little mathematics here and there (used "Rules for normally distributed data")

This commit is contained in:
Miroslav Stampar 2010-12-07 19:19:12 +00:00
parent ee72838231
commit dc651d59ec
4 changed files with 21 additions and 40 deletions

View File

@ -47,9 +47,6 @@ from lib.core.exception import sqlmapSiteTooDynamic
from lib.core.exception import sqlmapUserQuitException from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setString from lib.core.session import setString
from lib.core.session import setRegexp from lib.core.session import setRegexp
from lib.core.settings import MIN_DURATION_RATIO
from lib.core.settings import MAX_TIME_STDEV
from lib.core.settings import TIME_TOLERANCE
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.request.templates import getPageTemplate from lib.request.templates import getPageTemplate
from plugins.dbms.firebird.syntax import Syntax as Firebird from plugins.dbms.firebird.syntax import Syntax as Firebird
@ -345,17 +342,7 @@ def checkSqlInjection(place, parameter, value):
# In case of time-based blind or stacked queries # In case of time-based blind or stacked queries
# SQL injections # SQL injections
elif method == PAYLOAD.METHOD.TIME and kb.timeTests: elif method == PAYLOAD.METHOD.TIME:
if stdev(kb.responseTimes) > MAX_TIME_STDEV:
# the standard deviation tells us how far from the mean
# the data points tend to be. It will have the same units
# as the data points themselves
warnMsg = "loading time(s) of the target url is too "
warnMsg += "chaotic. skipping further time-based tests."
logger.critical(warnMsg)
kb.timeTests = False
else:
# Store old value of socket timeout # Store old value of socket timeout
pushValue(socket.getdefaulttimeout()) pushValue(socket.getdefaulttimeout())
@ -369,9 +356,8 @@ def checkSqlInjection(place, parameter, value):
_ = Request.queryPage(reqPayload, place, noteResponseTime = False) _ = Request.queryPage(reqPayload, place, noteResponseTime = False)
duration = calculateDeltaSeconds(start) duration = calculateDeltaSeconds(start)
trueResult = duration > max(kb.responseTimes) and ((check.isdigit()\ # Reference: http://www.answers.com/topic/standard-deviation
and abs(duration - int(check) - average(kb.responseTimes)) < TIME_TOLERANCE)\ trueResult = (duration >= 7 * stdev(kb.responseTimes))
or (check == "[DELAYED]" and duration >= MIN_DURATION_RATIO * max(kb.responseTimes)))
if trueResult: if trueResult:
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)

View File

@ -1182,7 +1182,6 @@ def __setKnowledgeBaseAttributes():
kb.technique = None kb.technique = None
kb.testMode = False kb.testMode = False
kb.testQueryCount = 0 kb.testQueryCount = 0
kb.timeTests = True
kb.unionComment = "" kb.unionComment = ""
kb.unionCount = None kb.unionCount = None
kb.unionPosition = None kb.unionPosition = None

View File

@ -48,11 +48,6 @@ DUMP_STOP_MARKER = "__STOP__"
PAYLOAD_DELIMITER = "\x00" PAYLOAD_DELIMITER = "\x00"
# time testing settings
TIME_TOLERANCE = 0.5
MIN_DURATION_RATIO = 1.5
MAX_TIME_STDEV = 1
# System variables # System variables
IS_WIN = subprocess.mswindows IS_WIN = subprocess.mswindows
# The name of the operating system dependent module imported. The following # The name of the operating system dependent module imported. The following

View File

@ -17,6 +17,7 @@ import traceback
from lib.contrib import multipartpost from lib.contrib import multipartpost
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import extractErrorMessage from lib.core.common import extractErrorMessage
from lib.core.common import getFilteredPageContent from lib.core.common import getFilteredPageContent
from lib.core.common import getUnicode from lib.core.common import getUnicode
@ -414,7 +415,7 @@ class Connect:
conf.cj.clear() conf.cj.clear()
if noteResponseTime: if noteResponseTime:
kb.responseTimes.append(time.time() - start) kb.responseTimes.append(calculateDeltaSeconds(start))
if content or response: if content or response:
return page, headers return page, headers