sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 18:13:46 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	e0f521cf9d	minor update regarding --randomize	2011-08-29 13:08:25 +00:00
Miroslav Stampar	ac00014c4a	implemented --randomize switch by request	2011-08-29 12:50:52 +00:00
Miroslav Stampar	8fe069b495	minor fix	2011-08-23 21:48:39 +00:00
Miroslav Stampar	01014eca17	by request	2011-08-23 21:45:01 +00:00
Miroslav Stampar	cfc1f2b70b	minor update	2011-08-22 22:43:14 +00:00
Miroslav Stampar	f4127a80d7	improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used)	2011-08-22 21:43:46 +00:00
Miroslav Stampar	8a174248dc	fix for a bug reported by blueBoy	2011-08-20 20:08:11 +00:00
Miroslav Stampar	cb32d46f2a	minor minor update	2011-08-18 06:09:12 +00:00
Miroslav Stampar	54bcc35ba7	important bug fix (connection exception was causing losing of already retrieved data)	2011-08-17 22:31:33 +00:00
Miroslav Stampar	9d31322f3d	update regarding special case when conf.uChar appears only in testable pages	2011-08-17 21:40:42 +00:00
Miroslav Stampar	75ec146224	minor beautification	2011-08-17 21:17:02 +00:00
Miroslav Stampar	f46baac70b	bug fix (when comment is None this was errornous)	2011-08-17 10:58:29 +00:00
Bernardo Damele	9361e633f4	Minor bug fix - some applications do really set cookies like param="value" with double-quotes	2011-08-16 09:21:01 +00:00
Miroslav Stampar	e1dbb4443b	minor update related to the last commit	2011-08-16 07:01:14 +00:00
Miroslav Stampar	7cc5743c5d	minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)	2011-08-16 06:50:20 +00:00
Miroslav Stampar	600ef3eace	minor patch	2011-08-16 06:22:04 +00:00
Miroslav Stampar	262996fc5b	bug fix	2011-08-16 06:14:40 +00:00
Miroslav Stampar	df4abf1af1	lowering constant value from 10 to 7 for da peace in da houz	2011-08-12 17:19:19 +00:00
Bernardo Damele	702ed73a65	Added --code switch to match in boolean-based tests against the HTTP response code	2011-08-12 16:48:11 +00:00
Bernardo Damele	fff4c34e33	Search for --string and --regexp matches also in HTTP response headers	2011-08-12 15:33:37 +00:00
Bernardo Damele	5e5133b8e7	Should be fixed now	2011-08-12 15:00:11 +00:00
Bernardo Damele	1505cb2a80	typo	2011-08-12 14:51:39 +00:00
Bernardo Damele	702ca22d54	Minor bug fix for URI injections	2011-08-12 14:48:44 +00:00
Bernardo Damele	28bba9f5e6	More verbose warning message	2011-08-12 13:47:38 +00:00
Miroslav Stampar	10bdd90e60	minor speed optimizations (as a result of profiling)	2011-08-12 13:40:37 +00:00
Bernardo Damele	36280b33fa	Ask the user wheather or not to adjust the time delay - there have been a case where the forcing of conf.timeSec screwed the result in an extremely lagged and unreliable site	2011-08-12 13:06:40 +00:00
Miroslav Stampar	41ae9bc7ff	minor bug fix	2011-08-09 14:20:25 +00:00
Miroslav Stampar	2ad267132a	minor update for empty normal responses (like AJAX requests)	2011-08-05 10:55:21 +00:00
Miroslav Stampar	e849b71027	minor typo	2011-08-03 14:31:42 +00:00
Miroslav Stampar	538b49bcc5	removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports	2011-08-03 13:26:38 +00:00
Miroslav Stampar	f7562da754	from now on proper union column count should be displayed in injection info output	2011-08-03 10:34:50 +00:00
Miroslav Stampar	9423d15fb3	ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix	2011-08-03 09:08:16 +00:00
Miroslav Stampar	07afcd5440	fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)	2011-08-02 18:20:21 +00:00
Miroslav Stampar	07c3d4fb18	minor adjustment	2011-08-02 17:35:43 +00:00
Miroslav Stampar	edab7d01a5	minor fix	2011-08-02 17:31:13 +00:00
Bernardo Damele	c15439ab7f	Minor improvement to --passwords output	2011-08-02 09:04:34 +00:00
Miroslav Stampar	cb0981d858	proper way of handling 0 length results (as in __goInferenceProxy)	2011-08-02 08:39:32 +00:00
Miroslav Stampar	0643ced651	minor update	2011-08-02 08:12:43 +00:00
Miroslav Stampar	457f501bbd	proper fix	2011-08-01 23:48:38 +00:00
Bernardo Damele	cbd0ea0866	Possible fix for a minor bug	2011-08-01 23:24:39 +00:00
Miroslav Stampar	018d7ed646	improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery)	2011-07-31 23:40:09 +00:00
Miroslav Stampar	0627bb02cb	minor beautification	2011-07-31 10:21:47 +00:00
Miroslav Stampar	93ae1dfa2b	minor bug fix	2011-07-31 08:52:48 +00:00
Miroslav Stampar	68ae8ea5b2	minor refactoring	2011-07-29 10:54:25 +00:00
Miroslav Stampar	e522263640	fix for a neverending data retrieval in large full inband cases	2011-07-29 10:45:09 +00:00
Miroslav Stampar	3fc603843e	minor fix	2011-07-27 23:26:36 +00:00
Miroslav Stampar	107089c00b	bug fix	2011-07-27 08:25:51 +00:00
Miroslav Stampar	f7eaffcec5	i believe that this could be ok	2011-07-26 21:28:48 +00:00
Bernardo Damele	a2483b3bc4	Aligned OS takeover functionalities to recent Metasploit improvements	2011-07-26 10:29:14 +00:00
Bernardo Damele	938716e361	Proper fix for --start and --stop consistency amongst different techniques	2011-07-26 10:06:28 +00:00
Bernardo Damele	e71f96afe7	Reverted dumb "fix"	2011-07-26 09:42:09 +00:00
Miroslav Stampar	6bbb8139a0	update (smaller memory footprint in postprocessing phase because of safecharencode part)	2011-07-25 20:40:31 +00:00
Miroslav Stampar	5770c08784	minor optimization and refactoring	2011-07-25 20:17:44 +00:00
Bernardo Damele	0a7a648694	Minor bug fix for --start, now all techniques return the same result (before blind techniques returned from one entry behind)	2011-07-25 11:15:18 +00:00
Bernardo Damele	6cbb927012	Partial fix for -o not resumed at following runs if missing from command line	2011-07-25 11:05:49 +00:00
Miroslav Stampar	2033a28ae7	minor update regarding last commit (cleaner code)	2011-07-24 20:44:17 +00:00
Miroslav Stampar	3a3561fdaa	doing proper big table support for partial union too	2011-07-24 20:36:44 +00:00
Miroslav Stampar	ec1bc0219c	hello big tables, this is sqlmap, sqlmap this is big tables	2011-07-24 09:19:33 +00:00
Miroslav Stampar	82e1e61554	minor speedup	2011-07-23 19:51:19 +00:00
Miroslav Stampar	094dc91e2d	minor update (prior to some changes regarding large content retrieval)	2011-07-23 19:04:59 +00:00
Miroslav Stampar	a89140e1ce	revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function)	2011-07-23 06:07:00 +00:00
Miroslav Stampar	8a00ca83af	refactoring. nothing special changed	2011-07-21 10:18:11 +00:00
Miroslav Stampar	963f54e6d2	minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job)	2011-07-21 10:06:52 +00:00
Miroslav Stampar	7881ded60d	quick fix (this other library was doing problems)	2011-07-20 22:20:16 +00:00
Bernardo Damele	d6b52242c7	Meterpreter's sniffer extension freezes 64-bit systems Meterpreter's priv extension is loaded by default since Metasploit 3.5 or so. There is no shellcodeexec 64-bit yet, anyway as the Metasploit payload is encoded with a 32-bit encoded (alphanumeric), it's all fine.	2011-07-20 13:50:02 +00:00
Miroslav Stampar	9d996c07fb	another quick fix	2011-07-20 13:00:34 +00:00
Miroslav Stampar	fad77dd078	fix for a ImportError bug reported by g@brindi.si	2011-07-20 12:18:36 +00:00
Miroslav Stampar	9cf33ec997	now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char	2011-07-15 13:24:13 +00:00
Miroslav Stampar	ff8fc90ac7	bug fix	2011-07-13 06:44:15 +00:00
Miroslav Stampar	5c162efbd8	more optimization	2011-07-12 23:21:15 +00:00
Miroslav Stampar	9933edc718	optimization of reflective removal mechanism	2011-07-12 22:28:19 +00:00
Bernardo Damele	cda25cda2f	Cosmetics	2011-07-12 20:49:27 +00:00
Miroslav Stampar	3583d6dd1b	quick fixes, more work to do	2011-07-12 20:32:19 +00:00
Miroslav Stampar	0126b8eb0e	minor revert (it's illegal to use append for updating one array with another array)	2011-07-12 19:34:54 +00:00
