mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
little mathematics here and there (used "Rules for normally distributed data")
This commit is contained in:
parent
ee72838231
commit
dc651d59ec
|
@ -47,9 +47,6 @@ from lib.core.exception import sqlmapSiteTooDynamic
|
|||
from lib.core.exception import sqlmapUserQuitException
|
||||
from lib.core.session import setString
|
||||
from lib.core.session import setRegexp
|
||||
from lib.core.settings import MIN_DURATION_RATIO
|
||||
from lib.core.settings import MAX_TIME_STDEV
|
||||
from lib.core.settings import TIME_TOLERANCE
|
||||
from lib.request.connect import Connect as Request
|
||||
from lib.request.templates import getPageTemplate
|
||||
from plugins.dbms.firebird.syntax import Syntax as Firebird
|
||||
|
@ -345,42 +342,31 @@ def checkSqlInjection(place, parameter, value):
|
|||
|
||||
# In case of time-based blind or stacked queries
|
||||
# SQL injections
|
||||
elif method == PAYLOAD.METHOD.TIME and kb.timeTests:
|
||||
if stdev(kb.responseTimes) > MAX_TIME_STDEV:
|
||||
# the standard deviation tells us how far from the mean
|
||||
# the data points tend to be. It will have the same units
|
||||
# as the data points themselves
|
||||
warnMsg = "loading time(s) of the target url is too "
|
||||
warnMsg += "chaotic. skipping further time-based tests."
|
||||
logger.critical(warnMsg)
|
||||
elif method == PAYLOAD.METHOD.TIME:
|
||||
# Store old value of socket timeout
|
||||
pushValue(socket.getdefaulttimeout())
|
||||
|
||||
kb.timeTests = False
|
||||
else:
|
||||
# Store old value of socket timeout
|
||||
pushValue(socket.getdefaulttimeout())
|
||||
# Set socket timeout to 2 minutes as some
|
||||
# time based checks can take awhile
|
||||
socket.setdefaulttimeout(120)
|
||||
|
||||
# Set socket timeout to 2 minutes as some
|
||||
# time based checks can take awhile
|
||||
socket.setdefaulttimeout(120)
|
||||
# Perform the test's request and check how long
|
||||
# it takes to get the response back
|
||||
start = time.time()
|
||||
_ = Request.queryPage(reqPayload, place, noteResponseTime = False)
|
||||
duration = calculateDeltaSeconds(start)
|
||||
|
||||
# Perform the test's request and check how long
|
||||
# it takes to get the response back
|
||||
start = time.time()
|
||||
_ = Request.queryPage(reqPayload, place, noteResponseTime = False)
|
||||
duration = calculateDeltaSeconds(start)
|
||||
# Reference: http://www.answers.com/topic/standard-deviation
|
||||
trueResult = (duration >= 7 * stdev(kb.responseTimes))
|
||||
|
||||
trueResult = duration > max(kb.responseTimes) and ((check.isdigit()\
|
||||
and abs(duration - int(check) - average(kb.responseTimes)) < TIME_TOLERANCE)\
|
||||
or (check == "[DELAYED]" and duration >= MIN_DURATION_RATIO * max(kb.responseTimes)))
|
||||
if trueResult:
|
||||
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
|
||||
logger.info(infoMsg)
|
||||
|
||||
if trueResult:
|
||||
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
|
||||
logger.info(infoMsg)
|
||||
injectable = True
|
||||
|
||||
injectable = True
|
||||
|
||||
# Restore value of socket timeout
|
||||
socket.setdefaulttimeout(popValue())
|
||||
# Restore value of socket timeout
|
||||
socket.setdefaulttimeout(popValue())
|
||||
|
||||
# If the injection test was successful feed the injection
|
||||
# object with the test's details
|
||||
|
|
|
@ -1182,7 +1182,6 @@ def __setKnowledgeBaseAttributes():
|
|||
kb.technique = None
|
||||
kb.testMode = False
|
||||
kb.testQueryCount = 0
|
||||
kb.timeTests = True
|
||||
kb.unionComment = ""
|
||||
kb.unionCount = None
|
||||
kb.unionPosition = None
|
||||
|
|
|
@ -48,11 +48,6 @@ DUMP_STOP_MARKER = "__STOP__"
|
|||
|
||||
PAYLOAD_DELIMITER = "\x00"
|
||||
|
||||
# time testing settings
|
||||
TIME_TOLERANCE = 0.5
|
||||
MIN_DURATION_RATIO = 1.5
|
||||
MAX_TIME_STDEV = 1
|
||||
|
||||
# System variables
|
||||
IS_WIN = subprocess.mswindows
|
||||
# The name of the operating system dependent module imported. The following
|
||||
|
|
|
@ -17,6 +17,7 @@ import traceback
|
|||
|
||||
from lib.contrib import multipartpost
|
||||
from lib.core.agent import agent
|
||||
from lib.core.common import calculateDeltaSeconds
|
||||
from lib.core.common import extractErrorMessage
|
||||
from lib.core.common import getFilteredPageContent
|
||||
from lib.core.common import getUnicode
|
||||
|
@ -414,7 +415,7 @@ class Connect:
|
|||
conf.cj.clear()
|
||||
|
||||
if noteResponseTime:
|
||||
kb.responseTimes.append(time.time() - start)
|
||||
kb.responseTimes.append(calculateDeltaSeconds(start))
|
||||
|
||||
if content or response:
|
||||
return page, headers
|
||||
|
|
Loading…
Reference in New Issue
Block a user