Miroslav Stampar
466d61ee85
minor fix
2010-12-21 14:29:47 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
f8a01ddaf8
minor update
2010-12-15 11:21:47 +00:00
Bernardo Damele
db844c1785
No point in showing the error-based inject payload, it's same as the one showed in -v3
2010-12-13 21:35:20 +00:00
Miroslav Stampar
ac9080c07b
update
2010-12-11 08:24:29 +00:00
Miroslav Stampar
2735848ab6
removed ERROR_SPACE
2010-12-06 22:40:07 +00:00
Miroslav Stampar
e8be14e00a
minor refactoring
2010-12-06 07:48:14 +00:00
Bernardo Damele
11058667e4
Better naming
2010-12-03 14:45:13 +00:00
Bernardo Damele
a9d4b37987
Code cleanup and minor refactoring
2010-12-03 10:51:27 +00:00
Bernardo Damele
283a04e29a
On my way to properly parse test's <where> tag in exploitation phase
2010-12-01 23:32:58 +00:00
Bernardo Damele
47f2d22181
Minor bug fix
2010-12-01 17:18:31 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
2708aad504
Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.
2010-12-01 10:31:50 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Bernardo Damele
45ec8c169a
Consistency between --*-test switches/output
2010-11-08 16:46:25 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Bernardo Damele
486a113560
Consolidate logger messages for --*-test switches
2010-10-31 16:58:38 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Miroslav Stampar
4d70f2c210
reverting back to 100
2010-10-26 15:42:54 +00:00
Miroslav Stampar
8211e6a2bd
possible
2010-10-26 11:29:09 +00:00
Bernardo Damele
9b127e58d2
Adjusted for MySQL weirdness
2010-10-26 09:33:18 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
aa931efd4d
several MySQL fixes/enhancements pointed out by Anton Mogilin
2010-10-24 22:05:14 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Bernardo Damele
c60edf7c17
Minor cosmetics
2010-10-20 22:43:02 +00:00
Bernardo Damele
430bb7478f
Minor bug fix
2010-10-20 21:15:06 +00:00
Miroslav Stampar
34f70657ee
fix for NULL values
2010-10-20 10:29:18 +00:00
Miroslav Stampar
00449f1402
fix/upgrade/chicken soup
2010-10-20 09:54:17 +00:00
Miroslav Stampar
e24bff0497
nice refactoring
2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457
no more regex. web server independent.
2010-10-20 09:35:46 +00:00
Miroslav Stampar
934adb5e8d
code refactoring
2010-10-20 09:09:04 +00:00