Bernardo Damele	48b7245a33	Minor bug fix	2011-07-12 15:47:04 +00:00
Bernardo Damele	0b8c6e4c81	Minor bug fix	2011-07-12 15:30:40 +00:00
Miroslav Stampar	a46b5230f5	minor "patch"	2011-07-11 20:33:16 +00:00
Miroslav Stampar	1f826684f6	disabling multiprocessing (maybe permanently) support for Windows as of complications with sharing dictionary iterator	2011-07-11 13:16:59 +00:00
Miroslav Stampar	7bc6280d53	possible fix for a multi-processing "problem" reported by christopher.oakley@gmail.com	2011-07-11 11:40:27 +00:00
Miroslav Stampar	f5e45bf113	quick fix for a bug reported by jovon.itwaru@gmail.com	2011-07-11 08:54:39 +00:00
Miroslav Stampar	98958f8808	minor minor update	2011-07-10 15:41:45 +00:00
Miroslav Stampar	0d6afca7db	adding new switch '--smart' by request	2011-07-10 15:16:58 +00:00
Miroslav Stampar	1e182e6c72	quick fix	2011-07-08 22:34:44 +00:00
Bernardo Damele	651349e229	More verbose critical message	2011-07-08 13:12:53 +00:00
Bernardo Damele	b5dd4d4a63	Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection	2011-07-08 10:19:01 +00:00
Miroslav Stampar	02bfd05b20	more general approach	2011-07-08 10:03:14 +00:00
Miroslav Stampar	5443e06430	cosmetics (in debug mode [0] is used)	2011-07-08 09:43:52 +00:00
Miroslav Stampar	c463c411b9	minor update	2011-07-08 09:32:58 +00:00
Miroslav Stampar	ba2c06c9dc	quick fix	2011-07-08 09:01:32 +00:00
Miroslav Stampar	c517e97a44	few fixes and minor cosmetics	2011-07-08 06:02:31 +00:00
Bernardo Damele	aedcf8c8d7	Changed homepage address	2011-07-07 20:10:03 +00:00
Bernardo Damele	067354b97f	Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access	2011-07-07 13:20:40 +00:00
Bernardo Damele	9e1a6beb7a	Major bug fix in UNION detection, it was a leftover	2011-07-07 00:06:20 +00:00
Bernardo Damele	fcd4e94c04	Higher chances to detect UNION query SQL injection against Microsoft Access	2011-07-06 23:52:44 +00:00
Bernardo Damele	23b4efdcaf	Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too.	2011-07-06 21:04:45 +00:00
Bernardo Damele	0d28c1e9e7	cosmetics	2011-07-06 20:41:13 +00:00
Bernardo Damele	6f6038b534	Quick fix (revert..)	2011-07-06 11:32:12 +00:00
Miroslav Stampar	93b296e02c	few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")	2011-07-06 05:44:47 +00:00
Miroslav Stampar	b8ffcf9495	few fixes here and there and multi-core processing for dictionary based hash attack	2011-07-04 19:58:41 +00:00
Miroslav Stampar	34d9a91af1	bulk of fixes	2011-07-02 22:48:56 +00:00
Bernardo Damele	861cdb1b14	cosmetics	2011-07-01 10:04:34 +00:00
Miroslav Stampar	4513ef409e	massive (like really massive) dictionary support	2011-06-30 23:44:49 +00:00
Miroslav Stampar	43db6b03a7	update with a feature request (file with list of wordlist files)	2011-06-30 08:42:43 +00:00
Miroslav Stampar	9e453e8709	fix for a bug reported by nightman@email.de	2011-06-29 17:49:59 +00:00
Miroslav Stampar	be9b8bca78	bug fix	2011-06-29 17:39:58 +00:00
Bernardo Damele	9eb683531d	Minor improvement at blind SQL inj technique for DB2	2011-06-27 22:28:12 +00:00
Miroslav Stampar	75524c283d	minor update	2011-06-27 21:59:31 +00:00
Miroslav Stampar	4be55c811f	minor update	2011-06-27 21:48:26 +00:00
Miroslav Stampar	831f083223	minor update	2011-06-27 21:38:12 +00:00
Miroslav Stampar	5b4eaf48d9	minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ")	2011-06-27 21:34:49 +00:00
Miroslav Stampar	8a8b94883b	minor update (that default quit in --batch was bothering me - my original idea and it was bad :)	2011-06-27 14:14:49 +00:00
Miroslav Stampar	d72db1bf91	minor update (all misc options are alphabetically ordered)	2011-06-27 08:21:33 +00:00
Bernardo Damele	36c96ef796	Added DB2 support - patch provided by Sebastian Bittig	2011-06-25 09:44:24 +00:00
Miroslav Stampar	e00cf81f7e	minor update	2011-06-24 19:50:13 +00:00
Miroslav Stampar	e9286ddd5b	fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 47: ordinal not in range(128))	2011-06-24 19:24:11 +00:00
Miroslav Stampar	c4cb367e65	looks nicer (though --tor is implicitly converted into --proxy)	2011-06-24 19:00:53 +00:00
Miroslav Stampar	aa83fe5c66	minor update	2011-06-24 18:19:33 +00:00
Miroslav Stampar	21010f702c	minor beautification	2011-06-24 17:46:54 +00:00
Miroslav Stampar	2de88bd90b	minor update	2011-06-24 17:19:24 +00:00
Miroslav Stampar	96190cf594	minor update	2011-06-24 17:15:15 +00:00
Bernardo Damele	406f2cda09	Got rid of useless TAB completion in --sql-shell	2011-06-24 13:05:13 +00:00
Bernardo Damele	35ce6dedcf	Got rid of useless imports	2011-06-24 09:59:11 +00:00
Bernardo Damele	a78f5b4eb3	Minor adjustment to avoid function and variables with same name	2011-06-24 09:29:11 +00:00
Miroslav Stampar	eaa2a4202f	changing to: --crawl=CRAWLDEPTH	2011-06-24 05:40:03 +00:00
Miroslav Stampar	3717b8423f	cleanest fix this moment (conf.dbms will for sure deal problems later in any form)	2011-06-22 15:48:44 +00:00
Miroslav Stampar	5190440ea2	minor fix	2011-06-22 15:36:59 +00:00
Miroslav Stampar	97d8729d71	probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded)	2011-06-22 15:28:49 +00:00
Miroslav Stampar	52ba3c281e	minor update	2011-06-22 14:59:49 +00:00
Miroslav Stampar	4ca37901da	thread safe logging+stdout (no more overlapping of log messages and raw output)	2011-06-22 14:53:42 +00:00
Miroslav Stampar	84bc8c3a37	update	2011-06-22 14:39:31 +00:00
Miroslav Stampar	938db1b513	replacing xmlobject logic with our own	2011-06-22 14:33:52 +00:00
Bernardo Damele	1cb12ea659	replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)	2011-06-22 13:31:07 +00:00
Miroslav Stampar	e76cb19e35	minor patch	2011-06-22 09:11:12 +00:00
Miroslav Stampar	b16b92fe46	minor update	2011-06-21 20:59:34 +00:00
Miroslav Stampar	2220afbdf5	fix by request	2011-06-21 20:50:16 +00:00
Miroslav Stampar	9e232256f4	reverting that last commit because there is a mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic)	2011-06-21 18:29:23 +00:00
Miroslav Stampar	3536320fc9	--stop is inclusive ("Last query output entry to retrieve")	2011-06-21 18:08:33 +00:00
Miroslav Stampar	dfc02d8c3c	sorry Bernardo, i hope your mobile is turned off :)))	2011-06-20 22:47:24 +00:00
Miroslav Stampar	2a4a284a29	crawler fix (skip binary files)	2011-06-20 22:41:38 +00:00
Miroslav Stampar	20bb1a685b	really minor update	2011-06-20 21:57:53 +00:00
Miroslav Stampar	812cd2f19b	minor update	2011-06-20 21:47:03 +00:00
Miroslav Stampar	e8ac7414f2	bug fix	2011-06-20 21:36:15 +00:00
Miroslav Stampar	d6062e8fc9	minor fix for crawler and far less message overlaps in future	2011-06-20 21:18:12 +00:00
Miroslav Stampar	8968c708a0	minor update	2011-06-20 14:27:24 +00:00
Miroslav Stampar	17fac6f67f	minor update	2011-06-20 13:53:39 +00:00
Miroslav Stampar	29314f425e	minor fix	2011-06-20 13:42:31 +00:00
Miroslav Stampar	f09340fc89	minor update	2011-06-20 12:40:14 +00:00
Miroslav Stampar	4d1fa5596b	added support for --scope in --crawl mode	2011-06-20 12:37:51 +00:00
Miroslav Stampar	42746cc706	bug fix	2011-06-20 12:18:46 +00:00
Miroslav Stampar	67fab9f2e2	putting this to info messages (user needs to know at this place why is it waiting)	2011-06-20 12:17:19 +00:00
Miroslav Stampar	b1426b5131	bug fix	2011-06-20 12:11:09 +00:00
Miroslav Stampar	cda39ca350	minor update	2011-06-20 11:46:23 +00:00
Miroslav Stampar	07e2c72943	adding Beautifulsoup (BSD) into extras; adding --crawl to options	2011-06-20 11:32:30 +00:00
Miroslav Stampar	8c04aa871a	english typo	2011-06-20 11:00:23 +00:00
Miroslav Stampar	bdb530da1f	minor update	2011-06-19 10:11:27 +00:00
Miroslav Stampar	d5bc149636	made changes by buawig request (504 is treated as a classical timeout)	2011-06-19 09:57:41 +00:00
Miroslav Stampar	83af83da9e	minor beautification (WordsSet is considered as a bad english)	2011-06-18 15:47:19 +00:00
