mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-23 01:56:36 +03:00
little mathematics here and there (used "Rules for normally distributed data")
This commit is contained in:
parent
ee72838231
commit
dc651d59ec
|
@ -47,9 +47,6 @@ from lib.core.exception import sqlmapSiteTooDynamic
|
||||||
from lib.core.exception import sqlmapUserQuitException
|
from lib.core.exception import sqlmapUserQuitException
|
||||||
from lib.core.session import setString
|
from lib.core.session import setString
|
||||||
from lib.core.session import setRegexp
|
from lib.core.session import setRegexp
|
||||||
from lib.core.settings import MIN_DURATION_RATIO
|
|
||||||
from lib.core.settings import MAX_TIME_STDEV
|
|
||||||
from lib.core.settings import TIME_TOLERANCE
|
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
from lib.request.templates import getPageTemplate
|
from lib.request.templates import getPageTemplate
|
||||||
from plugins.dbms.firebird.syntax import Syntax as Firebird
|
from plugins.dbms.firebird.syntax import Syntax as Firebird
|
||||||
|
@ -345,42 +342,31 @@ def checkSqlInjection(place, parameter, value):
|
||||||
|
|
||||||
# In case of time-based blind or stacked queries
|
# In case of time-based blind or stacked queries
|
||||||
# SQL injections
|
# SQL injections
|
||||||
elif method == PAYLOAD.METHOD.TIME and kb.timeTests:
|
elif method == PAYLOAD.METHOD.TIME:
|
||||||
if stdev(kb.responseTimes) > MAX_TIME_STDEV:
|
# Store old value of socket timeout
|
||||||
# the standard deviation tells us how far from the mean
|
pushValue(socket.getdefaulttimeout())
|
||||||
# the data points tend to be. It will have the same units
|
|
||||||
# as the data points themselves
|
|
||||||
warnMsg = "loading time(s) of the target url is too "
|
|
||||||
warnMsg += "chaotic. skipping further time-based tests."
|
|
||||||
logger.critical(warnMsg)
|
|
||||||
|
|
||||||
kb.timeTests = False
|
# Set socket timeout to 2 minutes as some
|
||||||
else:
|
# time based checks can take awhile
|
||||||
# Store old value of socket timeout
|
socket.setdefaulttimeout(120)
|
||||||
pushValue(socket.getdefaulttimeout())
|
|
||||||
|
|
||||||
# Set socket timeout to 2 minutes as some
|
# Perform the test's request and check how long
|
||||||
# time based checks can take awhile
|
# it takes to get the response back
|
||||||
socket.setdefaulttimeout(120)
|
start = time.time()
|
||||||
|
_ = Request.queryPage(reqPayload, place, noteResponseTime = False)
|
||||||
|
duration = calculateDeltaSeconds(start)
|
||||||
|
|
||||||
# Perform the test's request and check how long
|
# Reference: http://www.answers.com/topic/standard-deviation
|
||||||
# it takes to get the response back
|
trueResult = (duration >= 7 * stdev(kb.responseTimes))
|
||||||
start = time.time()
|
|
||||||
_ = Request.queryPage(reqPayload, place, noteResponseTime = False)
|
|
||||||
duration = calculateDeltaSeconds(start)
|
|
||||||
|
|
||||||
trueResult = duration > max(kb.responseTimes) and ((check.isdigit()\
|
if trueResult:
|
||||||
and abs(duration - int(check) - average(kb.responseTimes)) < TIME_TOLERANCE)\
|
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
|
||||||
or (check == "[DELAYED]" and duration >= MIN_DURATION_RATIO * max(kb.responseTimes)))
|
logger.info(infoMsg)
|
||||||
|
|
||||||
if trueResult:
|
injectable = True
|
||||||
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
|
|
||||||
logger.info(infoMsg)
|
|
||||||
|
|
||||||
injectable = True
|
# Restore value of socket timeout
|
||||||
|
socket.setdefaulttimeout(popValue())
|
||||||
# Restore value of socket timeout
|
|
||||||
socket.setdefaulttimeout(popValue())
|
|
||||||
|
|
||||||
# If the injection test was successful feed the injection
|
# If the injection test was successful feed the injection
|
||||||
# object with the test's details
|
# object with the test's details
|
||||||
|
|
|
@ -1182,7 +1182,6 @@ def __setKnowledgeBaseAttributes():
|
||||||
kb.technique = None
|
kb.technique = None
|
||||||
kb.testMode = False
|
kb.testMode = False
|
||||||
kb.testQueryCount = 0
|
kb.testQueryCount = 0
|
||||||
kb.timeTests = True
|
|
||||||
kb.unionComment = ""
|
kb.unionComment = ""
|
||||||
kb.unionCount = None
|
kb.unionCount = None
|
||||||
kb.unionPosition = None
|
kb.unionPosition = None
|
||||||
|
|
|
@ -48,11 +48,6 @@ DUMP_STOP_MARKER = "__STOP__"
|
||||||
|
|
||||||
PAYLOAD_DELIMITER = "\x00"
|
PAYLOAD_DELIMITER = "\x00"
|
||||||
|
|
||||||
# time testing settings
|
|
||||||
TIME_TOLERANCE = 0.5
|
|
||||||
MIN_DURATION_RATIO = 1.5
|
|
||||||
MAX_TIME_STDEV = 1
|
|
||||||
|
|
||||||
# System variables
|
# System variables
|
||||||
IS_WIN = subprocess.mswindows
|
IS_WIN = subprocess.mswindows
|
||||||
# The name of the operating system dependent module imported. The following
|
# The name of the operating system dependent module imported. The following
|
||||||
|
|
|
@ -17,6 +17,7 @@ import traceback
|
||||||
|
|
||||||
from lib.contrib import multipartpost
|
from lib.contrib import multipartpost
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
|
from lib.core.common import calculateDeltaSeconds
|
||||||
from lib.core.common import extractErrorMessage
|
from lib.core.common import extractErrorMessage
|
||||||
from lib.core.common import getFilteredPageContent
|
from lib.core.common import getFilteredPageContent
|
||||||
from lib.core.common import getUnicode
|
from lib.core.common import getUnicode
|
||||||
|
@ -414,7 +415,7 @@ class Connect:
|
||||||
conf.cj.clear()
|
conf.cj.clear()
|
||||||
|
|
||||||
if noteResponseTime:
|
if noteResponseTime:
|
||||||
kb.responseTimes.append(time.time() - start)
|
kb.responseTimes.append(calculateDeltaSeconds(start))
|
||||||
|
|
||||||
if content or response:
|
if content or response:
|
||||||
return page, headers
|
return page, headers
|
||||||
|
|
Loading…
Reference in New Issue
Block a user