Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.

2025-12-28 10:29:04 +00:00 · 2010-12-08 23:52:31 +00:00
parent 10ef2b5de8
commit f5ce739bdf
3 changed files with 88 additions and 36 deletions
--- a/lib/request/inject.py
+++ b/lib/request/inject.py
@@ -413,8 +413,11 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
                value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
                found = value or (value is None and expectingNone)

-            if time and kb.timeTest and not found:
-                kb.technique = PAYLOAD.TECHNIQUE.TIME
+            if time and (kb.timeTest or kb.stackedTest) and not found:
+                if kb.timeTest:
+                    kb.technique = PAYLOAD.TECHNIQUE.TIME
+                elif kb.stackedTest:
+                    kb.technique = PAYLOAD.TECHNIQUE.STACKED

                while len(kb.responseTimes) < MIN_TIME_RESPONSES:
                    _ = Request.queryPage(content=True)
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -45,7 +45,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
    partialValue = ""
    finalValue = ""
    asciiTbl = getCharset(charsetType)
-    timeBasedCompare = (kb.technique == PAYLOAD.TECHNIQUE.TIME)
+    timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))

    # Set kb.partRun in case "common prediction" feature (a.k.a. "good
    # samaritan") is used