Bernardo Damele	f8c32cf6b9	Moved folder	2011-06-18 12:34:41 +00:00
Bernardo Damele	28ef61b997	Use getPageTextWordsSet() also in --common-columns	2011-06-18 12:30:26 +00:00
Bernardo Damele	6b2f44de14	Minor layout adjustment	2011-06-18 12:27:12 +00:00
Bernardo Damele	cd07139919	Layout adjustments	2011-06-18 11:58:14 +00:00
Miroslav Stampar	31ad0875b4	added by request	2011-06-18 11:34:51 +00:00
Miroslav Stampar	e4be141602	minor fix for --smoke-test	2011-06-18 11:26:17 +00:00
Bernardo Damele	c7e1aeeef2	layout	2011-06-18 11:02:48 +00:00
Miroslav Stampar	905fef0eae	now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)	2011-06-18 10:51:14 +00:00
Miroslav Stampar	fde3e4cece	better	2011-06-18 09:52:07 +00:00
Miroslav Stampar	2f129b01c0	"Please consider to provide" is a bad English	2011-06-18 09:46:22 +00:00
Miroslav Stampar	1440c9f2d4	minor update	2011-06-17 22:28:07 +00:00
Miroslav Stampar	87e9842371	better language	2011-06-17 22:13:45 +00:00
Miroslav Stampar	ce3170edef	minor update/better language	2011-06-17 22:11:40 +00:00
Miroslav Stampar	ec6fa384eb	update	2011-06-17 22:04:25 +00:00
Miroslav Stampar	0c9fa5c550	fix	2011-06-17 17:12:47 +00:00
Miroslav Stampar	043f2f92c1	minor update	2011-06-17 17:10:52 +00:00
Miroslav Stampar	c9a6aad5c3	minor fix by request	2011-06-17 16:58:50 +00:00
Miroslav Stampar	a0129dcbcb	this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :)	2011-06-17 16:52:39 +00:00
Miroslav Stampar	f3ee2c09fb	cleaner fix	2011-06-17 15:32:23 +00:00
Miroslav Stampar	bb987ec98f	fix for DNS leakage	2011-06-17 15:23:58 +00:00
Miroslav Stampar	9498a3f259	little stabilization of multi threading	2011-06-17 12:50:28 +00:00
Miroslav Stampar	d27afaed7e	some fixes	2011-06-16 14:27:44 +00:00
Miroslav Stampar	6b1d5a0ab8	minor fix	2011-06-16 14:11:30 +00:00
Miroslav Stampar	530c296519	minor fix	2011-06-16 13:56:17 +00:00
Miroslav Stampar	0eeb48f8f5	some fixes	2011-06-16 13:41:02 +00:00
Miroslav Stampar	7733e5866a	minor update regarding mnemonics (again)	2011-06-16 12:34:38 +00:00
Miroslav Stampar	17e4c6b564	minor update regarding mnemonics	2011-06-16 12:26:50 +00:00
Miroslav Stampar	25b923bbc3	minor fixes and minor updates	2011-06-16 12:12:30 +00:00
Miroslav Stampar	3995891ab4	new file containing default settings	2011-06-16 11:43:07 +00:00
Miroslav Stampar	6f681b45ad	cleaning up a bit for a configuration mess	2011-06-16 11:42:13 +00:00
Bernardo Damele	f515c9c9e0	Dealt with SVN update login traceback. Need to investigate further why it asks for credentials sometimes	2011-06-16 10:11:11 +00:00
Miroslav Stampar	63d98d8ce6	fix for a bug reported by rdsears@mtu.edu (ignored config file items)	2011-06-16 08:08:49 +00:00
Miroslav Stampar	4d51fa8155	minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)	2011-06-15 17:37:28 +00:00
Miroslav Stampar	e0ad72031f	minor update	2011-06-15 12:04:30 +00:00
Miroslav Stampar	1d93a03eeb	introducing mnemonics	2011-06-15 11:58:50 +00:00
Miroslav Stampar	d55a242908	minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always)	2011-06-14 19:38:35 +00:00
Miroslav Stampar	a4328e914b	minor update	2011-06-14 19:29:42 +00:00
Miroslav Stampar	1e17c0d4a1	switching to debug mode for missing dependencies	2011-06-14 08:47:06 +00:00
Bernardo Damele	8978fded03	typo fix	2011-06-13 19:00:27 +00:00
Bernardo Damele	7152a1ed3b	Added --dependences to show which sqlmap dependences are not available	2011-06-13 18:44:02 +00:00
Miroslav Stampar	0990f16f7f	minor update for invalid cases like 'iso-8859-1 (western europe)'	2011-06-12 08:36:21 +00:00
Miroslav Stampar	2da56ea507	fix of a language bug	2011-06-11 21:17:30 +00:00
Miroslav Stampar	9331abb96f	minor update	2011-06-11 08:33:36 +00:00
Miroslav Stampar	f8dde2c23b	adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)	2011-06-10 23:18:43 +00:00
Miroslav Stampar	15d72ec566	minor improvement for special cases with --string/--regexp	2011-06-10 23:05:47 +00:00
Miroslav Stampar	8fac4605a9	minor fix for None results	2011-06-10 22:28:15 +00:00
Miroslav Stampar	71093b1cad	adding one more user friendly message	2011-06-09 09:58:42 +00:00
Miroslav Stampar	fae089646b	minor fix	2011-06-09 08:38:17 +00:00
Miroslav Stampar	9202fedf7b	minor fix	2011-06-09 08:14:54 +00:00
Miroslav Stampar	af5fe457bd	revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content)	2011-06-09 07:53:31 +00:00
Miroslav Stampar	8ec4bc9d9d	revert of the last commit. have to think about it	2011-06-09 06:32:53 +00:00
Miroslav Stampar	9c093d91f2	minor update	2011-06-09 06:14:35 +00:00
Bernardo Damele	d217cf71b2	Minor bug fix	2011-06-08 23:32:44 +00:00
Bernardo Damele	6aade8e6fc	grammar fix, again	2011-06-08 16:40:22 +00:00
Bernardo Damele	d160888784	Grammar fix	2011-06-08 16:25:18 +00:00
Bernardo Damele	1c6ee1dc36	Rephrase	2011-06-08 16:22:16 +00:00
Bernardo Damele	0d8d6a4ace	Cosmetics	2011-06-08 16:08:20 +00:00
Bernardo Damele	70cac24909	Cosmetics	2011-06-08 15:31:27 +00:00
Bernardo Damele	64bef644c3	This was missing	2011-06-08 15:30:59 +00:00
Miroslav Stampar	d8155dfae9	change by request	2011-06-08 14:44:11 +00:00
Miroslav Stampar	6387d98ab0	quick fix	2011-06-08 14:42:48 +00:00
Bernardo Damele	0d3e8a76d8	Cosmetics and a missing param	2011-06-08 14:40:42 +00:00
Miroslav Stampar	4a9640160e	more concise	2011-06-08 14:35:23 +00:00
Miroslav Stampar	6b81eef65a	refactoring	2011-06-08 14:30:12 +00:00
Bernardo Damele	cd6ceb733e	Adjustment and refactoring for takeover via web backdoor	2011-06-08 14:16:53 +00:00
Bernardo Damele	cce3208b35	Cleanup	2011-06-08 14:15:34 +00:00
Bernardo Damele	7da3d8dbd1	minor layout adjustment	2011-06-08 13:01:33 +00:00
Miroslav Stampar	f65abdaae3	added switch --cookie-del by request	2011-06-08 08:27:24 +00:00
Miroslav Stampar	4eeeb3655e	asking and skipping to the next google result page if no usable links found	2011-06-07 23:24:17 +00:00
Miroslav Stampar	1c633b7351	i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified	2011-06-07 22:14:18 +00:00
Miroslav Stampar	75c12c5edb	fix for a bug reported by cclements@flatearth.net (TypeError: argument of type 'NoneType' is not iterable)	2011-06-07 21:46:49 +00:00
Miroslav Stampar	e7e23d1b79	fix for a Ctrl+C bug reported by nightman@email.de	2011-06-07 17:16:01 +00:00
Miroslav Stampar	26062ec71e	minor update	2011-06-07 15:13:51 +00:00
Miroslav Stampar	50dde39e68	minor update	2011-06-07 10:32:18 +00:00
Miroslav Stampar	e9bf768f23	more refactoring	2011-06-07 10:08:12 +00:00
Miroslav Stampar	7a3cc38e3c	refactoring and stabilization of multithreading	2011-06-07 09:50:00 +00:00
Miroslav Stampar	5f7858455d	fix for a bug reported by l0rda@l0rda.biz	2011-06-07 05:57:21 +00:00
Miroslav Stampar	03c3f83893	minor fix	2011-06-06 13:34:49 +00:00
Miroslav Stampar	24ed99e5a3	fix for a bug reported by aboynes@gmail.com	2011-06-06 08:50:48 +00:00
Miroslav Stampar	97d8c60c3f	better language	2011-06-03 15:58:19 +00:00
Miroslav Stampar	0a620bf322	more info to the user	2011-06-03 15:43:50 +00:00
Miroslav Stampar	8c80413c52	well, important fix for blind based cases (especially OR ones)	2011-06-03 15:29:22 +00:00
Miroslav Stampar	f27181c628	minor improvement for blind based injections with reflected values	2011-06-03 14:41:36 +00:00
Miroslav Stampar	e9eafc2e94	minor update	2011-06-03 14:13:22 +00:00
Miroslav Stampar	64a862ed58	minor usability update	2011-06-03 14:04:02 +00:00
Miroslav Stampar	faf7814869	fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com	2011-06-03 11:01:26 +00:00
Miroslav Stampar	08d6bb4f23	minor fix	2011-06-02 22:13:31 +00:00
Miroslav Stampar	8aa5625cd0	proper fix related to the last commit	2011-06-01 23:00:18 +00:00
Miroslav Stampar	fd57aae779	bug fix (until this moment we had UNION unfunctional for MSSQL)	2011-06-01 22:47:54 +00:00
