PenTest/sqlmap
1
0
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-12-07 05:01:30 +00:00
Code Issues Projects Releases Wiki Activity

Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.

Browse Source
This commit is contained in:
Bernardo Damele
2010-12-08 23:52:31 +00:00
parent 10ef2b5de8
commit f5ce739bdf
3 changed files with 88 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/request/inject.py
View File

@@ -413,8 +413,11 @@ def getValue(expression, blind=True, inband=True, error=True, time=True, fromUse
value = __goInferenceProxy(expression, fromUser, expected, batch, resumeValue, unpack, charsetType, firstChar, lastChar)
found = value or (value is None and expectingNone)
if time and kb.timeTest and not found:
kb.technique = PAYLOAD.TECHNIQUE.TIME
if time and (kb.timeTest or kb.stackedTest) and not found:
if kb.timeTest:
kb.technique = PAYLOAD.TECHNIQUE.TIME
elif kb.stackedTest:
kb.technique = PAYLOAD.TECHNIQUE.STACKED
while len(kb.responseTimes) < MIN_TIME_RESPONSES:
_ = Request.queryPage(content=True)