Further dealing with time-based SQLi (Issue #1973)

2025-12-07 13:11:29 +00:00 · 2016-09-27 10:32:22 +02:00
parent 09617c8243
commit 8994bf2dba
4 changed files with 14 additions and 5 deletions
--- a/lib/core/agent.py
+++ b/lib/core/agent.py
@@ -43,6 +43,7 @@ from lib.core.settings import GENERIC_SQL_COMMENT
 from lib.core.settings import NULL
 from lib.core.settings import PAYLOAD_DELIMITER
 from lib.core.settings import REPLACEMENT_MARKER
+from lib.core.settings import SLEEP_TIME_MARKER
 from lib.core.unescaper import unescaper

 class Agent(object):
@@ -343,7 +344,7 @@ class Agent(object):
        """

        if payload:
-            payload = payload.replace("[SLEEPTIME]", str(conf.timeSec))
+            payload = payload.replace(SLEEP_TIME_MARKER, str(conf.timeSec))

        return payload