Miroslav Stampar	fc96764f80	minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None)	2011-06-01 22:06:06 +00:00
Miroslav Stampar	091c174bc4	better language	2011-06-01 08:30:06 +00:00
Miroslav Stampar	63145236b9	minor fix	2011-05-31 21:53:29 +00:00
Miroslav Stampar	42100e0e5b	big bug fix	2011-05-30 23:15:29 +00:00
Miroslav Stampar	9600556dae	better language	2011-05-30 23:04:49 +00:00
Miroslav Stampar	b7088440c2	better sentence	2011-05-30 22:47:17 +00:00
Miroslav Stampar	3c12799ff0	minor improvement	2011-05-30 20:34:34 +00:00
Miroslav Stampar	89559d1b0a	better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it	2011-05-30 20:18:30 +00:00
Miroslav Stampar	b79dae6e95	minor update	2011-05-30 14:49:03 +00:00
Miroslav Stampar	20988e58ed	warp 5 mr spock :)	2011-05-30 09:46:32 +00:00
Miroslav Stampar	001cbff2a9	speed up of 2 times for partial union technique	2011-05-30 09:07:48 +00:00
Miroslav Stampar	97820949f5	minor update	2011-05-30 08:33:01 +00:00
Miroslav Stampar	d5ede6afb4	fix for a dirty reading issue reported by skysbsb@gmail.com (IndexError: list index out of range)	2011-05-30 06:38:44 +00:00
Miroslav Stampar	23d7820de7	minor update	2011-05-29 23:56:41 +00:00
Miroslav Stampar	6fd8602f01	minor update	2011-05-29 23:33:34 +00:00
Miroslav Stampar	86455ceb9c	implementation of multithreading for UNION and ERROR techniques	2011-05-29 23:17:50 +00:00
Miroslav Stampar	d51efa679d	typo update	2011-05-29 06:26:28 +00:00
Miroslav Stampar	f848cc779e	adding legal disclaimer as latest situation (these days news headlines) seems out of control	2011-05-28 18:54:14 +00:00
Miroslav Stampar	a5a70f0895	minor update	2011-05-28 18:21:03 +00:00
Miroslav Stampar	ecbeecdccf	minor refactoring	2011-05-28 18:11:56 +00:00
Miroslav Stampar	eb9b84d1da	type correction	2011-05-28 17:53:05 +00:00
Miroslav Stampar	03ef53f00a	update regarding mysql function resolution and versionedkeywords	2011-05-28 17:34:43 +00:00
Miroslav Stampar	95dea1fbf9	sharp tuning UNION tests even more	2011-05-28 08:06:19 +00:00
Miroslav Stampar	c11ea35d53	adding some user input for "refreshing" cases (like redirect ones)	2011-05-27 22:42:23 +00:00
Miroslav Stampar	cf69809c3c	minor update	2011-05-27 16:26:00 +00:00
Miroslav Stampar	8227298057	user friendliness uber 9000	2011-05-27 08:30:52 +00:00
Miroslav Stampar	a8b58afdb2	minor update	2011-05-27 08:21:02 +00:00
Miroslav Stampar	48f52d7697	minor beautification	2011-05-27 08:16:14 +00:00
Miroslav Stampar	61b960f65f	minor update related to the last one	2011-05-26 22:05:10 +00:00
Miroslav Stampar	45caadbd4a	important update - finally found what was causing headache for UNION payloads in noticeable number of cases	2011-05-26 21:54:19 +00:00
Miroslav Stampar	97bd5355dd	minor update	2011-05-26 21:18:55 +00:00
Miroslav Stampar	5d56e89cf5	minor update	2011-05-26 21:08:46 +00:00
Miroslav Stampar	06108b6da6	minor update related to the last commit	2011-05-26 20:58:24 +00:00
Miroslav Stampar	4f46a5ab63	minor usability enhancement regarding warning for --text-only switch	2011-05-26 20:48:18 +00:00
Miroslav Stampar	ff030e4d24	minor cleanup of the leftover	2011-05-26 17:37:24 +00:00
Miroslav Stampar	bf2b58ba82	minor update	2011-05-26 15:23:28 +00:00
Miroslav Stampar	b6fe5b12a4	adding --schema to the wizard/Basic as it looks like a cool thingy to put there	2011-05-26 14:30:05 +00:00
Miroslav Stampar	4f2c999146	fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders)	2011-05-26 13:47:20 +00:00
Miroslav Stampar	f3ed61af5f	bug fix when using inference and kb.pageEncoding is None (like in binary cases)	2011-05-25 21:12:12 +00:00
Miroslav Stampar	5369657cd5	fix for cases with retrieved binary files (preventing difflib nagging around comparison)	2011-05-25 20:54:30 +00:00
Miroslav Stampar	a1fd2898a0	added friendly tip message for url encoding GET and POST payloads	2011-05-25 11:10:52 +00:00
Miroslav Stampar	0e480a9921	adding SYS to the ORACLE_SYSTEM_DBS	2011-05-25 10:55:47 +00:00
Miroslav Stampar	2f456bee75	minor beautification	2011-05-25 08:14:39 +00:00
Miroslav Stampar	8b7a3c5a6b	making it easier for totally dummy users	2011-05-24 17:24:01 +00:00
Miroslav Stampar	bec2c04671	helping dummy users	2011-05-24 17:15:25 +00:00
Miroslav Stampar	a3466ff79c	serving everything for the users	2011-05-24 16:34:08 +00:00
Miroslav Stampar	69eb173eca	minor just in case patch	2011-05-24 15:07:37 +00:00
Miroslav Stampar	0072c3af8e	fix for a bug reported by aboynes@gmail.com (for elt in self.a)	2011-05-24 15:03:21 +00:00
Miroslav Stampar	f774d8fea0	proper Tor settings (reverted r3915 and implemented it the right way)	2011-05-24 11:06:58 +00:00
Miroslav Stampar	915c206e3d	minor fix for socks proxy issues	2011-05-24 09:47:10 +00:00
Miroslav Stampar	ad25bcc2be	better way for dealing with relative paths	2011-05-24 05:26:51 +00:00
Miroslav Stampar	a536bf210f	improved redirection mechanism	2011-05-23 23:20:03 +00:00
Miroslav Stampar	128a012121	this was causing that --suffix trouble	2011-05-23 19:59:07 +00:00
Miroslav Stampar	bfe8e51b7c	minor fix for retrieving stuff like "SELECT * FROM testdb..users"	2011-05-23 19:45:40 +00:00
Miroslav Stampar	2b12b18357	incorporating metasploit patch from oliver.kuckertz@mologie.de	2011-05-23 15:27:10 +00:00
Miroslav Stampar	4542d4535f	minor beautification	2011-05-23 14:28:05 +00:00
Miroslav Stampar	31b48ec11c	removing space left	2011-05-23 14:18:33 +00:00
Miroslav Stampar	0ed03d474f	now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate	2011-05-23 11:09:44 +00:00
Miroslav Stampar	868fbe370b	minor beautification	2011-05-23 10:39:58 +00:00
Miroslav Stampar	fb23beef6f	most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested)	2011-05-22 19:14:36 +00:00
Miroslav Stampar	4fdb6ac9b9	adding useful info	2011-05-22 15:30:19 +00:00
Miroslav Stampar	48c20a62ac	minor nag fix	2011-05-22 15:08:55 +00:00
Miroslav Stampar	40971aca94	fixing nasty bug caused by retrying counter	2011-05-22 10:59:56 +00:00
Miroslav Stampar	712e238f33	another minor fix	2011-05-22 10:29:25 +00:00
Miroslav Stampar	2795aeff34	minor fix	2011-05-22 10:27:45 +00:00
Miroslav Stampar	806e898694	no more CRITICAL drop outs in test mode - lots of reports were related to this	2011-05-22 10:21:49 +00:00
Miroslav Stampar	9b2623514a	one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables	2011-05-22 09:48:46 +00:00
Miroslav Stampar	2ea613b170	type correction and adding global flag kb.ignoreTimeout which could be useful	2011-05-22 08:24:13 +00:00
Miroslav Stampar	27f0e73cc9	refactoring of 'target' flag in connect.py	2011-05-22 07:46:09 +00:00
Miroslav Stampar	a58aaf2e1a	better format for results file (easier for sorting when lots of files)	2011-05-22 07:02:36 +00:00
Miroslav Stampar	25fff8c135	changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)	2011-05-21 11:46:57 +00:00
Miroslav Stampar	9e5856caf8	improvement for recognition of scalar vs multiple-row commands	2011-05-19 16:45:05 +00:00
Miroslav Stampar	db72428765	minor update	2011-05-19 15:57:29 +00:00
Miroslav Stampar	f40c6b2ce7	added --cookie for maskSensitiveData too	2011-05-19 15:42:59 +00:00
Miroslav Stampar	9832fc42d4	minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase)	2011-05-18 21:47:40 +00:00
Miroslav Stampar	3048e9f710	minor refactoring	2011-05-17 23:03:31 +00:00
Miroslav Stampar	cc07e5dc97	added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@yahoo.com	2011-05-17 22:55:22 +00:00
Miroslav Stampar	dfe81cc66f	minor yielding	2011-05-16 20:14:10 +00:00
Miroslav Stampar	a5ad4621c9	minor refactoring	2011-05-16 20:09:12 +00:00
Miroslav Stampar	ba1df457ab	fix for a charset euc_tw reported by devon.mitchell1988@yahoo.com	2011-05-16 19:26:58 +00:00
