mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-25 11:03:47 +03:00
Removing single-thread limit for time-based SQLi
This commit is contained in:
parent
a6b6b91989
commit
e236ba5616
|
@ -1875,6 +1875,7 @@ def _setKnowledgeBaseAttributes(flushAll=True):
|
|||
kb.followSitemapRecursion = None
|
||||
kb.forcedDbms = None
|
||||
kb.forcePartialUnion = False
|
||||
kb.forceThreads = None
|
||||
kb.forceWhere = None
|
||||
kb.futileUnion = None
|
||||
kb.heavilyDynamic = False
|
||||
|
|
|
@ -18,7 +18,7 @@ from lib.core.enums import OS
|
|||
from thirdparty.six import unichr as _unichr
|
||||
|
||||
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
|
||||
VERSION = "1.3.6.4"
|
||||
VERSION = "1.3.6.5"
|
||||
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
|
||||
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
|
||||
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)
|
||||
|
|
|
@ -721,9 +721,6 @@ def cmdLineParser(argv=None):
|
|||
parser.add_option("--force-pivoting", dest="forcePivoting", action="store_true",
|
||||
help=SUPPRESS_HELP)
|
||||
|
||||
parser.add_option("--force-threads", dest="forceThreads", action="store_true",
|
||||
help=SUPPRESS_HELP)
|
||||
|
||||
parser.add_option("--smoke-test", dest="smokeTest", action="store_true",
|
||||
help=SUPPRESS_HELP)
|
||||
|
||||
|
|
|
@ -91,7 +91,7 @@ def _goInference(payload, expression, charsetType=None, firstChar=None, lastChar
|
|||
timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))
|
||||
|
||||
if not (timeBasedCompare and kb.dnsTest):
|
||||
if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search(r"(COUNT|LTRIM)\(", expression, re.I) and not (timeBasedCompare and not conf.forceThreads):
|
||||
if (conf.eta or conf.threads > 1) and Backend.getIdentifiedDbms() and not re.search(r"(COUNT|LTRIM)\(", expression, re.I) and not (timeBasedCompare and not kb.forceThreads):
|
||||
|
||||
if field and re.search(r"\ASELECT\s+DISTINCT\((.+?)\)\s+FROM", expression, re.I):
|
||||
expression = "SELECT %s FROM (%s)" % (field, expression)
|
||||
|
|
|
@ -24,6 +24,7 @@ from lib.core.common import getPartRun
|
|||
from lib.core.common import hashDBRetrieve
|
||||
from lib.core.common import hashDBWrite
|
||||
from lib.core.common import incrementCounter
|
||||
from lib.core.common import readInput
|
||||
from lib.core.common import safeStringFormat
|
||||
from lib.core.common import singleTimeWarnMessage
|
||||
from lib.core.data import conf
|
||||
|
@ -163,12 +164,15 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
|||
if showEta:
|
||||
progress = ProgressBar(maxValue=length)
|
||||
|
||||
if timeBasedCompare and conf.threads > 1 and not conf.forceThreads:
|
||||
warnMsg = "multi-threading is considered unsafe in time-based data retrieval. Going to switch it off automatically"
|
||||
singleTimeWarnMessage(warnMsg)
|
||||
if timeBasedCompare and conf.threads > 1 and kb.forceThreads is None:
|
||||
msg = "multi-threading is considered unsafe in "
|
||||
msg += "time-based data retrieval. Are you sure "
|
||||
msg += "of your choice (breaking warranty) [y/N] "
|
||||
|
||||
kb.forceThreads = readInput(msg, default='N', boolean=True)
|
||||
|
||||
if numThreads > 1:
|
||||
if not timeBasedCompare or conf.forceThreads:
|
||||
if not timeBasedCompare or kb.forceThreads:
|
||||
debugMsg = "starting %d thread%s" % (numThreads, ("s" if numThreads > 1 else ""))
|
||||
logger.debug(debugMsg)
|
||||
else:
|
||||
|
|
Loading…
Reference in New Issue
Block a user