diff --git a/lib/core/option.py b/lib/core/option.py index b4aeb5aa9..f559de269 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -1259,76 +1259,77 @@ def __setKnowledgeBaseAttributes(flushAll=True): debugMsg = "initializing the knowledge base" logger.debug(debugMsg) - kb.absFilePaths = set() - kb.adjustTimeDelay = False - kb.authHeader = None - kb.bannerFp = advancedDict() + kb.absFilePaths = set() + kb.adjustTimeDelay = False + kb.authHeader = None + kb.bannerFp = advancedDict() - kb.brute = advancedDict({'tables':[], 'columns':[]}) - kb.bruteMode = False + kb.brute = advancedDict({'tables':[], 'columns':[]}) + kb.bruteMode = False - kb.cache = advancedDict() - kb.cache.content = {} - kb.cache.regex = {} - kb.cache.stdev = {} + kb.cache = advancedDict() + kb.cache.content = {} + kb.cache.regex = {} + kb.cache.stdev = {} - kb.commonOutputs = None + kb.commonOutputs = None - kb.data = advancedDict() + kb.data = advancedDict() # Active back-end DBMS fingerprint - kb.dbms = None - kb.dbmsVersion = [ UNKNOWN_DBMS_VERSION ] + kb.dbms = None + kb.dbmsVersion = [ UNKNOWN_DBMS_VERSION ] - kb.delayCandidates = TIME_DELAY_CANDIDATES * [0] - kb.dep = None - kb.docRoot = None - kb.dynamicMarkings = [] - kb.endDetection = False - kb.httpErrorCodes = {} - kb.errorIsNone = True - kb.formNames = [] - kb.headersCount = 0 - kb.headersFp = {} - kb.hintValue = None - kb.htmlFp = [] - kb.injection = injectionDict() - kb.injections = [] + kb.delayCandidates = TIME_DELAY_CANDIDATES * [0] + kb.dep = None + kb.docRoot = None + kb.dynamicMarkings = [] + kb.endDetection = False + kb.httpErrorCodes = {} + kb.errorIsNone = True + kb.formNames = [] + kb.headersCount = 0 + kb.headersFp = {} + kb.hintValue = None + kb.htmlFp = [] + kb.injection = injectionDict() + kb.injections = [] - kb.locks = advancedDict() - kb.locks.cacheLock = threading.Lock() - kb.locks.logLock = threading.Lock() + kb.locks = advancedDict() + kb.locks.cacheLock = threading.Lock() + kb.locks.logLock = threading.Lock() - kb.matchRatio = None - kb.nullConnection = None - kb.pageTemplate = None - kb.pageTemplates = dict() - kb.originalPage = None + kb.matchRatio = None + kb.nullConnection = None + kb.pageTemplate = None + kb.pageTemplates = dict() + kb.originalPage = None # Back-end DBMS underlying operating system fingerprint via banner (-b) # parsing - kb.os = None - kb.osVersion = None - kb.osSP = None + kb.os = None + kb.osVersion = None + kb.osSP = None - kb.pageEncoding = DEFAULT_PAGE_ENCODING - kb.pageStable = None - kb.partRun = None - kb.proxyAuthHeader = None - kb.queryCounter = 0 - kb.redirectSetCookie = None - kb.responseTimes = [] - kb.resumedQueries = {} - kb.retriesCount = 0 - kb.singleLogFlags = set() - kb.skipOthersDbms = None - kb.suppressSession = False - kb.technique = None - kb.testMode = False - kb.testQueryCount = 0 - kb.threadContinue = True - kb.threadException = False - kb.threadData = {} + kb.pageEncoding = DEFAULT_PAGE_ENCODING + kb.pageStable = None + kb.partRun = None + kb.proxyAuthHeader = None + kb.queryCounter = 0 + kb.redirectSetCookie = None + kb.responseTimes = [] + kb.resumedQueries = {} + kb.retriesCount = 0 + kb.singleLogFlags = set() + kb.skipOthersDbms = None + kb.suppressSession = False + kb.suppressResumeInfo = False + kb.technique = None + kb.testMode = False + kb.testQueryCount = 0 + kb.threadContinue = True + kb.threadException = False + kb.threadData = {} kb.xpCmdshellAvailable = False kb.misc = advancedDict() diff --git a/lib/core/settings.py b/lib/core/settings.py index ed416b203..e7c11224e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -310,3 +310,6 @@ MAX_INT = sys.maxint # Parameters to be ignored in detection phase (upper case) IGNORE_PARAMETERS = ("__VIEWSTATE", "__EVENTARGUMENT", "__EVENTTARGET", "__EVENTVALIDATION", "ASPSESSIONID", "ASP.NET_SESSIONID", "JSESSIONID", "CFID", "CFTOKEN") + +# Turn off resume console info to avoid potential slowdowns +TURN_OFF_RESUME_INFO_LIMIT = 20 diff --git a/lib/techniques/error/use.py b/lib/techniques/error/use.py index 2af8447b5..9c47453ae 100644 --- a/lib/techniques/error/use.py +++ b/lib/techniques/error/use.py @@ -35,6 +35,7 @@ from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapConnectionException from lib.core.settings import FROM_TABLE from lib.core.settings import MYSQL_ERROR_CHUNK_LENGTH +from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT from lib.core.threads import getCurrentThreadData from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request @@ -301,6 +302,12 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): logger.info(infoMsg) try: + if stopLimit > TURN_OFF_RESUME_INFO_LIMIT: + kb.suppressResumeInfo = True + infoMsg = "suppressing resume console info because of " + infoMsg += "large number of rows (possible slowdown)" + logger.info(infoMsg) + for num in xrange(startLimit, stopLimit): output = __errorFields(expression, expressionFields, expressionFieldsList, expected, num, resumeValue) @@ -320,6 +327,9 @@ def errorUse(expression, expected=None, resumeValue=True, dump=False): errMsg += "'%s'" % e logger.critical(errMsg) + finally: + kb.suppressResumeInfo = False + if not outputs: outputs = __errorFields(expression, expressionFields, expressionFieldsList) diff --git a/lib/techniques/inband/union/use.py b/lib/techniques/inband/union/use.py index 76ff12164..802bafa3f 100644 --- a/lib/techniques/inband/union/use.py +++ b/lib/techniques/inband/union/use.py @@ -34,6 +34,7 @@ from lib.core.enums import PAYLOAD from lib.core.exception import sqlmapConnectionException from lib.core.exception import sqlmapSyntaxException from lib.core.settings import FROM_TABLE +from lib.core.settings import TURN_OFF_RESUME_INFO_LIMIT from lib.core.unescaper import unescaper from lib.request.connect import Connect as Request from lib.utils.resume import resume @@ -246,6 +247,12 @@ def unionUse(expression, unpack=True, dump=False): logger.info(infoMsg) try: + if stopLimit > TURN_OFF_RESUME_INFO_LIMIT: + kb.suppressResumeInfo = True + infoMsg = "suppressing resume console info because of " + infoMsg += "large number of rows (possible slowdown)" + logger.info(infoMsg) + for num in xrange(startLimit, stopLimit): if Backend.getIdentifiedDbms() in (DBMS.MSSQL, DBMS.SYBASE): field = expressionFieldsList[0] @@ -284,6 +291,9 @@ def unionUse(expression, unpack=True, dump=False): errMsg += "'%s'" % e logger.critical(errMsg) + finally: + kb.suppressResumeInfo = False + if not value: value = __oneShotUnionUse(expression, unpack) diff --git a/lib/utils/resume.py b/lib/utils/resume.py index 3f2791249..1e38a7b17 100644 --- a/lib/utils/resume.py +++ b/lib/utils/resume.py @@ -135,7 +135,8 @@ def resume(expression, payload): else: infoMsg += logValue - dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg)) + if not kb.suppressResumeInfo: + dataToStdout("[%s] [INFO] %s\n" % (time.strftime("%X"), infoMsg)) return resumedValue