Miroslav Stampar	6ba9dea640	just in case for trimmed output	2011-05-16 06:17:37 +00:00
Miroslav Stampar	d2221e4604	fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...)	2011-05-16 00:23:50 +00:00
Miroslav Stampar	faa74cd2bc	introducing results file for multiple target mode	2011-05-15 22:21:38 +00:00
Miroslav Stampar	90e84c9a6d	removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end	2011-05-15 21:43:38 +00:00
Miroslav Stampar	c3bb5a03e1	minor improvement	2011-05-14 20:09:37 +00:00
Miroslav Stampar	3484a4426b	fix for a bug reported by itxx@qq.com (TypeError: encode() takes no keyword arguments)	2011-05-14 19:57:28 +00:00
Miroslav Stampar	053c245114	few minor fixes	2011-05-13 09:56:12 +00:00
Miroslav Stampar	a7d7be5ce0	bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host)	2011-05-13 01:01:53 +00:00
Miroslav Stampar	f11d5c91e3	minor update so that only one DNS request per scan is being done (before this commit there were two)	2011-05-12 14:32:39 +00:00
Miroslav Stampar	70688fb8b5	minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic)	2011-05-12 12:00:17 +00:00
Miroslav Stampar	c64eb38a8b	same thing as for the last commit, but for error technique this time	2011-05-12 11:52:18 +00:00
Miroslav Stampar	84a7e5ffb9	"unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance	2011-05-12 11:36:02 +00:00
Miroslav Stampar	0b2da2f9f5	minor beautification for --tor switch	2011-05-12 05:46:17 +00:00
Miroslav Stampar	e05a9c0554	i was probably very tired or very stupid to do this	2011-05-11 13:13:46 +00:00
Miroslav Stampar	2ab9e30f7a	bug fix	2011-05-11 12:54:33 +00:00
Miroslav Stampar	53065ee1fb	adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected)	2011-05-11 08:55:48 +00:00
Miroslav Stampar	5ee07b90b9	added -m switch for bulk loading multiple targets	2011-05-11 08:46:40 +00:00
Miroslav Stampar	120b0d756e	unfix	2011-05-10 21:33:06 +00:00
Miroslav Stampar	6b66fce72c	minor fix	2011-05-10 20:52:43 +00:00
Miroslav Stampar	192c685bc8	changing conf attribute to a more proper name	2011-05-10 20:48:34 +00:00
Miroslav Stampar	deae534ee7	minor refactoring	2011-05-10 20:44:36 +00:00
Bernardo Damele	97bc816aeb	layout	2011-05-10 16:24:09 +00:00
Bernardo Damele	3a8309c4b0	Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches	2011-05-10 15:34:54 +00:00
Miroslav Stampar	707edc7b1a	fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along)	2011-05-10 13:28:07 +00:00
Miroslav Stampar	1dea609019	fix for a bug reported by David (UnicodeDecodeError: url = url + '?' + query)	2011-05-10 12:51:37 +00:00
Miroslav Stampar	a64407d9db	minor bug fix for multithreading and lots of connection retries	2011-05-10 12:40:01 +00:00
Miroslav Stampar	22a1870c2c	adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1	2011-05-10 12:32:07 +00:00
Miroslav Stampar	ec4d9178f8	minor update related to the previous commit	2011-05-08 06:28:58 +00:00
Miroslav Stampar	4d6e7c738c	minor update	2011-05-08 06:17:43 +00:00
Bernardo Damele	9955483052	Major improvement for --dump. Minor improvement for --dump-all. Minor bug fix for infinite loop	2011-05-08 02:08:18 +00:00
Bernardo Damele	8179fd63c0	Minor fix	2011-05-07 23:48:03 +00:00
Bernardo Damele	6653907700	forgot in last commit	2011-05-07 21:13:56 +00:00
Bernardo Damele	1151af52bb	More fix for save/resume of --technique	2011-05-07 21:08:14 +00:00
Bernardo Damele	aae140080e	SVN roll back, DB2 patch will be recommitted after testing: $ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .	2011-05-06 10:27:43 +00:00
Miroslav Stampar	42bca80968	removing blank lines and adding newline at the end of files	2011-05-06 09:35:53 +00:00
Miroslav Stampar	6e392b6054	applying contributed patch for DB2	2011-05-06 09:30:39 +00:00
Bernardo Damele	2d8408c885	More fix for --technique resume	2011-05-05 16:38:46 +00:00
Bernardo Damele	e96a533a04	Bug fix to resume of --technique	2011-05-05 15:18:33 +00:00
Miroslav Stampar	b324b99f6e	minor update of warning message	2011-05-04 10:41:08 +00:00
Miroslav Stampar	83fac3f6d9	fix for proper MSSQL error chunking in some cases (not screwing output length toward lower values at chunk phase)	2011-05-03 21:12:51 +00:00
Miroslav Stampar	e6f010734e	minor fix for cases when the retrieved output is safe encoded (like for --os-shell)	2011-05-03 16:14:03 +00:00
Miroslav Stampar	4d4e3802e4	decoding of chars for --os-shell	2011-05-03 15:31:12 +00:00
Bernardo Damele	c58dc4a6d8	isDbmsWithin() must stay like this, no getIdentifiedDbms() in there	2011-05-03 14:13:45 +00:00
Miroslav Stampar	742b0ef76e	major improvement of ERROR data retrieval on MSSQL	2011-05-03 13:25:20 +00:00
Miroslav Stampar	2a7838928e	minor fancier --replicate update	2011-05-03 11:48:04 +00:00
Miroslav Stampar	b202d73b46	bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally)	2011-05-03 11:09:30 +00:00
Miroslav Stampar	1840b0e43b	fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo)	2011-05-03 10:22:38 +00:00
Miroslav Stampar	1e6c2fea74	update regarding warning for --random-agent during connection timeout in connection test phase	2011-05-03 10:05:42 +00:00
Bernardo Damele	6cff3e97f4	cosmetics	2011-05-02 21:48:08 +00:00
Miroslav Stampar	06498796b9	minor cosmetics	2011-05-02 20:51:53 +00:00
Miroslav Stampar	5e9620198c	fix for a privately reported bug ("AttributeError: item is disabled")	2011-05-02 18:18:04 +00:00
Miroslav Stampar	93dee30895	better fix for the previous commit	2011-05-02 13:34:55 +00:00
Miroslav Stampar	20ad1c1f2f	minor update to not confuse users when using -o	2011-05-02 13:24:35 +00:00
Miroslav Stampar	f8c3086d15	minor minor update	2011-05-02 12:37:54 +00:00
Miroslav Stampar	098f53d57a	patch for a problem reported by m.martin2311@yahoo.com (unknown charset 'is0-8859-1')	2011-05-02 12:34:35 +00:00
Bernardo Damele	ac2550535c	Proper fix for --technique=U bug	2011-05-01 23:42:41 +00:00
Miroslav Stampar	900ee0ff93	fix for a major bug reported by k1971@live.co.uk (1..9 99..)	2011-05-01 15:47:00 +00:00
Miroslav Stampar	494503b334	proper way to deal with generic cases	2011-05-01 08:04:08 +00:00
Miroslav Stampar	fcd69ba9c7	fix for a --technique=U	2011-05-01 07:37:22 +00:00
Miroslav Stampar	41fc9f9d54	fix for an issue reported by andrew.gecse@upcmail.hu (unknown web page charset 'hungarian-iso-8859-2')	2011-04-30 22:41:54 +00:00
Bernardo Damele	955dbc85e7	Minor variable rename	2011-04-30 15:29:59 +00:00
Bernardo Damele	b3a0424269	More Backend class method usage refactoring	2011-04-30 15:24:15 +00:00
Bernardo Damele	00f14bec5f	layout adjustment	2011-04-30 15:22:33 +00:00
Bernardo Damele	9a4ae7d9e2	More code refactoring of Backend class methods used	2011-04-30 14:54:29 +00:00
Bernardo Damele	f56d135438	Minor code restyling	2011-04-30 13:20:05 +00:00
Miroslav Stampar	983546d6bf	proper fix	2011-04-30 07:01:21 +00:00
Bernardo Damele	a5968fff3e	Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided	2011-04-30 00:22:22 +00:00
Bernardo Damele	956e75e2b5	Minor adjustment to --mobile. Bug fix to --random-agent.	2011-04-29 21:50:48 +00:00
Bernardo Damele	a23ca952e4	Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason	2011-04-29 21:09:07 +00:00
Miroslav Stampar	46f96f3c4c	removing Kindle from list as it's not really a smartphone	2011-04-29 19:32:30 +00:00
Miroslav Stampar	11124b21f9	implemented --mobile switch	2011-04-29 19:27:23 +00:00
Miroslav Stampar	b299912de4	fix for a bug reported by ahmed@isecur1ty.org (UnicodeDecodeError: 'ascii' codec can't decode byte 0x84 in position 396: ordinal not in range(128)) for multipartpost	2011-04-29 16:56:02 +00:00
Miroslav Stampar	6bb4dce3aa	minor refactoring	2011-04-29 15:22:32 +00:00
Miroslav Stampar	a2bb0d72e8	fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer)	2011-04-29 14:40:28 +00:00
