little mathematics here and there (used "Rules for normally distributed data")

This commit is contained in:
Miroslav Stampar 2010-12-07 19:19:12 +00:00
parent ee72838231
commit dc651d59ec
4 changed files with 21 additions and 40 deletions

View File

@ -47,9 +47,6 @@ from lib.core.exception import sqlmapSiteTooDynamic
from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setString
from lib.core.session import setRegexp
from lib.core.settings import MIN_DURATION_RATIO
from lib.core.settings import MAX_TIME_STDEV
from lib.core.settings import TIME_TOLERANCE
from lib.request.connect import Connect as Request
from lib.request.templates import getPageTemplate
from plugins.dbms.firebird.syntax import Syntax as Firebird
@ -345,42 +342,31 @@ def checkSqlInjection(place, parameter, value):
# In case of time-based blind or stacked queries
# SQL injections
elif method == PAYLOAD.METHOD.TIME and kb.timeTests:
if stdev(kb.responseTimes) > MAX_TIME_STDEV:
# the standard deviation tells us how far from the mean
# the data points tend to be. It will have the same units
# as the data points themselves
warnMsg = "loading time(s) of the target url is too "
warnMsg += "chaotic. skipping further time-based tests."
logger.critical(warnMsg)
elif method == PAYLOAD.METHOD.TIME:
# Store old value of socket timeout
pushValue(socket.getdefaulttimeout())
kb.timeTests = False
else:
# Store old value of socket timeout
pushValue(socket.getdefaulttimeout())
# Set socket timeout to 2 minutes as some
# time based checks can take awhile
socket.setdefaulttimeout(120)
# Set socket timeout to 2 minutes as some
# time based checks can take awhile
socket.setdefaulttimeout(120)
# Perform the test's request and check how long
# it takes to get the response back
start = time.time()
_ = Request.queryPage(reqPayload, place, noteResponseTime = False)
duration = calculateDeltaSeconds(start)
# Perform the test's request and check how long
# it takes to get the response back
start = time.time()
_ = Request.queryPage(reqPayload, place, noteResponseTime = False)
duration = calculateDeltaSeconds(start)
# Reference: http://www.answers.com/topic/standard-deviation
trueResult = (duration >= 7 * stdev(kb.responseTimes))
trueResult = duration > max(kb.responseTimes) and ((check.isdigit()\
and abs(duration - int(check) - average(kb.responseTimes)) < TIME_TOLERANCE)\
or (check == "[DELAYED]" and duration >= MIN_DURATION_RATIO * max(kb.responseTimes)))
if trueResult:
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg)
if trueResult:
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg)
injectable = True
injectable = True
# Restore value of socket timeout
socket.setdefaulttimeout(popValue())
# Restore value of socket timeout
socket.setdefaulttimeout(popValue())
# If the injection test was successful feed the injection
# object with the test's details

View File

@ -1182,7 +1182,6 @@ def __setKnowledgeBaseAttributes():
kb.technique = None
kb.testMode = False
kb.testQueryCount = 0
kb.timeTests = True
kb.unionComment = ""
kb.unionCount = None
kb.unionPosition = None

View File

@ -48,11 +48,6 @@ DUMP_STOP_MARKER = "__STOP__"
PAYLOAD_DELIMITER = "\x00"
# time testing settings
TIME_TOLERANCE = 0.5
MIN_DURATION_RATIO = 1.5
MAX_TIME_STDEV = 1
# System variables
IS_WIN = subprocess.mswindows
# The name of the operating system dependent module imported. The following

View File

@ -17,6 +17,7 @@ import traceback
from lib.contrib import multipartpost
from lib.core.agent import agent
from lib.core.common import calculateDeltaSeconds
from lib.core.common import extractErrorMessage
from lib.core.common import getFilteredPageContent
from lib.core.common import getUnicode
@ -414,7 +415,7 @@ class Connect:
conf.cj.clear()
if noteResponseTime:
kb.responseTimes.append(time.time() - start)
kb.responseTimes.append(calculateDeltaSeconds(start))
if content or response:
return page, headers