Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Bernardo Damele
|
ea1b0d31be
|
Avoid displaying single retrieved character when --verbose > 2
|
2010-11-07 22:42:56 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Miroslav Stampar
|
d3e7e89e60
|
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
|
2010-11-07 21:18:09 +00:00 |
|
Miroslav Stampar
|
3f0a443b83
|
some updates
|
2010-11-04 23:08:59 +00:00 |
|
Miroslav Stampar
|
63af5444fd
|
fix (NameError: global name 'DBMS' is not defined)
|
2010-11-04 12:47:34 +00:00 |
|
Miroslav Stampar
|
cd0d4135ac
|
implemented --banner for MaxDB and some minor fixes
|
2010-11-02 20:51:55 +00:00 |
|
Miroslav Stampar
|
685a8e7d2c
|
refactoring of hard coded dbms names
|
2010-11-02 11:59:24 +00:00 |
|
Miroslav Stampar
|
5269cb8c08
|
some code refactoring and beautification
|
2010-11-02 09:06:38 +00:00 |
|
Miroslav Stampar
|
13e93f564a
|
one bug fix in dynamic content engine and some code refactoring
|
2010-11-02 07:32:08 +00:00 |
|
Miroslav Stampar
|
73b33ed765
|
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
|
2010-11-01 20:56:13 +00:00 |
|
Bernardo Damele
|
486a113560
|
Consolidate logger messages for --*-test switches
|
2010-10-31 16:58:38 +00:00 |
|
Miroslav Stampar
|
5a38ac7ea9
|
important update regarding (Bug #209) - probably more will be needed
|
2010-10-29 16:11:50 +00:00 |
|
Miroslav Stampar
|
4d70f2c210
|
reverting back to 100
|
2010-10-26 15:42:54 +00:00 |
|
Miroslav Stampar
|
8211e6a2bd
|
possible
|
2010-10-26 11:29:09 +00:00 |
|
Bernardo Damele
|
9b127e58d2
|
Adjusted for MySQL weirdness
|
2010-10-26 09:33:18 +00:00 |
|
Bernardo Damele
|
f5904d0bc0
|
Major bug fix to --union-test
|
2010-10-25 23:39:55 +00:00 |
|
Bernardo Damele
|
215175e3b7
|
Minor code adjustments
|
2010-10-25 14:11:47 +00:00 |
|
Miroslav Stampar
|
db260c44d3
|
minor update
|
2010-10-24 22:25:05 +00:00 |
|
Miroslav Stampar
|
aa931efd4d
|
several MySQL fixes/enhancements pointed out by Anton Mogilin
|
2010-10-24 22:05:14 +00:00 |
|
Miroslav Stampar
|
98f5586b87
|
minor update
|
2010-10-23 08:05:24 +00:00 |
|
Miroslav Stampar
|
bc79eec702
|
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
|
2010-10-21 13:13:12 +00:00 |
|
Bernardo Damele
|
c60edf7c17
|
Minor cosmetics
|
2010-10-20 22:43:02 +00:00 |
|
Bernardo Damele
|
430bb7478f
|
Minor bug fix
|
2010-10-20 21:15:06 +00:00 |
|
Miroslav Stampar
|
34f70657ee
|
fix for NULL values
|
2010-10-20 10:29:18 +00:00 |
|
Miroslav Stampar
|
00449f1402
|
fix/upgrade/chicken soup
|
2010-10-20 09:54:17 +00:00 |
|
Miroslav Stampar
|
e24bff0497
|
nice refactoring
|
2010-10-20 09:46:57 +00:00 |
|
Miroslav Stampar
|
5d3cbec457
|
no more regex. web server independent.