Bernardo Damele	edac0b2558	Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema	2011-04-28 23:59:00 +00:00
Bernardo Damele	441c288dd9	cosmeticados	2011-04-25 00:36:09 +00:00
Bernardo Damele	98f9f3e774	Minor bug fix in local shellcodeexec for Windows path	2011-04-25 00:03:12 +00:00
Bernardo Damele	e35f25b2cb	Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that: * It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime. * shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product. * shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX). * UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software. shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec. Minor code refactoring.	2011-04-24 23:01:21 +00:00
Bernardo Damele	d0dff82ce0	Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch	2011-04-23 16:25:09 +00:00
Miroslav Stampar	75142b383d	huge speed up (4x times faster)	2011-04-22 21:00:42 +00:00
Miroslav Stampar	f88aa4b165	implemented suppressResumeInfo mechanism (huge slowdown on large tables)	2011-04-22 19:58:10 +00:00
Miroslav Stampar	493b9adf8e	speed up of resume values (compiled regexes used)	2011-04-22 19:27:41 +00:00
Miroslav Stampar	7b3b9e6a87	it seems that this was indeed not meant to be here	2011-04-22 15:07:09 +00:00
Miroslav Stampar	304500a2e8	implemented checkFalsePositives method (simple Turing like tests)	2011-04-22 12:24:16 +00:00
Bernardo Damele	f3088079c0	error message adjustment	2011-04-21 22:31:02 +00:00
Bernardo Damele	eabb5a2ba7	More adjustments to the error message when no sql injections are detected	2011-04-21 22:04:20 +00:00
Bernardo Damele	6d07dddf60	updated doc and minor layout adjustments	2011-04-21 21:53:35 +00:00
Bernardo Damele	06a00fe85e	For development version, print also the revision number in the banner	2011-04-21 21:34:57 +00:00
Bernardo Damele	770b1523ff	More verbose output when no SQL injections are detected	2011-04-21 21:31:16 +00:00
Bernardo Damele	edc2d75702	Cosmetics and major bug fix	2011-04-21 21:15:23 +00:00
Bernardo Damele	d2f102f5a1	cosmetics	2011-04-21 20:21:37 +00:00
Bernardo Damele	b667c50588	store/resume info on xp_cmd available in session file	2011-04-21 14:25:04 +00:00
Miroslav Stampar	930872cf3b	fix	2011-04-21 14:20:09 +00:00
Bernardo Damele	a313df4d37	Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file	2011-04-21 14:05:37 +00:00
Bernardo Damele	fbe5ba5394	cosmetics	2011-04-21 10:54:12 +00:00
Miroslav Stampar	e1a8d268d8	fix for UPX linux/macos	2011-04-21 10:52:34 +00:00
Bernardo Damele	8d8fc2bbd8	cosmetics	2011-04-21 10:17:41 +00:00
Bernardo Damele	11ecd16099	cosmetics	2011-04-21 10:08:38 +00:00
Miroslav Stampar	9ccf720c05	removing funny remark	2011-04-21 10:06:13 +00:00
Bernardo Damele	a91e6a8440	layout	2011-04-21 10:03:18 +00:00
Miroslav Stampar	cbfe743bad	added a comment	2011-04-21 10:01:58 +00:00
Miroslav Stampar	c84c4d835f	minor update	2011-04-21 09:31:35 +00:00
Miroslav Stampar	e4d3190f41	reverting back to NVARCHAR because of error technique	2011-04-20 12:59:23 +00:00
Miroslav Stampar	3607f03a9e	fix of a minor typo	2011-04-20 12:42:35 +00:00
Miroslav Stampar	1286cc0913	now showing trimmed output in for of warning message (UNION and ERROR techniques affected)	2011-04-20 12:41:58 +00:00
Miroslav Stampar	7993f3f12d	way better for storing bulk of data (like BLOB on mysql)	2011-04-20 11:44:52 +00:00
Miroslav Stampar	04653684cd	revert	2011-04-20 10:34:34 +00:00
Miroslav Stampar	4fadcf0615	improvement for UNION/ERROR case	2011-04-20 10:17:42 +00:00
Miroslav Stampar	1c1c20fb64	minor update	2011-04-20 09:34:00 +00:00
Miroslav Stampar	4b6c524d4c	one more minor update regarding last commit	2011-04-20 09:26:03 +00:00
Miroslav Stampar	44926757da	minor update	2011-04-20 09:23:08 +00:00
Miroslav Stampar	52c98afe93	minor fix	2011-04-20 08:38:46 +00:00
Miroslav Stampar	24435a2c20	implemented "break a tie" request by Andres Riancho	2011-04-20 08:35:47 +00:00
Miroslav Stampar	df0331fe9b	some more refactoring	2011-04-19 23:04:10 +00:00
Miroslav Stampar	3b133303bf	refactoring	2011-04-19 22:54:13 +00:00
Miroslav Stampar	de2479b864	dealing with http://bugs.python.org/issue1602	2011-04-19 22:33:03 +00:00
Miroslav Stampar	9a9838f1e6	cleaning a mess with UPX and virus scanners	2011-04-19 21:57:04 +00:00
Miroslav Stampar	44bbef42f8	minor cosmetics	2011-04-19 20:23:08 +00:00
Miroslav Stampar	b7efa255d6	minor update of usage string	2011-04-19 20:14:56 +00:00
Miroslav Stampar	fc90974940	revert of last commit because of the situation in detection phase where payload is made at the starting point (can't change conf.timeSec in that phase)	2011-04-19 14:50:09 +00:00
Miroslav Stampar	7abbd0c029	removing a leftover	2011-04-19 14:29:51 +00:00
Miroslav Stampar	96b5fede5a	automatic increasing of time delay on lagging connections	2011-04-19 14:28:51 +00:00
Miroslav Stampar	13f8c001a7	minor update	2011-04-19 11:13:53 +00:00
Miroslav Stampar	7a06af9a92	added "lagging" critical message	2011-04-19 10:37:20 +00:00
Miroslav Stampar	9b0db33cc5	initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model	2011-04-19 08:55:38 +00:00
Miroslav Stampar	a7c26366b4	doing that auto default value for --time-sec only for --tor	2011-04-19 08:43:29 +00:00
Miroslav Stampar	4d48ac54dc	automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set)	2011-04-19 08:34:21 +00:00
Miroslav Stampar	b79d4f70f3	cleaner solution for the problem solved with last commit	2011-04-18 14:51:48 +00:00
Miroslav Stampar	f5cff067c6	little hack for --time-sec	2011-04-18 14:46:18 +00:00
Miroslav Stampar	6463cad8c5	minor update for SOAP payloads	2011-04-18 14:29:52 +00:00
Miroslav Stampar	da9ec67869	removing leftover	2011-04-18 13:43:22 +00:00
Miroslav Stampar	354a2ce249	'chardet' heuristic engine added to the project	2011-04-18 13:38:46 +00:00
Miroslav Stampar	b5aef9bcf9	fix for a bug reported by nightman (TypeError: unsupported operand type(s) for +: 'NoneType' and 'str')	2011-04-18 10:16:38 +00:00
Miroslav Stampar	6fab44d635	minor refactoring and improving of used regex	2011-04-17 22:37:00 +00:00
Miroslav Stampar	76d1f09b0a	minor cosmetics	2011-04-17 22:25:25 +00:00
Miroslav Stampar	9aae447553	minor update for matching SOAP messages	2011-04-17 22:21:32 +00:00
Miroslav Stampar	4fa00121e4	that CONSTANT_RATIO was a pure black magic for dynamic pages. now we have better injection detection workflow than before (False, True, False) and it was just a matter of time for removing this one	2011-04-17 21:58:34 +00:00
Miroslav Stampar	a7366bf710	SOAP refactoring	2011-04-17 21:39:00 +00:00
Miroslav Stampar	c7ff5dcbeb	minor update	2011-04-17 08:48:13 +00:00
Miroslav Stampar	ee88ccf0ac	well, this could be important :)	2011-04-17 08:33:46 +00:00
Miroslav Stampar	29ee760021	improving time based data retrieval mechanism	2011-04-17 07:24:18 +00:00
Miroslav Stampar	5e70eac98c	fix for a "popular" typo 'iso-5889-1' reported by David Guimaraes	2011-04-16 06:44:29 +00:00
Miroslav Stampar	88c76147e1	removed few trailing whitespace lines	2011-04-15 20:52:08 +00:00
Miroslav Stampar	3b6f9945ae	minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...)	2011-04-15 14:15:29 +00:00
Miroslav Stampar	c461fdca54	some refactoring	2011-04-15 13:51:06 +00:00
Miroslav Stampar	0387654166	update of copyright string (until year)	2011-04-15 12:33:18 +00:00
Miroslav Stampar	4d8a49a87c	more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation	2011-04-15 11:53:20 +00:00
Miroslav Stampar	467d1a50b3	removed debug message that could cause confusion	2011-04-15 11:28:01 +00:00
Miroslav Stampar	8c6f7c7d5f	explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay	2011-04-15 08:52:53 +00:00
Miroslav Stampar	3efd9e3959	improved htmlunescape (great for localized html escape codes)	2011-04-14 21:36:13 +00:00
