Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 31f88a8

Browse files
stamparmstamparm
committed
Trying something out
1 parent 4b7f272 commit 31f88a8

2 files changed

Lines changed: 30 additions & 10 deletions

File tree

lib/core/common.py

Lines changed: 29 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2598,18 +2598,17 @@ def adjustTimeDelay(lastQueryDuration, lowerStdLimit):
25982598
Provides tip for adjusting time delay in time-based data retrieval
25992599
"""
26002600

2601-
candidate = 1 + int(round(lowerStdLimit))
2601+
candidate = (1 if not isHeavyQueryBased() else 2) + int(round(lowerStdLimit))
26022602

2603-
if candidate:
2604-
kb.delayCandidates = [candidate] + kb.delayCandidates[:-1]
2603+
kb.delayCandidates = [candidate] + kb.delayCandidates[:-1]
26052604

2606-
if all((_ == candidate for _ in kb.delayCandidates)) and candidate < conf.timeSec:
2607-
if lastQueryDuration / (1.0 * conf.timeSec / candidate) > MIN_VALID_DELAYED_RESPONSE: # Note: to prevent problems with fast responses for heavy-queries like RANDOMBLOB
2608-
conf.timeSec = candidate
2605+
if all((_ == candidate for _ in kb.delayCandidates)) and candidate < conf.timeSec:
2606+
if lastQueryDuration / (1.0 * conf.timeSec / candidate) > MIN_VALID_DELAYED_RESPONSE: # Note: to prevent problems with fast responses for heavy-queries like RANDOMBLOB
2607+
conf.timeSec = candidate
26092608

2610-
infoMsg = "adjusting time delay to "
2611-
infoMsg += "%d second%s due to good response times" % (conf.timeSec, 's' if conf.timeSec > 1 else '')
2612-
logger.info(infoMsg)
2609+
infoMsg = "adjusting time delay to "
2610+
infoMsg += "%d second%s due to good response times" % (conf.timeSec, 's' if conf.timeSec > 1 else '')
2611+
logger.info(infoMsg)
26132612

26142613
def getLastRequestHTTPError():
26152614
"""
@@ -3162,6 +3161,27 @@ def isTechniqueAvailable(technique):
31623161
else:
31633162
return getTechniqueData(technique) is not None
31643163

3164+
def isHeavyQueryBased():
3165+
"""
3166+
Returns True whether time-based or stacked payloads are based on heavy queries
3167+
3168+
>>> pushValue(kb.injection.data)
3169+
>>> kb.injection.data[PAYLOAD.TECHNIQUE.STACKED] = [test for test in getSortedInjectionTests() if "heavy" in test["title"].lower()][0]
3170+
>>> isHeavyQueryBased()
3171+
True
3172+
>>> kb.injection.data = popValue()
3173+
"""
3174+
3175+
retVal = False
3176+
3177+
for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True):
3178+
data = getTechniqueData(technique)
3179+
if data and "heavy query" in data["title"].lower():
3180+
retVal = True
3181+
break
3182+
3183+
return retVal
3184+
31653185
def isStackingAvailable():
31663186
"""
31673187
Returns True whether techniques using stacking are available

lib/core/settings.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@
1818
from thirdparty import six
1919

2020
# sqlmap version (<major>.<minor>.<month>.<monthly commit>)
21-
VERSION = "1.3.5.75"
21+
VERSION = "1.3.5.76"
2222
TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
2323
TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
2424
VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)

0 commit comments

Comments
 (0)