two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)

2026-06-26 03:20:57 +00:00 · 2010-12-07 23:32:33 +00:00 · 2010-12-07 23:32:33 +00:00 · 293ce18fed
commit 293ce18fed
parent b21eb88905
3 changed files with 7 additions and 8 deletions
--- a/lib/controller/checks.py
+++ b/lib/controller/checks.py
@ -350,16 +350,13 @@ def checkSqlInjection(place, parameter, value):
                        # time based checks can take awhile
                        socket.setdefaulttimeout(120)

-                        # Perform the test's request and check how long
-                        # it takes to get the response back
-                        start = time.time()
+                        # Perform the test's request
                        _ = Request.queryPage(reqPayload, place, noteResponseTime = False)
-                        duration = calculateDeltaSeconds(start)

                        # 99.9999999997440% of all non time-based sql injection 
-                        # affected durations should be inside 7*stdev(durations)
+                        # affected durations should be inside +-7*stdev(durations)
                        # (Reference: http://www.answers.com/topic/standard-deviation)
-                        trueResult = (duration >= 7 * stdev(kb.responseTimes))
+                        trueResult = (kb.lastQueryDuration >= average(kb.responseTimes) + 7 * stdev(kb.responseTimes))

                        if trueResult:
                            infoMsg = "%s parameter '%s' is '%s' injectable " % (place, parameter, title)