Miroslav Stampar	ded28442fb	minor fixes and refactoring regarding safecharencoding	2011-04-14 15:54:00 +00:00
Miroslav Stampar	866cdb4cf7	speed of --replicate is now vastly improved	2011-04-14 14:34:12 +00:00
Miroslav Stampar	eafab03d99	safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)	2011-04-14 13:53:56 +00:00
Miroslav Stampar	30bfefd638	minor fix	2011-04-14 12:58:03 +00:00
Bernardo Damele	5cf38cd0d7	More cookies to ignore	2011-04-14 12:46:14 +00:00
Miroslav Stampar	8426d48e2e	minor refactoring	2011-04-14 10:14:46 +00:00
Miroslav Stampar	930262f573	minor update related to the last commit	2011-04-14 10:12:07 +00:00
Miroslav Stampar	1c5427baf8	minor fix	2011-04-14 09:54:29 +00:00
Miroslav Stampar	bb99bd2fbe	one more commit related to the issue with displaying of garbled characters	2011-04-14 09:43:36 +00:00
Miroslav Stampar	04986be4b9	update regarding safe character output together with a small fix for newlines	2011-04-14 09:31:45 +00:00
Miroslav Stampar	5dfb55effc	revert of the last commit because of this http://osvdb.org/show/osvdb/26582	2011-04-14 06:46:32 +00:00
Miroslav Stampar	786f305e1a	minor update	2011-04-14 06:43:08 +00:00
Miroslav Stampar	21114d1748	added IGNORE_PARAMETERS to skip testing of state/session web server parameters	2011-04-13 19:01:02 +00:00
Miroslav Stampar	58a93c5b1f	better beep for MacOSX	2011-04-13 18:32:47 +00:00
Miroslav Stampar	bf55b0b77a	more restrictions on crypt(3) hash recognition to prevent false positives	2011-04-13 14:40:23 +00:00
Miroslav Stampar	d06ae9cd47	implemented retrieved items info for partial union too	2011-04-13 14:33:15 +00:00
Miroslav Stampar	f5f2201bbc	minor cosmetics for partial inband retrieval	2011-04-13 11:25:42 +00:00
Miroslav Stampar	c193b896be	just in case update to prevent gibberish "retrieved: " outputs	2011-04-12 23:07:50 +00:00
Miroslav Stampar	5346ecbb56	fix for a "accept certificate first time for svn"	2011-04-12 14:25:17 +00:00
Miroslav Stampar	a883ce26b5	fix for a bug reported by ToR (AttributeError: 'NoneType' object has no attribute 'redcode')	2011-04-12 13:25:28 +00:00
Miroslav Stampar	0ae74f27e4	avoiding annoying "payload 'None' possibly..." in case where payload is not specified	2011-04-11 15:24:52 +00:00
Miroslav Stampar	941daa1645	just in case to prevent "object of type 'NoneType' has no len()" error reports	2011-04-11 11:59:02 +00:00
Miroslav Stampar	2db2e9b6a2	now GET forms are also prone to "do you want to fill with random values"	2011-04-11 11:38:41 +00:00
Miroslav Stampar	08d14886fd	added new dev version string	2011-04-11 09:44:44 +00:00
Bernardo Damele	07d6b18c4e	cutting for 0.9 stable	2011-04-11 00:24:51 +00:00
Miroslav Stampar	8597409d9e	lowering the value	2011-04-10 22:57:17 +00:00
Bernardo Damele	14219a3dac	Minor bug fix	2011-04-10 22:44:08 +00:00
Miroslav Stampar	6012ab1c46	better one for previous commit	2011-04-10 21:52:08 +00:00
Miroslav Stampar	e6c50df4f9	preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case)	2011-04-10 21:38:08 +00:00
Miroslav Stampar	940c225d7c	few fixes	2011-04-10 20:53:27 +00:00
Bernardo Damele	d324704844	Removed unused code	2011-04-10 20:39:15 +00:00
Miroslav Stampar	decab6642d	fix for that @chunk bug	2011-04-10 16:46:33 +00:00
Miroslav Stampar	723a7447b2	minor refactoring	2011-04-10 07:16:19 +00:00
Miroslav Stampar	c714ac6421	added support for handling binary data values (no more garbish chars)	2011-04-09 23:13:16 +00:00
Miroslav Stampar	4ad73f9263	added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics	2011-04-09 22:39:03 +00:00
Miroslav Stampar	277f16d6b3	removing commented out debug print	2011-04-08 22:44:05 +00:00
Miroslav Stampar	c4c40308c6	no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one)	2011-04-08 22:42:07 +00:00
Miroslav Stampar	83feb097ef	greater flexibility for --batch when default is None	2011-04-08 22:29:50 +00:00
Miroslav Stampar	6fa2fd139c	implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)	2011-04-08 15:17:57 +00:00
Bernardo Damele	beb98140b3	Minor improvement to --check-payload	2011-04-08 14:34:00 +00:00
Miroslav Stampar	228cc68747	fix for those ugly DEBUG messages in brute mode	2011-04-08 11:02:21 +00:00
Bernardo Damele	5b21352656	cosmeticados ;)	2011-04-08 10:39:07 +00:00
Miroslav Stampar	be11e2535e	one more minor update	2011-04-08 00:05:44 +00:00
Miroslav Stampar	3435d549a9	minor update regarding the last commit	2011-04-07 23:35:51 +00:00
Miroslav Stampar	726155383d	higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0])	2011-04-07 23:32:07 +00:00
Miroslav Stampar	b288e5ef57	implemented DNS caching mechanism	2011-04-07 21:39:18 +00:00
Miroslav Stampar	ae4ea0af45	fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace')	2011-04-07 13:57:07 +00:00
Miroslav Stampar	6a8a5db9aa	minor code restyling	2011-04-07 13:27:29 +00:00
Miroslav Stampar	e33a48d40f	minor refactoring	2011-04-07 12:54:30 +00:00
Bernardo Damele	c6b9d89d31	Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly	2011-04-07 11:10:35 +00:00
Bernardo Damele	9e8c933333	cosmetics	2011-04-07 10:40:58 +00:00
Miroslav Stampar	68828d68a5	removed integers from --technique	2011-04-07 10:37:48 +00:00
Miroslav Stampar	fced81b6be	minor update	2011-04-07 10:32:39 +00:00
Miroslav Stampar	845533e92f	minor refactoring	2011-04-07 10:27:22 +00:00
Bernardo Damele	1880f18367	Minor layout adjustments	2011-04-07 10:07:52 +00:00
Bernardo Damele	17844eb87c	Refactoring to --technique	2011-04-07 10:00:47 +00:00
Bernardo Damele	05d12790f1	closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)	2011-04-06 14:41:44 +00:00
Bernardo Damele	8b14a9eaa7	Minor code adjustments	2011-04-06 14:40:45 +00:00
Miroslav Stampar	a379463213	cosmeticado	2011-04-06 08:40:06 +00:00
Miroslav Stampar	b327bbcd9b	minor fix (it was quite ... to have this check at the later stage)	2011-04-06 08:39:24 +00:00
Miroslav Stampar	fdef6726cf	minor update	2011-04-06 08:30:50 +00:00
Bernardo Damele	d436ba2da5	Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value	2011-04-06 08:19:56 +00:00
Bernardo Damele	81034140c0	Reduced number of threads to 3 when -o is provided	2011-04-06 08:15:20 +00:00
Miroslav Stampar	265fa52600	minor code cosmetics	2011-04-04 18:24:16 +00:00
Miroslav Stampar	018b6b9430	fix for a charset encoding reported by Kirill	2011-04-04 18:20:09 +00:00
Miroslav Stampar	2c01fc56e6	minor update regarding misusage of --proxy and --ignore-proxy switches	2011-04-04 09:19:43 +00:00
Miroslav Stampar	e957c4400c	minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding)	2011-04-04 08:04:47 +00:00
Miroslav Stampar	305115a68b	important improvement of data handling (POST data and header values)	2011-04-03 15:02:52 +00:00
Miroslav Stampar	bbd4c128b0	minor update related to the last commit	2011-04-01 22:19:42 +00:00
Miroslav Stampar	cd7e4f5afc	improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form)	2011-04-01 22:12:24 +00:00
Bernardo Damele	c3b54cc222	Cosmetics	2011-04-01 16:40:28 +00:00
Miroslav Stampar	e27afef6be	minor update regarding --current-db on Oracle	2011-04-01 15:56:11 +00:00
Bernardo Damele	eb99f68a7a	Minor improvement to --wizard. This does not mean I like the kiddie feature though ;)	2011-04-01 14:55:39 +00:00
Miroslav Stampar	de4e0c7346	minor update related to the problem with request files reported by jorge_a_santos@hotmail.com	2011-04-01 12:09:11 +00:00
Miroslav Stampar	ee15988878	another minor update related to previous commit	2011-03-31 17:34:07 +00:00
Miroslav Stampar	156d24203f	speed optimization	2011-03-31 17:16:26 +00:00
Miroslav Stampar	220366b6e8	minor update (ip addresses will not be confused any more for crypt_generic hashes)	2011-03-31 16:56:26 +00:00
