sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-06-17 11:33:27 +03:00
Code Issues Packages Projects Releases Wiki Activity

added standard deviation check in time based tests

Browse Source
This commit is contained in:
Miroslav Stampar 2010-12-07 16:39:31 +00:00
parent 294119d2ec
commit ecd4a5a532
4 changed files with 48 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
lib/controller/checks.py
View File

@ -26,6 +26,7 @@ from lib.core.common import randomStr
from lib.core.common import readInput from lib.core.common import readInput
from lib.core.common import removeDynamicContent from lib.core.common import removeDynamicContent
from lib.core.common import showStaticWords from lib.core.common import showStaticWords
from lib.core.common import stdev
from lib.core.common import trimAlphaNum from lib.core.common import trimAlphaNum
from lib.core.common import wasLastRequestDBMSError from lib.core.common import wasLastRequestDBMSError
from lib.core.common import DynamicContentItem from lib.core.common import DynamicContentItem
@ -47,6 +48,7 @@ from lib.core.exception import sqlmapUserQuitException
from lib.core.session import setString from lib.core.session import setString
from lib.core.session import setRegexp from lib.core.session import setRegexp
from lib.core.settings import MIN_DURATION_RATIO from lib.core.settings import MIN_DURATION_RATIO
from lib.core.settings import MAX_TIME_STDEV
from lib.core.settings import TIME_TOLERANCE from lib.core.settings import TIME_TOLERANCE
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request
from lib.request.templates import getPageTemplate from lib.request.templates import getPageTemplate
@ -343,7 +345,17 @@ def checkSqlInjection(place, parameter, value):
# In case of time-based blind or stacked queries # In case of time-based blind or stacked queries
# SQL injections # SQL injections
elif method == PAYLOAD.METHOD.TIME: elif method == PAYLOAD.METHOD.TIME and kb.timeTests:
if stdev(kb.responseTimes) > MAX_TIME_STDEV:
# the standard deviation tells us how far from the mean
# the data points tend to be. It will have the same units
# as the data points themselves
warnMsg = "loading time(s) of the target url is too "
warnMsg += "chaotic. skipping further time-based tests."
logger.critical(warnMsg)
kb.timeTests = False
else:
# Store old value of socket timeout # Store old value of socket timeout
pushValue(socket.getdefaulttimeout()) pushValue(socket.getdefaulttimeout())
@ -357,8 +369,9 @@ def checkSqlInjection(place, parameter, value):
_ = Request.queryPage(reqPayload, place, noteResponseTime = False) _ = Request.queryPage(reqPayload, place, noteResponseTime = False)
duration = calculateDeltaSeconds(start) duration = calculateDeltaSeconds(start)
trueResult = (check.isdigit() and abs(duration - int(check) - average(kb.responseTimes)) < TIME_TOLERANCE)\ trueResult = duration > max(kb.responseTimes) and ((check.isdigit()\
or (check == "[DELAYED]" and duration >= MIN_DURATION_RATIO * max(kb.responseTimes)) and abs(duration - int(check) - average(kb.responseTimes)) < TIME_TOLERANCE)\
or (check == "[DELAYED]" and duration >= MIN_DURATION_RATIO * max(kb.responseTimes)))
if trueResult: if trueResult:
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title) infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)

13
lib/core/common.py
View File

@ -27,6 +27,7 @@ from ConfigParser import RawConfigParser
from StringIO import StringIO from StringIO import StringIO
from difflib import SequenceMatcher from difflib import SequenceMatcher
from inspect import getmembers from inspect import getmembers
from math import sqrt
from subprocess import PIPE from subprocess import PIPE
from subprocess import Popen as execute from subprocess import Popen as execute
from tempfile import NamedTemporaryFile from tempfile import NamedTemporaryFile
@ -1276,6 +1277,18 @@ def readXmlFile(xmlFile):
xfile.close() xfile.close()
return retVal return retVal
def stdev(values):
"""
Computes standard deviation of a list of numbers.
"""
sum = 0.0
avg = average(values)
for value in values:
sum += pow(value - avg, 2)
return sqrt(sum/len(values))
def average(values): def average(values):
""" """
Computes the arithmetic mean of a list of numbers. Computes the arithmetic mean of a list of numbers.

1
lib/core/option.py
View File

@ -1182,6 +1182,7 @@ def __setKnowledgeBaseAttributes():
kb.technique = None kb.technique = None
kb.testMode = False kb.testMode = False
kb.testQueryCount = 0 kb.testQueryCount = 0
kb.timeTests = True
kb.unionComment = "" kb.unionComment = ""
kb.unionCount = None kb.unionCount = None
kb.unionPosition = None kb.unionPosition = None

1
lib/core/settings.py
View File

@ -51,6 +51,7 @@ PAYLOAD_DELIMITER = "\x00"
# time testing settings # time testing settings
TIME_TOLERANCE = 0.5 TIME_TOLERANCE = 0.5
MIN_DURATION_RATIO = 1.5 MIN_DURATION_RATIO = 1.5
MAX_TIME_STDEV = 1
# System variables # System variables
IS_WIN = subprocess.mswindows IS_WIN = subprocess.mswindows