diff --git a/lib/core/common.py b/lib/core/common.py index fa2786f27..669c791fc 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -2598,18 +2598,17 @@ def adjustTimeDelay(lastQueryDuration, lowerStdLimit): Provides tip for adjusting time delay in time-based data retrieval """ - candidate = 1 + int(round(lowerStdLimit)) + candidate = (1 if not isHeavyQueryBased() else 2) + int(round(lowerStdLimit)) - if candidate: - kb.delayCandidates = [candidate] + kb.delayCandidates[:-1] + kb.delayCandidates = [candidate] + kb.delayCandidates[:-1] - if all((_ == candidate for _ in kb.delayCandidates)) and candidate < conf.timeSec: - if lastQueryDuration / (1.0 * conf.timeSec / candidate) > MIN_VALID_DELAYED_RESPONSE: # Note: to prevent problems with fast responses for heavy-queries like RANDOMBLOB - conf.timeSec = candidate + if all((_ == candidate for _ in kb.delayCandidates)) and candidate < conf.timeSec: + if lastQueryDuration / (1.0 * conf.timeSec / candidate) > MIN_VALID_DELAYED_RESPONSE: # Note: to prevent problems with fast responses for heavy-queries like RANDOMBLOB + conf.timeSec = candidate - infoMsg = "adjusting time delay to " - infoMsg += "%d second%s due to good response times" % (conf.timeSec, 's' if conf.timeSec > 1 else '') - logger.info(infoMsg) + infoMsg = "adjusting time delay to " + infoMsg += "%d second%s due to good response times" % (conf.timeSec, 's' if conf.timeSec > 1 else '') + logger.info(infoMsg) def getLastRequestHTTPError(): """ @@ -3162,6 +3161,27 @@ def isTechniqueAvailable(technique): else: return getTechniqueData(technique) is not None +def isHeavyQueryBased(): + """ + Returns True whether time-based or stacked payloads are based on heavy queries + + >>> pushValue(kb.injection.data) + >>> kb.injection.data[PAYLOAD.TECHNIQUE.STACKED] = [test for test in getSortedInjectionTests() if "heavy" in test["title"].lower()][0] + >>> isHeavyQueryBased() + True + >>> kb.injection.data = popValue() + """ + + retVal = False + + for technique in getPublicTypeMembers(PAYLOAD.TECHNIQUE, True): + data = getTechniqueData(technique) + if data and "heavy query" in data["title"].lower(): + retVal = True + break + + return retVal + def isStackingAvailable(): """ Returns True whether techniques using stacking are available diff --git a/lib/core/settings.py b/lib/core/settings.py index b6e34a540..396443e9e 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty import six # sqlmap version (...) -VERSION = "1.3.5.75" +VERSION = "1.3.5.76" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)