Further dealing with time-based SQLi (Issue #1973)

2025-12-08 05:31:32 +00:00 · 2016-09-27 10:32:22 +02:00
parent 09617c8243
commit 8994bf2dba
4 changed files with 14 additions and 5 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@@ -74,6 +74,7 @@ from lib.core.settings import IDS_WAF_CHECK_RATIO
 from lib.core.settings import IDS_WAF_CHECK_TIMEOUT
 from lib.core.settings import MAX_DIFFLIB_SEQUENCE_LENGTH
 from lib.core.settings import NON_SQLI_CHECK_PREFIX_SUFFIX_LENGTH
+from lib.core.settings import SLEEP_TIME_MARKER
 from lib.core.settings import SUHOSIN_MAX_VALUE_LENGTH
 from lib.core.settings import SUPPORTED_DBMS
 from lib.core.settings import URI_HTTP_HEADER
@@ -560,6 +561,12 @@ def checkSqlInjection(place, parameter, value):
                            trueCode = threadData.lastCode

                            if trueResult:
+                                # Just extra validation step (e.g. to check for dropping protection mechanisms)
+                                if SLEEP_TIME_MARKER in reqPayload:
+                                    falseResult = Request.queryPage(reqPayload.replace(SLEEP_TIME_MARKER, "0"), place, timeBasedCompare=True, raise404=False)
+                                    if falseResult:
+                                        continue
+
                                # Confirm test's results
                                trueResult = Request.queryPage(reqPayload, place, timeBasedCompare=True, raise404=False)