mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2025-12-06 12:41:30 +00:00
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
This commit is contained in:
Miroslav Stampar
@@ -1107,3 +1107,6 @@ def parseXmlFile(xmlFile, handler):
|
|||||||
parse(stream, handler)
|
parse(stream, handler)
|
||||||
stream.close()
|
stream.close()
|
||||||
xfile.close()
|
xfile.close()
|
||||||
|
|
||||||
|
def calculateDeltaSeconds(start, epsilon=0.05):
|
||||||
|
return int(time.time() - start + epsilon)
|
||||||
@@ -26,6 +26,7 @@ import re
|
|||||||
import time
|
import time
|
||||||
|
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
|
from lib.core.common import calculateDeltaSeconds
|
||||||
from lib.core.common import cleanQuery
|
from lib.core.common import cleanQuery
|
||||||
from lib.core.common import dataToSessionFile
|
from lib.core.common import dataToSessionFile
|
||||||
from lib.core.common import expandAsteriskForColumns
|
from lib.core.common import expandAsteriskForColumns
|
||||||
@@ -55,7 +56,7 @@ def __goInference(payload, expression, charsetType=None, firstChar=None, lastCha
|
|||||||
|
|
||||||
count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar)
|
count, value = bisection(payload, expression, length, charsetType, firstChar, lastChar)
|
||||||
|
|
||||||
debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start))
|
debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
return value
|
return value
|
||||||
|
|||||||
@@ -25,6 +25,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|||||||
import time
|
import time
|
||||||
|
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
|
from lib.core.common import calculateDeltaSeconds
|
||||||
from lib.core.common import getDelayQuery
|
from lib.core.common import getDelayQuery
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
@@ -43,7 +44,7 @@ def timeTest():
|
|||||||
payload = agent.payload(newValue=query)
|
payload = agent.payload(newValue=query)
|
||||||
start = time.time()
|
start = time.time()
|
||||||
_ = Request.queryPage(payload)
|
_ = Request.queryPage(payload)
|
||||||
duration = int(time.time() - start)
|
duration = calculateDeltaSeconds(start)
|
||||||
|
|
||||||
if duration >= conf.timeSec:
|
if duration >= conf.timeSec:
|
||||||
infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter
|
infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter
|
||||||
@@ -64,7 +65,7 @@ def timeTest():
|
|||||||
timeQuery = getDelayQuery(andCond=True)
|
timeQuery = getDelayQuery(andCond=True)
|
||||||
start = time.time()
|
start = time.time()
|
||||||
payload, _ = inject.goStacked(timeQuery)
|
payload, _ = inject.goStacked(timeQuery)
|
||||||
duration = int(time.time() - start)
|
duration = calculateDeltaSeconds(start)
|
||||||
|
|
||||||
if duration >= conf.timeSec:
|
if duration >= conf.timeSec:
|
||||||
infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter
|
infoMsg = "the parameter '%s' is affected by a time " % kb.injParameter
|
||||||
@@ -84,6 +85,6 @@ def timeTest():
|
|||||||
def timeUse(query):
|
def timeUse(query):
|
||||||
start = time.time()
|
start = time.time()
|
||||||
_, _ = inject.goStacked(query)
|
_, _ = inject.goStacked(query)
|
||||||
duration = int(time.time() - start)
|
duration = calculateDeltaSeconds(start)
|
||||||
|
|
||||||
return duration
|
return duration
|
||||||
|
|||||||
@@ -26,6 +26,7 @@ import re
|
|||||||
import time
|
import time
|
||||||
|
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
|
from lib.core.common import calculateDeltaSeconds
|
||||||
from lib.core.common import parseUnionPage
|
from lib.core.common import parseUnionPage
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
@@ -228,7 +229,7 @@ def unionUse(expression, direct=False, unescape=True, resetCounter=False, nullCh
|
|||||||
endPosition = resultPage.rindex(temp.stop) + len(temp.stop)
|
endPosition = resultPage.rindex(temp.stop) + len(temp.stop)
|
||||||
value = str(resultPage[startPosition:endPosition])
|
value = str(resultPage[startPosition:endPosition])
|
||||||
|
|
||||||
duration = int(time.time() - start)
|
duration = calculateDeltaSeconds(start)
|
||||||
|
|
||||||
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
|
debugMsg = "performed %d queries in %d seconds" % (reqCount, duration)
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|||||||
@@ -24,6 +24,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|||||||
|
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
from lib.core.common import calculateDeltaSeconds
|
||||||
from lib.core.common import getDelayQuery
|
from lib.core.common import getDelayQuery
|
||||||
from lib.core.data import conf
|
from lib.core.data import conf
|
||||||
from lib.core.data import kb
|
from lib.core.data import kb
|
||||||
@@ -45,7 +46,7 @@ def stackedTest():
|
|||||||
query = getDelayQuery()
|
query = getDelayQuery()
|
||||||
start = time.time()
|
start = time.time()
|
||||||
payload, _ = inject.goStacked(query)
|
payload, _ = inject.goStacked(query)
|
||||||
duration = int(time.time() - start)
|
duration = calculateDeltaSeconds(start)
|
||||||
|
|
||||||
if duration >= conf.timeSec:
|
if duration >= conf.timeSec:
|
||||||
infoMsg = "the web application supports stacked queries "
|
infoMsg = "the web application supports stacked queries "
|
||||||
|
|||||||
@@ -25,6 +25,7 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
|||||||
import re
|
import re
|
||||||
import time
|
import time
|
||||||
|
|
||||||
|
from lib.core.common import calculateDeltaSeconds
|
||||||
from lib.core.common import dataToSessionFile
|
from lib.core.common import dataToSessionFile
|
||||||
from lib.core.common import safeStringFormat
|
from lib.core.common import safeStringFormat
|
||||||
from lib.core.common import randomStr
|
from lib.core.common import randomStr
|
||||||
@@ -89,7 +90,7 @@ def queryOutputLength(expression, payload):
|
|||||||
lengthExprUnescaped = unescaper.unescape(lengthExpr)
|
lengthExprUnescaped = unescaper.unescape(lengthExpr)
|
||||||
count, length = bisection(payload, lengthExprUnescaped, charsetType=2)
|
count, length = bisection(payload, lengthExprUnescaped, charsetType=2)
|
||||||
|
|
||||||
debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start))
|
debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
if length == " ":
|
if length == " ":
|
||||||
@@ -186,7 +187,7 @@ def resume(expression, payload):
|
|||||||
start = time.time()
|
start = time.time()
|
||||||
count, finalValue = bisection(payload, newExpr, length=missingCharsLength)
|
count, finalValue = bisection(payload, newExpr, length=missingCharsLength)
|
||||||
|
|
||||||
debugMsg = "performed %d queries in %d seconds" % (count, int(time.time() - start))
|
debugMsg = "performed %d queries in %d seconds" % (count, calculateDeltaSeconds(start))
|
||||||
logger.debug(debugMsg)
|
logger.debug(debugMsg)
|
||||||
|
|
||||||
if len(finalValue) != ( int(length) - len(resumedValue) ):
|
if len(finalValue) != ( int(length) - len(resumedValue) ):
|
||||||
|
|||||||
Reference in New Issue
Block a user