|
2010-10-20 09:35:46 +00:00 |
|
Miroslav Stampar
|
934adb5e8d
|
code refactoring
|
2010-10-20 09:09:04 +00:00 |
|
Bernardo Damele
|
0817d1b78d
|
Cosmetics
|
2010-10-19 23:09:30 +00:00 |
|
Miroslav Stampar
|
1b376c99a6
|
removed temp dictionary and replaced with kb.misc
|
2010-10-19 23:00:19 +00:00 |
|
Miroslav Stampar
|
4009ef385e
|
more update regarding error based injection support
|
2010-10-19 18:17:34 +00:00 |
|
Bernardo Damele
|
64b9f94fcf
|
Renamed --common-prediction switch to --predict-output
|
2010-10-16 23:50:13 +00:00 |
|
Bernardo Damele
|
2129935e06
|
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
|
2010-10-16 21:52:16 +00:00 |
|
Miroslav Stampar
|
1336b97c2c
|
removed --useBetween switch and added new tampering module ./tamper/between.py
|
2010-10-15 23:48:07 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Bernardo Damele
|
1674142d82
|
Minor cosmetic fixes
|
2010-10-14 15:28:54 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
cbe7c902c1
|
just a development start of an error based injection support
|
2010-10-04 13:05:51 +00:00 |
|
Miroslav Stampar
|
827cd1d56b
|
minor fix
|
2010-09-13 15:22:29 +00:00 |
|
Miroslav Stampar
|
b37dca1c2c
|
minor adjustment
|
2010-07-19 09:06:19 +00:00 |
|
Miroslav Stampar
|
9edd468caf
|
multithreading save to session on abort
|
2010-07-19 08:37:45 +00:00 |
|
Bernardo Damele
|
7349f3a70f
|
Closes #197
|
2010-07-01 15:25:57 +00:00 |
|
Miroslav Stampar
|
bb9401ba52
|
minor minor fixup
|
2010-07-01 14:14:43 +00:00 |
|
Miroslav Stampar
|
9d28ae23ca
|
fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)
|
2010-07-01 14:11:45 +00:00 |
|
Bernardo Damele
|
17e228024b
|
Minor enhancements and bug fixes to "good samaritan" feature - see #4
|
2010-06-21 14:40:12 +00:00 |
|
Bernardo Damele
|
b98f6ac71c
|
Minor layout adjustment
|
2010-06-17 13:27:43 +00:00 |
|
Bernardo Damele
|
fd76f048b6
|
Added common pattern value support to bisection algorithm
|
2010-06-17 11:38:32 +00:00 |
|
Miroslav Stampar
|
35642a0450
|
some more adjustments
|
2010-06-10 15:03:08 +00:00 |
|
Miroslav Stampar
|
1b30c46348
|
fix for an bug reported by David Guimaraes
|
2010-06-10 14:52:33 +00:00 |
|
Miroslav Stampar
|
7fbeebc4d9
|
grammar fix
|
2010-06-03 08:55:13 +00:00 |
|
Miroslav Stampar
|
bf071d33d2
|
some comments added
|
2010-06-02 15:18:33 +00:00 |
|
Miroslav Stampar
|
12a5ec9f3d
|
more unicode refactoring
|
2010-06-02 12:45:40 +00:00 |
|
Miroslav Stampar
|
af2f184464
|
some comments regarding inference.py
|
2010-05-31 15:20:20 +00:00 |
|
Bernardo Damele
|
6df2d98fc9
|
Minor bug fix in common.py goGoodSamaritan().
Minor code cleanup and adjustments.
|
2010-05-31 15:05:29 +00:00 |
|
Miroslav Stampar
|
4bb5885413
|
some changes regarding --common-outputs feature
|
2010-05-31 09:41:41 +00:00 |
|
Bernardo Damele
|
b798222dd7
|
Minor fixes
|
2010-05-30 14:53:13 +00:00 |
|
Miroslav Stampar
|
a3db3c03c1
|
str() -> unicode()
|
2010-05-28 13:05:02 +00:00 |
|
Miroslav Stampar
|
655bd79fc4
|
some renaming
|
2010-05-28 10:50:54 +00:00 |
|
Miroslav Stampar
|
838762fb00
|
previous quick fix removal
|
2010-05-28 10:38:23 +00:00 |
|
Miroslav Stampar
|
7ef286a76f
|
some speed up
|
2010-05-28 10:33:09 +00:00 |
|
Miroslav Stampar
|
48c0f4f053
|
minor fix
|
2010-05-28 10:17:03 +00:00 |
|
Miroslav Stampar
|
4eccf1a25d
|
quick fix
|
2010-05-28 10:01:19 +00:00 |
|
Bernardo Damele
|
9de1671b8f
|
Code refactoring and minor bug fixes.
