code refactoring

stamparm · stamparm · commit 01cf1394a40e · 2010-12-08T14:26:40.000Z
diff --git a/lib/core/common.py b/lib/core/common.py
@@ -1532,7 +1532,17 @@ def wasLastRequestDBMSError():
     Returns True if the last web request resulted in a (recognized) DBMS error page
     """
 
-    return kb.lastErrorPage and kb.lastErrorPage[0]==kb.lastRequestUID
+    return kb.lastErrorPage and kb.lastErrorPage[0] == kb.lastRequestUID
+
+def wasLastRequestDelayed():
+    """
+    Returns True if the last web request resulted in a time-delay
+    """
+
+    # 99.9999999997440% of all non time-based sql injection
+    # affected durations should be inside +-7*stdev(durations)
+    # (Math reference: http://www.answers.com/topic/standard-deviation)
+    return (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * stdev(kb.responseTimes))
 
 def extractErrorMessage(page):
     """
diff --git a/lib/request/connect.py b/lib/request/connect.py
@@ -25,6 +25,7 @@
 from lib.core.common import logHTTPTraffic
 from lib.core.common import readInput
 from lib.core.common import stdev
+from lib.core.common import wasLastRequestDelayed
 from lib.core.convert import urlencode
 from lib.core.common import urlEncodeCookieValues
 from lib.core.data import conf
@@ -420,10 +421,7 @@ def queryPage(value=None, place=None, content=False, getSeqMatcher=False, silent
                 conf.cj.clear()
 
         if timeBasedCompare:
-            # 99.9999999997440% of all non time-based sql injection
-            # affected durations should be inside +-7*stdev(durations)
-            # (Reference: http://www.answers.com/topic/standard-deviation)
-            return (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * stdev(kb.responseTimes))
+            return wasLastRequestDelayed()
         else:
             kb.responseTimes.append(kb.lastQueryDuration)
 
diff --git a/lib/takeover/xp_cmdshell.py b/lib/takeover/xp_cmdshell.py
@@ -9,13 +9,13 @@
 
 from lib.core.common import randomStr
 from lib.core.common import readInput
+from lib.core.common import wasLastRequestDelayed
 from lib.core.data import conf
 from lib.core.data import kb
 from lib.core.data import logger
 from lib.core.exception import sqlmapUnsupportedFeatureException
 from lib.core.unescaper import unescaper
 from lib.request import inject
-from lib.techniques.blind.timebased import timeUse
 
 class xp_cmdshell:
     """
@@ -88,13 +88,11 @@ def __xpCmdshellConfigure(self, mode):
         inject.goStacked(cmd)
 
     def __xpCmdshellCheck(self):
-        query = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec * 2))
-        duration = timeUse(query)
+        cmd = self.xpCmdshellForgeCmd("ping -n %d 127.0.0.1" % (conf.timeSec * 2))
 
-        if duration >= conf.timeSec:
-            return True
-        else:
-            return False
+        inject.goStacked(cmd)
+
+        return wasLastRequestDelayed()
 
     def xpCmdshellForgeCmd(self, cmd):
         self.__randStr = randomStr(lowercase=True)
diff --git a/lib/techniques/blind/timebased.py b/lib/techniques/blind/timebased.py
