Module: Msf::Exploit::SQLi::TimeBasedBlindMixin
- Included in:
- Mssqli::TimeBasedBlind, MySQLi::TimeBasedBlind, PostgreSQLi::TimeBasedBlind, SQLitei::TimeBasedBlind
- Defined in:
- lib/msf/core/exploit/sqli/time_based_blind_mixin.rb
Overview
This module provides methods that are used for time-based SQL injections, and are common across dbms-specific implementations.
Instance Method Summary collapse
-
#blind_request(query) ⇒ Boolean
Performs one request, and does timing measurement, should leak one bit of information.
-
#run_sql(query, output_charset: nil) ⇒ String
Runs an SQL query, and returns its results (time-based blind technique).
Instance Method Details
#blind_request(query) ⇒ Boolean
Performs one request, and does timing measurement, should leak one bit of information
39 40 41 42 43 44 |
# File 'lib/msf/core/exploit/sqli/time_based_blind_mixin.rb', line 39 def blind_request(query) time = Time.now @query_proc.call(query) diff = Time.now - time diff >= datastore['SqliDelay'] end |
#run_sql(query, output_charset: nil) ⇒ String
Runs an SQL query, and returns its results (time-based blind technique)
15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/msf/core/exploit/sqli/time_based_blind_mixin.rb', line 15 def run_sql(query, output_charset: nil) if output_charset.is_a?(Range) && output_charset.count > 0 known_bits, bits_to_guess = Msf::Exploit::SQLi::Utils::Common.get_bitmask(output_charset) else known_bits = 0 bits_to_guess = 8 end vprint_status "{SQLi} Executing (#{query})" if @hex_encode_strings query = hex_encode_strings(query) vprint_status "{SQLi} Encoded to (#{query})" end # first, get the length of the output output_length = blind_detect_length(query, true) vprint_status "{SQLi} Time-based injection: expecting output of length #{output_length}" # now, get the output, of the given length blind_dump_data(query, output_length, known_bits, bits_to_guess, true) end |