Class: Msf::Exploit::SQLi::SQLitei::TimeBasedBlind

Inherits:

Common

• Object
• Common
• Common
• Msf::Exploit::SQLi::SQLitei::TimeBasedBlind

Includes:

TimeBasedBlindMixin

Defined in:

lib/msf/core/exploit/sqli/sqlitei/time_based_blind.rb

Overview

Time-Based Blind SQL injection support for SQLite

Constant Summary

HEAVYQUERY_DETECTION_SAMPLE =

number of times to check if the block takes a delay to respond

10

Constants inherited from Common

Common::ENCODERS

Instance Attribute Summary

Attributes inherited from Common

#concat_separator, #datastore, #framework, #null_replacement, #safe, #second_concat_separator, #truncation_length

Attributes included from Rex::Ui::Subscriber::Input

#user_input

Attributes included from Rex::Ui::Subscriber::Output

#user_output

Instance Method Summary

• #initialize(datastore, framework, user_output, opts = {}, &query_proc) ⇒ SQLi::SQLitei::TimeBasedBlind constructor

  Creates an object that will be used for running time-based blind SQL injections targeting SQLite refer to SQLi::Common#initialize for a description of the options.

• #test_vulnerable ⇒ Object

  This method checks if the target is vulnerable to Blind time-based injection by checking if the target sleeps only when a given condition is true.

Methods included from TimeBasedBlindMixin

#blind_request, #run_sql

Methods inherited from Common

#dump_table_fields, #enum_table_columns, #enum_table_names, #version, #write_to_file

Methods inherited from Common

#raw_run_sql, #run_sql

Methods included from Module::UI

#init_ui

Methods included from Module::UI::Message

#print_error, #print_good, #print_prefix, #print_status, #print_warning

Methods included from Module::UI::Message::Verbose

#vprint_error, #vprint_good, #vprint_status, #vprint_warning

Methods included from Module::UI::Line

#print_line, #print_line_prefix

Methods included from Module::UI::Line::Verbose

#vprint_line

Methods included from Rex::Ui::Subscriber

#copy_ui, #init_ui, #reset_ui

Methods included from Rex::Ui::Subscriber::Input

#gets

Methods included from Rex::Ui::Subscriber::Output

#flush, #print, #print_blank_line, #print_error, #print_good, #print_line, #print_status, #print_warning

Constructor Details

#initialize(datastore, framework, user_output, opts = {}, &query_proc) ⇒ SQLi::SQLitei::TimeBasedBlind

Creates an object that will be used for running time-based blind SQL injections targeting SQLite refer to SQLi::Common#initialize for a description of the options

# File 'lib/msf/core/exploit/sqli/sqlitei/time_based_blind.rb', line 15

def initialize(datastore, framework, user_output, opts = {}, &query_proc)
  super
  if opts[:heavyquery_parameter]
    @heavyquery_parameter = opts[:heavyquery_parameter]
  else
    detect_heavyquery_parameter
  end
  vprint_status "randomblob parameter: #{@heavyquery_parameter}"
end

Instance Method Details

#test_vulnerable ⇒ Object

This method checks if the target is vulnerable to Blind time-based injection by checking if the target sleeps only when a given condition is true.

@return [Boolean] whether the target is detected as vulnerable or not

# File 'lib/msf/core/exploit/sqli/sqlitei/time_based_blind.rb', line 30

def test_vulnerable
  # run_sql and check if output is what's expected, or just check for delays?
  out_true = blind_request("1=1 and randomblob(#{@heavyquery_parameter})")
  out_false = blind_request("1=2 and randomblob(#{@heavyquery_parameter})")
  out_true && !out_false
end