Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.

2025-12-06 12:41:30 +00:00 · 2010-12-08 23:52:31 +00:00
parent 10ef2b5de8
commit f5ce739bdf
3 changed files with 88 additions and 36 deletions
--- a/lib/techniques/blind/inference.py
+++ b/lib/techniques/blind/inference.py
@@ -45,7 +45,7 @@ def bisection(payload, expression, length=None, charsetType=None, firstChar=None
    partialValue = ""
    finalValue = ""
    asciiTbl = getCharset(charsetType)
-    timeBasedCompare = (kb.technique == PAYLOAD.TECHNIQUE.TIME)
+    timeBasedCompare = (kb.technique in (PAYLOAD.TECHNIQUE.TIME, PAYLOAD.TECHNIQUE.STACKED))

    # Set kb.partRun in case "common prediction" feature (a.k.a. "good
    # samaritan") is used