|
2010-05-27 16:45:09 +00:00 |
|
Miroslav Stampar
|
ce29c841cf
|
some comments added
|
2010-05-26 11:14:22 +00:00 |
|
Miroslav Stampar
|
bbdbe44e3f
|
fuck yea, first tests (MySQL/--tables & --common-prediction) are great :)
|
2010-05-26 10:41:37 +00:00 |
|
Miroslav Stampar
|
7f0db26e99
|
more code updates regarding good samaritan (common output) feature
|
2010-05-26 09:48:20 +00:00 |
|
Miroslav Stampar
|
8ed76b3024
|
minor update regarding good samaritan
|
2010-05-25 14:51:02 +00:00 |
|
Miroslav Stampar
|
065d5b02ec
|
added singleValue parameter for good samaritan (same thing Bernardo wanted :)
|
2010-05-25 13:51:03 +00:00 |
|
Miroslav Stampar
|
056d1ad76e
|
new commit regarding good samaritan feature
|
2010-05-25 13:06:23 +00:00 |
|
Miroslav Stampar
|
dc83f794ea
|
fix regarding proper string isinstance checking (including unicode)
|
2010-05-25 10:09:35 +00:00 |
|
Miroslav Stampar
|
f718425cf4
|
minor fix
|
2010-05-24 11:18:47 +00:00 |
|
Miroslav Stampar
|
e9be60e1ac
|
added support for proper unicode session(s) storage/retrieval
|
2010-05-24 11:00:49 +00:00 |
|
Miroslav Stampar
|
f34e6badfd
|
removed pdb
|
2010-05-24 09:29:16 +00:00 |
|
Miroslav Stampar
|
f0d3e6c565
|
fix
|
2010-05-24 09:28:20 +00:00 |
|
Miroslav Stampar
|
887352746b
|
some speedup (usage of xrange (virtual range) instead of range)
|
2010-05-23 22:14:57 +00:00 |
|
Miroslav Stampar
|
2c2d6d3623
|
operator fix
|
2010-05-23 21:35:42 +00:00 |
|
Miroslav Stampar
|
7dc1bf0324
|
quick (probably not final) fix for unicode inference (not yet tested)
|
2010-05-23 21:32:51 +00:00 |
|
Miroslav Stampar
|
64f2afe585
|
in a mood for more changes
|
2010-05-21 12:44:09 +00:00 |
|
Miroslav Stampar
|
219628aa01
|
quick fixes
|
2010-05-21 12:25:49 +00:00 |
|
Miroslav Stampar
|
68e13c3872
|
periodical commit
|
2010-05-21 09:35:36 +00:00 |
|
Bernardo Damele
|
72fda2a3e4
|
Minor bug fix to correctly resuming --union-test results from session file.
|
2010-05-19 14:21:59 +00:00 |
|
Miroslav Stampar
|
d96723a135
|
fix for Feature #157
|
2010-05-13 11:17:24 +00:00 |
|
Miroslav Stampar
|
ca3e12ae73
|
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
|
2010-05-13 11:05:35 +00:00 |
|
Miroslav Stampar
|
0a4c1f8aec
|
unfix (conf.timeSec is an integer - my fault)
|
2010-05-13 09:34:08 +00:00 |
|
Miroslav Stampar
|
2fdac83607
|
minor fix
|
2010-05-13 08:27:51 +00:00 |
|
Bernardo Damele
|
9efe001515
|
SQLite does not support BETWEEN
|
2010-05-12 22:02:47 +00:00 |
|
Miroslav Stampar
|
893bc04fe4
|
changes regarding Feature #157 (Evaluate BETWEEN for inference algorithm)
|
2010-05-12 11:30:32 +00:00 |
|
Bernardo Damele
|
8b74c405f5
|
Minor output bug fix
|
2010-05-11 14:15:03 +00:00 |
|
Miroslav Stampar
|
430a25407b
|
fixed that thread partial output problem (one character behind) reported by Kasper Fons
|
2010-05-11 11:06:21 +00:00 |
|
Bernardo Damele
|
90d9900371
|
Minor bug fix to consider --start and --stop also in partial UNION query SQL injection
|
2010-04-30 15:48:40 +00:00 |
|
Miroslav Stampar
|
d8e5585c66
|
fixed a bug reported by Mosk Dmitri (infoMsg UnboundLocalError)
|
2010-04-29 08:30:29 +00:00 |
|
Miroslav Stampar
|
7d3a200ab8
|
fix for Bug #183
|
2010-04-19 15:25:52 +00:00 |
|
Bernardo Damele
|
a0c8adc266
|
Minor bug fix to add the "hinted" request to the total number of requests performed
Minor layout adjustments.
|
2010-04-15 10:08:27 +00:00 |
|
Miroslav Stampar
|
17554759b7
|
implemented feature request from Ole Rasmussen regarding table name retrieval speedup
|
2010-04-15 09:36:13 +00:00 |
|
Bernardo Damele
|
b72ddb6f1e
|
Fixes non-deterministic unsorted results for most of the DBMSes - see #185
|
2010-04-09 15:48:53 +00:00 |
|
Bernardo Damele
|
1416cd0d86
|
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158. This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
Minor layout adjustments.
|
2010-03-26 23:23:25 +00:00 |
|
Bernardo Damele
|
be81c20298
|
Minor layout adjustment
|
2010-03-25 16:26:50 +00:00 |
|
Bernardo Damele
|
8e57767c48
|
Fixes #180 - properly url encode sqlmap payload in POST/Cookie too, like for GET
|
2010-03-23 10:27:39 +00:00 |
|
Bernardo Damele
|
f9a135e232
|
Minor bug fix and layout adjustment regarding --threading and standard output
|
2010-03-22 17:38:19 +00:00 |
|