Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 7cc5743

Browse files
stamparmstamparm
committed
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
1 parent 600ef3e commit 7cc5743

4 files changed

Lines changed: 35 additions & 20 deletions

File tree

doc/THANKS

Lines changed: 14 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -586,6 +586,13 @@ fufuh <[email protected]>
586586
james <[email protected]>
587587
for reporting a bug
588588

589+
Joe "Pragmatk" <[email protected]>
590+
for reporting a few bugs
591+
592+
John Smith <[email protected]>
593+
for reporting several bugs
594+
for suggesting some features
595+
589596
m4l1c3 <[email protected]>
590597
for reporting considerable amount of bugs
591598

@@ -598,26 +605,22 @@ mitchell <[email protected]>
598605
nightman <[email protected]>
599606
for reporting considerable amount of bugs
600607

608+
Oso Dog [email protected]
609+
for reporting a minor bug
610+
601611
pacman730 <[email protected]>
602612
for reporting a bug
603613

614+
pentestmonkey <[email protected]>
615+
for reporting several bugs
616+
for suggesting a few minor enhancements
617+
604618
Phat R. <[email protected]>
605619
for reporting a few bugs
606620

607621
Phil P <@superevr>
608622
for suggesting a minor enhancement
609623

610-
Joe "Pragmatk" <[email protected]>
611-
for reporting a few bugs
612-
613-
John Smith <[email protected]>
614-
for reporting several bugs
615-
for suggesting some features
616-
617-
pentestmonkey <[email protected]>
618-
for reporting several bugs
619-
for suggesting a few minor enhancements
620-
621624
ragos <[email protected]>
622625
for reporting a minor bug
623626

lib/core/option.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1432,6 +1432,7 @@ def __setKnowledgeBaseAttributes(flushAll=True):
14321432
kb.pageTemplates = dict()
14331433
kb.orderByColumns = None
14341434
kb.originalPage = None
1435+
kb.originalTimeDelay = None
14351436

14361437
# Back-end DBMS underlying operating system fingerprint via banner (-b)
14371438
# parsing

lib/core/settings.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -391,3 +391,6 @@
391391

392392
# Step used in ORDER BY technique used for finding the right number of columns in UNION query injections
393393
ORDER_BY_STEP = 10
394+
395+
# Maximum number of times for revalidation of a character in time-based injections
396+
MAX_TIME_REVALIDATION_STEPS = 5

lib/techniques/blind/inference.py

Lines changed: 17 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,7 @@
4444
from lib.core.settings import INFERENCE_GREATER_CHAR
4545
from lib.core.settings import INFERENCE_EQUALS_CHAR
4646
from lib.core.settings import INFERENCE_NOT_EQUALS_CHAR
47+
from lib.core.settings import MAX_TIME_REVALIDATION_STEPS
4748
from lib.core.settings import PYVERSION
4849
from lib.core.threads import getCurrentThreadData
4950
from lib.core.threads import runThreads
@@ -259,16 +260,23 @@ def getChar(idx, charTbl=asciiTbl, continuousOrder=True, expand=charsetType is N
259260
errMsg = "invalid character detected. retrying.."
260261
logger.error(errMsg)
261262

263+
if not kb.originalTimeDelay:
264+
kb.originalTimeDelay = conf.timeSec
265+
262266
conf.timeSec += 1
263-
warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
264-
warnMsg += "(due to invalid char)"
265-
logger.warn(warnMsg)
266-
267-
if kb.adjustTimeDelay:
268-
dbgMsg = "turning off auto-adjustment mechanism"
269-
logger.debug(dbgMsg)
270-
kb.adjustTimeDelay = False
271-
return getChar(idx, originalTbl, continuousOrder, expand)
267+
if (conf.timeSec - kb.originalTimeDelay) <= MAX_TIME_REVALIDATION_STEPS:
268+
warnMsg = "increasing time delay to %d second%s " % (conf.timeSec, 's' if conf.timeSec > 1 else '')
269+
warnMsg += "(due to invalid char)"
270+
logger.warn(warnMsg)
271+
272+
if kb.adjustTimeDelay:
273+
dbgMsg = "turning off auto-adjustment mechanism"
274+
logger.debug(dbgMsg)
275+
kb.adjustTimeDelay = False
276+
return getChar(idx, originalTbl, continuousOrder, expand)
277+
else:
278+
conf.timeSec = kb.originalTimeDelay
279+
return None
272280
else:
273281
return decodeIntToUnicode(retVal)
274282
else:

0 commit comments

Comments
 (0)