From e8336ecfe1e548f56672db31edcd7efa365058a3 Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Fri, 29 Jun 2018 23:57:20 +0200 Subject: [PATCH] Fix of a pesky often 'statistical model' retrieval --- lib/core/settings.py | 2 +- lib/request/connect.py | 2 +- lib/request/inject.py | 3 ++- txt/checksum.md5 | 6 +++--- 4 files changed, 7 insertions(+), 6 deletions(-) diff --git a/lib/core/settings.py b/lib/core/settings.py index 540958610..47123a533 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -19,7 +19,7 @@ from lib.core.enums import DBMS_DIRECTORY_NAME from lib.core.enums import OS # sqlmap version (...) -VERSION = "1.2.6.40" +VERSION = "1.2.6.41" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE) diff --git a/lib/request/connect.py b/lib/request/connect.py index dcfd675a8..612970b48 100644 --- a/lib/request/connect.py +++ b/lib/request/connect.py @@ -1162,7 +1162,7 @@ class Connect(object): singleTimeWarnMessage(warnMsg) warnMsg = "[%s] [WARNING] %stime-based comparison requires " % (time.strftime("%X"), "(case) " if kb.responseTimeMode else "") - warnMsg += "larger statistical model, please wait" + warnMsg += "%s statistical model, please wait" % ("larger" if len(kb.responseTimes) == 1 else "reset of") dataToStdout(warnMsg) while len(kb.responseTimes[kb.responseTimeMode]) < MIN_TIME_RESPONSES: diff --git a/lib/request/inject.py b/lib/request/inject.py index 89cfbd0d4..34271e1df 100644 --- a/lib/request/inject.py +++ b/lib/request/inject.py @@ -440,7 +440,8 @@ def getValue(expression, blind=True, union=True, error=True, time=True, fromUser found = (value is not None) or (value is None and expectingNone) or count >= MAX_TECHNIQUES_PER_VALUE if time and (isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME) or isTechniqueAvailable(PAYLOAD.TECHNIQUE.STACKED)) and not found: - kb.responseTimeMode = re.sub(r"(?i)[^a-z]", "", re.sub(r"'[^']+'", "", re.sub(r"(?i)(\w+)\(.+\)", r"\g<1>", expression))) if re.search(r"(?i)SELECT.+FROM", expression) else None + match = re.search(r"\bFROM\b ([^ ]+).+ORDER BY ([^ ]+)", expression) + kb.responseTimeMode = "%s|%s" % (match.group(1), match.group(2)) if match else None if isTechniqueAvailable(PAYLOAD.TECHNIQUE.TIME): kb.technique = PAYLOAD.TECHNIQUE.TIME diff --git a/txt/checksum.md5 b/txt/checksum.md5 index 496a5948e..a0d0c8627 100644 --- a/txt/checksum.md5 +++ b/txt/checksum.md5 @@ -48,7 +48,7 @@ c8c386d644d57c659d74542f5f57f632 lib/core/patch.py 0c3eef46bdbf87e29a3f95f90240d192 lib/core/replication.py a7db43859b61569b601b97f187dd31c5 lib/core/revision.py fcb74fcc9577523524659ec49e2e964b lib/core/session.py -da93a924f9a99c51cab7d8e7adb2448d lib/core/settings.py +2aab203a038a8c4d06794a9fdb878229 lib/core/settings.py dd68a9d02fccb4fa1428b20e15b0db5d lib/core/shell.py a7edc9250d13af36ac0108f259859c19 lib/core/subprocessng.py 95f04c1c1d8c3998d86e1bdf0e12771c lib/core/target.py @@ -70,12 +70,12 @@ f2af274126ce0a789027d35d367f2b9e lib/parse/payloads.py 30eed3a92a04ed2c29770e1b10d39dc0 lib/request/basicauthhandler.py 2b81435f5a7519298c15c724e3194a0d lib/request/basic.py c0cabedead14b8a23353b606672cff42 lib/request/comparison.py -1b5491cc079384f08cbc6b397786e1af lib/request/connect.py +039f0f7cf997856fa2f6e8d5d69f7ae9 lib/request/connect.py dd4598675027fae99f2e2475b05986da lib/request/direct.py 2044fce3f4ffa268fcfaaf63241b1e64 lib/request/dns.py 98535d0efca5551e712fcc4b34a3f772 lib/request/httpshandler.py 1e5532ede194ac9c083891c2f02bca93 lib/request/__init__.py -c2fb1abbb7127ec6419bbf852c0a458d lib/request/inject.py +a5cbc19ee18bd4b848515eb3ea3291f0 lib/request/inject.py aaf956c1e9855836c3f372e29d481393 lib/request/methodrequest.py 51eeaa8abf5ba62aaaade66d46ff8b00 lib/request/pkihandler.py 2c3774b72586985719035b195f144d7b lib/request/rangehandler.py