mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-29 04:53:48 +03:00
Implementation for an Issue #200
This commit is contained in:
parent
cd9a47835b
commit
e61c4c22c9
|
@ -58,6 +58,7 @@ from lib.core.convert import utf8encode
|
||||||
from lib.core.decorators import cachedmethod
|
from lib.core.decorators import cachedmethod
|
||||||
from lib.core.dicts import DBMS_DICT
|
from lib.core.dicts import DBMS_DICT
|
||||||
from lib.core.dicts import SQL_STATEMENTS
|
from lib.core.dicts import SQL_STATEMENTS
|
||||||
|
from lib.core.enums import ADJUST_TIME_DELAY
|
||||||
from lib.core.enums import CHARSET_TYPE
|
from lib.core.enums import CHARSET_TYPE
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
from lib.core.enums import EXPECTED
|
from lib.core.enums import EXPECTED
|
||||||
|
@ -1906,8 +1907,14 @@ def wasLastRequestDelayed():
|
||||||
lowerStdLimit = average(kb.responseTimes) + TIME_STDEV_COEFF * deviation
|
lowerStdLimit = average(kb.responseTimes) + TIME_STDEV_COEFF * deviation
|
||||||
retVal = (threadData.lastQueryDuration >= lowerStdLimit)
|
retVal = (threadData.lastQueryDuration >= lowerStdLimit)
|
||||||
|
|
||||||
if not kb.testMode and retVal and kb.adjustTimeDelay:
|
if not kb.testMode and retVal:
|
||||||
adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit)
|
if kb.adjustTimeDelay is None:
|
||||||
|
msg = "do you want sqlmap to try to optimize value(s) "
|
||||||
|
msg += "for DBMS delay responses (option '--time-sec')? [Y/n] "
|
||||||
|
choice = readInput(msg, default='Y')
|
||||||
|
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE if choice.upper() == 'N' else ADJUST_TIME_DELAY.YES
|
||||||
|
if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
|
||||||
|
adjustTimeDelay(threadData.lastQueryDuration, lowerStdLimit)
|
||||||
|
|
||||||
return retVal
|
return retVal
|
||||||
else:
|
else:
|
||||||
|
|
|
@ -223,3 +223,8 @@ class WIZARD:
|
||||||
BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba")
|
BASIC = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba")
|
||||||
SMART = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs")
|
SMART = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getUsers", "getDbs", "getTables", "getSchema", "excludeSysDbs")
|
||||||
ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll")
|
ALL = ("getBanner", "getCurrentUser", "getCurrentDb", "isDba", "getHostname", "getUsers", "getPasswordHashes", "getPrivileges", "getRoles", "dumpAll")
|
||||||
|
|
||||||
|
class ADJUST_TIME_DELAY:
|
||||||
|
DISABLE = -1
|
||||||
|
NO = 0
|
||||||
|
YES = 1
|
||||||
|
|
|
@ -59,6 +59,7 @@ from lib.core.datatype import AttribDict
|
||||||
from lib.core.datatype import InjectionDict
|
from lib.core.datatype import InjectionDict
|
||||||
from lib.core.defaults import defaults
|
from lib.core.defaults import defaults
|
||||||
from lib.core.dicts import DBMS_DICT
|
from lib.core.dicts import DBMS_DICT
|
||||||
|
from lib.core.enums import ADJUST_TIME_DELAY
|
||||||
from lib.core.enums import CUSTOM_LOGGING
|
from lib.core.enums import CUSTOM_LOGGING
|
||||||
from lib.core.enums import HTTPHEADER
|
from lib.core.enums import HTTPHEADER
|
||||||
from lib.core.enums import HTTPMETHOD
|
from lib.core.enums import HTTPMETHOD
|
||||||
|
@ -1356,16 +1357,14 @@ def __cleanupOptions():
|
||||||
if conf.timeSec not in kb.explicitSettings:
|
if conf.timeSec not in kb.explicitSettings:
|
||||||
if conf.tor:
|
if conf.tor:
|
||||||
conf.timeSec = 2 * conf.timeSec
|
conf.timeSec = 2 * conf.timeSec
|
||||||
kb.adjustTimeDelay = False
|
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
|
||||||
|
|
||||||
warnMsg = "increasing default value for "
|
warnMsg = "increasing default value for "
|
||||||
warnMsg += "option '--time-sec' to %d because " % conf.timeSec
|
warnMsg += "option '--time-sec' to %d because " % conf.timeSec
|
||||||
warnMsg += "switch '--tor' was provided"
