sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-19 21:10:36 +03:00
Code Issues Packages Projects Releases Wiki Activity

minor update regarding -d and time based injections

Browse Source
This commit is contained in:
Miroslav Stampar 2012-01-13 12:45:02 +00:00
parent 04686b83e3
commit dd295bbd4a
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
lib/request/direct.py
View File

@ -7,9 +7,13 @@ Copyright (c) 2006-2012 sqlmap developers (http://www.sqlmap.org/)
See the file 'doc/COPYING' for copying permission See the file 'doc/COPYING' for copying permission
""" """
import time
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import dataToSessionFile from lib.core.common import dataToSessionFile
from lib.core.common import Backend from lib.core.common import Backend
from lib.core.common import calculateDeltaSeconds
from lib.core.common import getCurrentThreadData
from lib.core.common import getUnicode from lib.core.common import getUnicode
from lib.core.convert import base64pickle from lib.core.convert import base64pickle
from lib.core.convert import base64unpickle from lib.core.convert import base64unpickle
@ -26,6 +30,7 @@ def direct(query, content=True):
output = None output = None
select = True select = True
query = agent.payloadDirect(query) query = agent.payloadDirect(query)
threadData = getCurrentThreadData()
if Backend.isDbms(DBMS.ORACLE) and query.startswith("SELECT ") and " FROM " not in query: if Backend.isDbms(DBMS.ORACLE) and query.startswith("SELECT ") and " FROM " not in query:
query = "%s FROM DUAL" % query query = "%s FROM DUAL" % query
@ -41,6 +46,7 @@ def direct(query, content=True):
logger.log(9, query) logger.log(9, query)
start = time.time()
if not select: if not select:
output = timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None) output = timeout(func=conf.dbmsConnector.execute, args=(query,), duration=conf.timeout, default=None)
elif conf.hostname in kb.resumedQueries and query in kb.resumedQueries[conf.hostname] and "sqlmapoutput" not in query and "sqlmapfile" not in query: elif conf.hostname in kb.resumedQueries and query in kb.resumedQueries[conf.hostname] and "sqlmapoutput" not in query and "sqlmapfile" not in query:
@ -54,6 +60,7 @@ def direct(query, content=True):
logger.info(infoMsg) logger.info(infoMsg)
else: else:
output = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None) output = timeout(func=conf.dbmsConnector.select, args=(query,), duration=conf.timeout, default=None)
threadData.lastQueryDuration = calculateDeltaSeconds(start)
if output is None or len(output) == 0: if output is None or len(output) == 0:
return None return None