy(query, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
found = value or (value is None and expectingNone) count += 1
found = value or (value is None and expectingNone) or count >= MAX_TECHNIQUES_BEFORE_NONE
if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found: if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found:
if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME): if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME):