sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00
Code Issues Packages Projects Releases Wiki Activity

added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)

Browse Source
This commit is contained in:
Miroslav Stampar 2010-05-13 11:05:35 +00:00
parent 762781e94d
commit ca3e12ae73
6 changed files with 16 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/core/common.py
View File

@ -1107,3 +1107,6 @@ def parseXmlFile(xmlFile, handler):
parse(stream, handler) parse(stream, handler)
stream.close() stream.close()
xfile.close() xfile.close()
def calculateDeltaSeconds(start, epsilon=0.05):
return int(time.time() - start + epsilon)

3
lib/request/inject.py
View File

@ -26,6 +26,7 @@ import re
import time import time
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import cleanQuery from lib.core.common import cleanQuery
from lib.core.common import dataToSessionFile from lib.core.common import dataToSessionFile
from lib.core.common import expandAsteriskForColumns from lib.core.common import expandAsteriskForColumns
@ -55,7 +56,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar) count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar)
debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start)) debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
logger.debug(debugMsg) logger.debug(debugMsg)
return value return value

7
lib/techniques/blind/timebased.py
View File

@ -25,6 +25,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import time import time
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import getDelayQuery from lib.core.common import getDelayQuery
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -43,7 +44,7 @@ def timeTest():
payload = agent.payload(newValue=query) payload = agent.payload(newValue=query)
start = time.time() start = time.time()
_ = Request.queryPage(payload) _ = Request.queryPage(payload)
duration = int(time.time() - start) duration = calculateDeltaSeconds(start)
if duration >= conf.timeSec: if duration >= conf.timeSec:
infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter
@ -64,7 +65,7 @@ def timeTest():
timeQuery = getDelayQuery(andCond=True) timeQuery = getDelayQuery(andCond=True)
start = time.time() start = time.time()
payload, _ = inject.goStacked(timeQuery) payload, _ = inject.goStacked(timeQuery)
duration = int(time.time() - start) duration = calculateDeltaSeconds(start)
if duration >= conf.timeSec: if duration >= conf.timeSec:
infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter
@ -84,6 +85,6 @@ def timeTest():
def timeUse(query): def timeUse(query):
start = time.time() start = time.time()
_, _ = inject.goStacked(query) _, _ = inject.goStacked(query)
duration = int(time.time() - start) duration = calculateDeltaSeconds(start)
return duration return duration

3
lib/techniques/inband/union/use.py
View File

@ -26,6 +26,7 @@ import re
import time import time
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import parseUnionPage from lib.core.common import parseUnionPage
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -228,7 +229,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
endPosition = resultPage.rindex(temp.stop) + len(temp.stop) endPosition = resultPage.rindex(temp.stop) + len(temp.stop)
value = str(resultPage[startPosition:endPosition]) value = str(resultPage[startPosition:endPosition])
duration = int(time.time() - start) duration = calculateDeltaSeconds(start)
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration) debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
logger.debug(debugMsg) logger.debug(debugMsg)

3
lib/techniques/outband/stacked.py
View File

@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import time import time
from lib.core.common import calculateDeltaSeconds
from lib.core.common import getDelayQuery from lib.core.common import getDelayQuery
from lib.core.data import conf from lib.core.data import conf
from lib.core.data import kb from lib.core.data import kb
@ -45,7 +46,7 @@ def stackedTest():
query = getDelayQuery() query = getDelayQuery()
start = time.time() start = time.time()
payload, _ = inject.goStacked(query) payload, _ = inject.goStacked(query)
duration = int(time.time() - start) duration = calculateDeltaSeconds(start)
if duration >= conf.timeSec: if duration >= conf.timeSec:
infoMsg = "the web application supports stacked queries " infoMsg = "the web application supports stacked queries "

5
lib/utils/resume.py
View File

@ -25,6 +25,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import re import re
import time import time
from lib.core.common import calculateDeltaSeconds
from lib.core.common import dataToSessionFile from lib.core.common import dataToSessionFile
from lib.core.common import safeStringFormat from lib.core.common import safeStringFormat
from lib.core.common import randomStr from lib.core.common import randomStr
@ -89,7 +90,7 @@ def queryOutputLength(expression, payload):
lengthExprUnescaped = unescaper.unescape(lengthExpr) lengthExprUnescaped = unescaper.unescape(lengthExpr)
count, length = bisection(payload, lengthExprUnescaped, charsetType=2) count, length = bisection(payload, lengthExprUnescaped, charsetType=2)
debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start)) debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
logger.debug(debugMsg) logger.debug(debugMsg)
if length == " ": if length == " ":
@ -186,7 +187,7 @@ def resume(expression, payload):
start = time.time() start = time.time()
count, finalValue = bisection(payload, newExpr, length=missingCharsLength) count, finalValue = bisection(payload, newExpr, length=missingCharsLength)
debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start)) debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
logger.debug(debugMsg) logger.debug(debugMsg)
if len(finalValue) != ( int(length) - len(resumedValue) ): if len(finalValue) != ( int(length) - len(resumedValue) ):