MCPcopy Index your code
hub / github.com/sqlmapproject/sqlmap / checkStability

Function checkStability

lib/controller/checks.py:1243–1334  ·  view source on GitHub ↗

This function checks if the URL content is stable requesting the same page two times with a small delay within each request to assume that it is stable. In case the content of the page differs when requesting the same page, the dynamicity might depend on other parameters, l

()

Source from the content-addressed store, hash-verified

1241 findDynamicContent(firstPage, secondPage)
1242
1243def checkStability():
1244 """
1245 This function checks if the URL content is stable requesting the
1246 same page two times with a small delay within each request to
1247 assume that it is stable.
1248
1249 In case the content of the page differs when requesting
1250 the same page, the dynamicity might depend on other parameters,
1251 like for instance string matching (--string).
1252 """
1253
1254 infoMsg = "testing if the target URL content is stable"
1255 logger.info(infoMsg)
1256
1257 firstPage = kb.originalPage # set inside checkConnection()
1258
1259 delay = MAX_STABILITY_DELAY - (time.time() - (kb.originalPageTime or 0))
1260 delay = max(0, min(MAX_STABILITY_DELAY, delay))
1261 time.sleep(delay)
1262
1263 secondPage, _, _ = Request.queryPage(content=True, noteResponseTime=False, raise404=False)
1264
1265 if kb.choices.redirect:
1266 return None
1267
1268 kb.pageStable = (firstPage == secondPage)
1269
1270 if kb.pageStable:
1271 if firstPage:
1272 infoMsg = "target URL content is stable"
1273 logger.info(infoMsg)
1274 else:
1275 errMsg = "there was an error checking the stability of page "
1276 errMsg += "because of lack of content. Please check the "
1277 errMsg += "page request results (and probable errors) by "
1278 errMsg += "using higher verbosity levels"
1279 logger.error(errMsg)
1280
1281 else:
1282 warnMsg = "target URL content is not stable (i.e. content differs). sqlmap will base the page "
1283 warnMsg += "comparison on a sequence matcher. If no dynamic nor "
1284 warnMsg += "injectable parameters are detected, or in case of "
1285 warnMsg += "junk results, refer to user's manual paragraph "
1286 warnMsg += "'Page comparison'"
1287 logger.warning(warnMsg)
1288
1289 message = "how do you want to proceed? [(C)ontinue/(s)tring/(r)egex/(q)uit] "
1290 choice = readInput(message, default='C').upper()
1291
1292 if choice == 'Q':
1293 raise SqlmapUserQuitException
1294
1295 elif choice == 'S':
1296 showStaticWords(firstPage, secondPage)
1297
1298 message = "please enter value for parameter 'string': "
1299 string = readInput(message)
1300

Callers 1

startFunction · 0.90

Calls 8

readInputFunction · 0.90
showStaticWordsFunction · 0.90
checkDynamicContentFunction · 0.85
infoMethod · 0.80
queryPageMethod · 0.80
debugMethod · 0.80
errorMethod · 0.45

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…