Properly moved and improved inject.goStacked() function and newly

implemented Time based blind SQL injection now is a single test file within the lib/techniques/ folder. Renamed lib/techniques/inference to lib/techniques/blind, it is more approriate and adapted the rest of the libraries. Updated ChangeLog file.
2025-12-06 04:31:30 +00:00 · 2008-11-12 23:44:09 +00:00
parent 9329f8c9c4
commit ecc4a98071
10 changed files with 63 additions and 31 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -38,10 +38,10 @@ from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.data import queries
 from lib.core.data import temp
-from lib.core.settings import TIME_SECONDS
+from lib.core.settings import TIME_DELAY
 from lib.request.connect import Connect as Request
 from lib.techniques.inband.union.use import unionUse
-from lib.techniques.inference.blind import bisection
+from lib.techniques.blind.inference import bisection
 from lib.utils.resume import queryOutputLength
 from lib.utils.resume import resume

@@ -388,8 +388,9 @@ def goStacked(expression, timeTest=False):
    TODO: write description
    """

+    comment        = queries[kb.dbms].comment
    query          = agent.prefixQuery("; %s" % expression)
-    query          = agent.postfixQuery(query)
+    query          = agent.postfixQuery("%s; %s" % (query, comment))
    payload        = agent.payload(newValue=query)

    start    = time.time()
@@ -397,6 +398,6 @@ def goStacked(expression, timeTest=False):
    duration = int(time.time() - start)

    if timeTest:
-        return (duration >= TIME_SECONDS, payload)
+        return (duration >= TIME_DELAY, payload)
    else:
-        return duration >= TIME_SECONDS
+        return duration >= TIME_DELAY