|
warnMsg += "switch '--tor' was provided"
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
else:
|
|
||||||
kb.adjustTimeDelay = True
|
|
||||||
else:
|
else:
|
||||||
kb.adjustTimeDelay = False
|
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
|
||||||
|
|
||||||
if conf.code:
|
if conf.code:
|
||||||
conf.code = int(conf.code)
|
conf.code = int(conf.code)
|
||||||
|
@ -1446,7 +1445,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
kb.absFilePaths = set()
|
kb.absFilePaths = set()
|
||||||
kb.adjustTimeDelay = False
|
kb.adjustTimeDelay = None
|
||||||
kb.alwaysRefresh = None
|
kb.alwaysRefresh = None
|
||||||
kb.arch = None
|
kb.arch = None
|
||||||
kb.authHeader = None
|
kb.authHeader = None
|
||||||
|
|
|
@ -40,6 +40,7 @@ from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.dicts import POST_HINT_CONTENT_TYPES
|
from lib.core.dicts import POST_HINT_CONTENT_TYPES
|
||||||
|
from lib.core.enums import ADJUST_TIME_DELAY
|
||||||
from lib.core.enums import CUSTOM_LOGGING
|
from lib.core.enums import CUSTOM_LOGGING
|
||||||
from lib.core.enums import HTTPHEADER
|
from lib.core.enums import HTTPHEADER
|
||||||
from lib.core.enums import HTTPMETHOD
|
from lib.core.enums import HTTPMETHOD
|
||||||
|
@ -704,7 +705,7 @@ class Connect:
|
||||||
deviation = stdev(kb.responseTimes)
|
deviation = stdev(kb.responseTimes)
|
||||||
|
|
||||||
if deviation > WARN_TIME_STDEV:
|
if deviation > WARN_TIME_STDEV:
|
||||||
kb.adjustTimeDelay = False
|
kb.adjustTimeDelay = ADJUST_TIME_DELAY.DISABLE
|
||||||
|
|
||||||
warnMsg = "there is considerable lagging "
|
warnMsg = "there is considerable lagging "
|
||||||
warnMsg += "in connection response(s). Please use as high "
|
warnMsg += "in connection response(s). Please use as high "
|
||||||
|
|
|
@ -31,6 +31,7 @@ from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
from lib.core.data import logger
|
from lib.core.data import logger
|
||||||
from lib.core.data import queries
|
from lib.core.data import queries
|
||||||
|
from lib.core.enums import ADJUST_TIME_DELAY
|
||||||
from lib.core.enums import CHARSET_TYPE
|
from lib.core.enums import CHARSET_TYPE
|
||||||
from lib.core.enums import DBMS
|
from lib.core.enums import DBMS
|
||||||
from lib.core.enums import PAYLOAD
|
from lib.core.enums import PAYLOAD
|
||||||
|
@ -289,10 +290,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
|
warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
|
||||||
logger.warn(warnMsg)
|
logger.warn(warnMsg)
|
||||||
|
|
||||||
if kb.adjustTimeDelay:
|
if kb.adjustTimeDelay is ADJUST_TIME_DELAY.YES:
|
||||||
dbgMsg = "turning off time auto-adjustment mechanism"
|
dbgMsg = "turning off time auto-adjustment mechanism"
|
||||||
logger.debug(dbgMsg)
|
logger.debug(dbgMsg)
|
||||||
kb.adjustTimeDelay = False
|
kb.adjustTimeDelay = ADJUST_TIME_DELAY.NO
|
||||||
|
|
||||||
return getChar(idx, originalTbl, continuousOrder, expand, shiftTable)
|
return getChar(idx, originalTbl, continuousOrder, expand, shiftTable)
|
||||||
else:
|
else:
|
||||||
|
@ -303,10 +304,10 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
|
||||||
else:
|
else:
|
||||||
if timeBasedCompare:
|
if timeBasedCompare:
|
||||||
kb.timeValidCharsRun += 1
|
kb.timeValidCharsRun += 1
|
||||||
if not kb.adjustTimeDelay and kb.timeValidCharsRun > VALID_TIME_CHARS_RUN_THRESHOLD:
|
if kb.adjustTimeDelay is ADJUST_TIME_DELAY.NO and kb.timeValidCharsRun > VALID_TIME_CHARS_RUN_THRESHOLD:
|
||||||
dbgMsg = "turning back on time auto-adjustment mechanism"
|
dbgMsg = "turning back on time auto-adjustment mechanism"
|
||||||
logger.debug(dbgMsg)
|
logger.debug(dbgMsg)
|
||||||
kb.adjustTimeDelay = True
|
kb.adjustTimeDelay = ADJUST_TIME_DELAY.YES
|
||||||
|
|
||||||
return decodeIntToUnicode(retVal)
|
return decodeIntToUnicode(retVal)
|
||||||
else:
|
else:
|
||||||
|
|
Loading…
Reference in New Issue
Block a user