Added support to test for stacked queries support and improved check for time based blind sql injection.

Minor bug fix in --save option
2025-12-06 12:41:30 +00:00 · 2008-12-16 21:30:24 +00:00
parent bf2a857b9a
commit 05a8c8d3bf
9 changed files with 156 additions and 23 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -322,21 +322,15 @@ def getValue(expression, blind=True, inband=True, fromUser=False, expected=None)
    return value


-def goStacked(expression, timeTest=False):
+def goStacked(expression):
    """
    TODO: write description
    """

-    comment        = queries[kb.dbms].comment
-    query          = agent.prefixQuery("; %s" % expression)
-    query          = agent.postfixQuery("%s; %s" % (query, comment))
-    payload        = agent.payload(newValue=query)
+    comment = queries[kb.dbms].comment
+    query   = agent.prefixQuery("; %s" % expression)
+    query   = agent.postfixQuery("%s;%s" % (query, comment))
+    payload = agent.payload(newValue=query)
+    page    = Request.queryPage(payload, content=True)

-    start    = time.time()
-    Request.queryPage(payload)
-    duration = int(time.time() - start)
-
-    if timeTest:
-        return (duration >= SECONDS, payload)
-    else:
-        return duration >= SECONDS
+    return payload, page