PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-06 20:51:31 +00:00
Code Issues Projects Releases Wiki Activity

it's a must to double check time based payloads

Browse Source
This commit is contained in:
Miroslav Stampar
2010-12-07 14:59:11 +00:00
parent e53fef546e
commit 4959da3ce6
1 changed files with 12 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
lib/controller/checks.py
View File

@@ -355,13 +355,16 @@ def checkSqlInjection(place, parameter, value):
_ = Request.queryPage(reqPayload, place)
duration = calculateDeltaSeconds(start)
# Threat sleep and delayed (heavy query) differently
if check.isdigit() and duration >= int(check):
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg)
trueResult = (check.isdigit() and duration >= int(check)) or (check == "[DELAYED]" and duration >= max(TIME_MIN_DELTA, kb.responseTime))
injectable = True
elif check == "[DELAYED]" and duration >= max(TIME_MIN_DELTA, kb.responseTime):
if trueResult:
start = time.time()
_ = Request.queryPage(reqPayload, place)
duration = calculateDeltaSeconds(start)
trueResult = (check.isdigit() and duration >= int(check)) or (check == "[DELAYED]" and duration >= max(TIME_MIN_DELTA, kb.responseTime))
if trueResult:
infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
logger.info(infoMsg)