def stackedTest(): if conf.direct: return if kb.stackedTest is not None: return kb.stackedTest infoMsg = "testing stacked queries sql injection on parameter " infoMsg += "'%s'" % kb.injParameter logger.info(infoMsg) query = getDelayQuery() start = time.time() payload, _ = inject.goStacked(query) duration = calculateDeltaSeconds(start) if duration >= conf.timeSec: infoMsg = "the target url is affected by a stacked queries " infoMsg += "sql injection on parameter '%s'" % kb.injParameter logger.info(infoMsg) kb.stackedTest = agent.removePayloadDelimiters(payload, False) else: warnMsg = "the target url is not affected by a stacked queries " warnMsg += "sql injection on parameter '%s'" % kb.injParameter logger.warn(warnMsg) kb.stackedTest = False setStacked() return kb.stackedTest
def stackedTest(): if kb.stackedTest is not None: return kb.stackedTest infoMsg = "testing stacked queries support on parameter " infoMsg += "'%s'" % kb.injParameter logger.info(infoMsg) query = getDelayQuery() start = time.time() payload, _ = inject.goStacked(query) duration = int(time.time() - start) if duration >= conf.timeSec: infoMsg = "the web application supports stacked queries " infoMsg += "on parameter '%s'" % kb.injParameter logger.info(infoMsg) kb.stackedTest = payload else: warnMsg = "the web application does not support stacked queries " warnMsg += "on parameter '%s'" % kb.injParameter logger.warn(warnMsg) kb.stackedTest = False setStacked() return kb.stackedTest