Miroslav Stampar	557ed7d665	minor fix for a invalid charset reported by Kirill	2011-03-31 14:39:01 +00:00
Bernardo Damele	fed57282fc	Added one more warning message to show what's going on with ctrl+c	2011-03-31 14:26:14 +00:00
Bernardo Damele	3948cd9e77	Minor layout adjustments	2011-03-31 14:13:53 +00:00
Miroslav Stampar	c5de903eab	minor improvement ("quick defense against substr fields")	2011-03-31 09:35:09 +00:00
Miroslav Stampar	ce51326bff	quick fix	2011-03-31 08:43:17 +00:00
Miroslav Stampar	0916117447	improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names	2011-03-30 18:32:10 +00:00
Miroslav Stampar	dd01d66f13	proper update regarding last commit	2011-03-29 22:10:08 +00:00
Miroslav Stampar	850328df6c	minor cosmetics	2011-03-29 22:03:48 +00:00
Miroslav Stampar	b6af80bab3	refactoring, cleanup and improvement	2011-03-29 21:54:15 +00:00
Miroslav Stampar	adfbfef8c1	minor refactoring	2011-03-29 21:01:47 +00:00
Miroslav Stampar	12f3024c8a	removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)	2011-03-29 20:45:21 +00:00
Miroslav Stampar	9f707febf5	minor update	2011-03-29 15:43:17 +00:00
Miroslav Stampar	d0861a00e2	minor improvement	2011-03-29 15:37:57 +00:00
Miroslav Stampar	d28ca5809b	adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)	2011-03-29 14:16:28 +00:00
Miroslav Stampar	7cf4ba83dc	minor refactoring and comment update	2011-03-29 12:08:07 +00:00
Miroslav Stampar	1821a008af	Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once	2011-03-29 12:00:29 +00:00
Miroslav Stampar	5560196648	minor fix	2011-03-29 11:50:12 +00:00
Miroslav Stampar	e20d460809	Bernardo will kill me (added --wizard for total beginners)	2011-03-29 11:42:55 +00:00
Miroslav Stampar	4d78eac938	revert of that thingy as requested by Bernardo	2011-03-29 10:06:35 +00:00
Miroslav Stampar	a9f5d828c6	minor fix avoiding problems with hashing strange characters in usernames	2011-03-29 07:50:07 +00:00
Miroslav Stampar	e8debbe724	minor cosmetics and one minor fix (\|= is a nono with None)	2011-03-29 06:38:19 +00:00
Miroslav Stampar	86f93713d3	fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update	2011-03-29 06:25:17 +00:00
Miroslav Stampar	a2d5358b08	minor fix	2011-03-28 23:40:46 +00:00
Miroslav Stampar	9e900ccbac	minor comment update	2011-03-28 23:12:04 +00:00
Miroslav Stampar	a61e287d23	making updates for dummy Windows users	2011-03-28 23:09:19 +00:00
Miroslav Stampar	bf0e3c4662	improvement for --forms with empty fields	2011-03-28 22:48:00 +00:00
Miroslav Stampar	1823c116bb	minor update for special cases of union testing results	2011-03-28 21:45:38 +00:00
Miroslav Stampar	ae53ad4c30	making an update for special case of timed out response	2011-03-28 21:05:04 +00:00
Miroslav Stampar	1e22ff45de	minor update regarding testing of GET parameters if --data and/or --forms is used	2011-03-28 16:14:08 +00:00
Miroslav Stampar	625f124263	little info message	2011-03-28 12:13:17 +00:00
Miroslav Stampar	47924fb92e	fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')	2011-03-27 13:41:54 +00:00
Miroslav Stampar	76b7e3517d	minor update	2011-03-27 07:58:15 +00:00
Miroslav Stampar	dba32306b0	minor update	2011-03-26 22:03:46 +00:00
Miroslav Stampar	d8f7c4bc4c	minor update regarding support for crypt(3)	2011-03-26 21:41:37 +00:00
Miroslav Stampar	4f00b9fa4b	minor fix	2011-03-26 21:10:31 +00:00
Miroslav Stampar	afe2be6a9f	implementation of Standard DES hashing (crypt)	2011-03-26 20:46:25 +00:00
Miroslav Stampar	1119a85f39	it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)	2011-03-25 21:31:26 +00:00
Miroslav Stampar	6c6133e8aa	revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)	2011-03-25 20:46:37 +00:00
Miroslav Stampar	737b4abf13	this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)	2011-03-25 20:30:15 +00:00
Miroslav Stampar	422967fbcd	just an minor update related to the last commit	2011-03-25 12:21:53 +00:00
Miroslav Stampar	c5b6d377fb	fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)	2011-03-25 12:14:19 +00:00
Miroslav Stampar	af5342c495	fix for partial inband queries on MSSQL	2011-03-25 11:19:15 +00:00
Miroslav Stampar	e80c9e08d8	minor update regarding --live-test	2011-03-25 09:03:08 +00:00
Miroslav Stampar	ea52d7acad	minor revisit of inference	2011-03-24 20:10:40 +00:00
Miroslav Stampar	1f1c4c0e61	better update related to the last commit	2011-03-24 20:04:20 +00:00
Miroslav Stampar	c0cc5d1dad	minor update	2011-03-24 17:18:03 +00:00
Miroslav Stampar	f3858a5fcf	another fix related to the bug reported by Alone Shell	2011-03-24 17:08:14 +00:00
Miroslav Stampar	e42cdfd138	adding possibility to run only one live test (e.g. --run-case=8)	2011-03-24 12:07:47 +00:00
Miroslav Stampar	2b15ad57c2	basic live tests against 3 major DBMSes	2011-03-24 11:47:01 +00:00
Miroslav Stampar	ecbbfeba6e	introduction of --fresh-queries	2011-03-24 10:08:47 +00:00
Miroslav Stampar	762397854e	fix for a bug reported by Kirill (unknown charset '8859-1')	2011-03-24 09:27:19 +00:00
Miroslav Stampar	d79fae724c	minor refactoring	2011-03-24 09:16:21 +00:00
Miroslav Stampar	0bb08d09d2	fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file	2011-03-24 08:43:40 +00:00
Miroslav Stampar	bd75fd26e9	implementing a --page-rank switch as requested by l0rda@l0rda.biz	2011-03-23 11:57:57 +00:00
Miroslav Stampar	0f7bce5c66	fixing a huge mess going on because of counting on error and union techniques	2011-03-23 11:36:40 +00:00
Miroslav Stampar	5a1aaecf16	minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME\|\|chr(58)\|\|OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION')	2011-03-22 13:07:37 +00:00
Miroslav Stampar	7613134515	it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)	2011-03-22 12:37:05 +00:00
Miroslav Stampar	9479a68eb5	minor fix regarding last commit	2011-03-22 12:21:56 +00:00
Miroslav Stampar	c24ed6e622	minor fix related to a bug reported by warninggp@gmail.com	2011-03-22 09:22:48 +00:00
Miroslav Stampar	cbfb10cbd1	fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...)	2011-03-21 16:43:46 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	1abcd507b8	hidding --group-concat switch	2011-03-21 12:13:21 +00:00
Bernardo Damele	19e2ed9803	Layout fix	2011-03-21 00:40:25 +00:00
Miroslav Stampar	3ca5cddca7	massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)	2011-03-20 23:54:56 +00:00
Miroslav Stampar	9b1f2d82d0	minor update (that .strip() was a leftover)	2011-03-20 23:20:47 +00:00
Miroslav Stampar	db992a0a86	mssql likes to htmlescape error reports	2011-03-20 23:16:34 +00:00
Miroslav Stampar	088c815567	minor update (exposing --tor switch)	2011-03-19 18:28:51 +00:00
Miroslav Stampar	2cc91b8470	minor fix	2011-03-19 17:44:34 +00:00
Miroslav Stampar	7c2b3afafb	minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)	2011-03-19 17:37:26 +00:00
Miroslav Stampar	139448eeb9	little stabilization regarding POST url(de/en)coding	2011-03-19 16:53:14 +00:00
Miroslav Stampar	0fcd999e51	fix for a bug reported by malice	2011-03-18 16:52:46 +00:00
Miroslav Stampar	58e9a074d3	masking some more command line arguments	2011-03-18 16:47:18 +00:00
Miroslav Stampar	36233fac42	update regarding a feature request from andyroyalbattle@yahoo.it	2011-03-18 16:35:30 +00:00
Miroslav Stampar	00b9d85ffc	fix regarding bug report from andyroyalbattle@yahoo.it	2011-03-18 16:26:39 +00:00
Miroslav Stampar	4e300baaf2	minor cosmetics	2011-03-18 14:09:18 +00:00
Miroslav Stampar	3628887110	los cosmeticados	2011-03-18 14:08:36 +00:00
Miroslav Stampar	75c0e09f43	little refactoring	2011-03-18 13:46:51 +00:00
Miroslav Stampar	c301b245a9	adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)	2011-03-18 13:39:51 +00:00
Miroslav Stampar	b53c9a2599	minor fix and some refactoring	2011-03-18 00:24:02 +00:00
Bernardo Damele	9526f0c4c2	Minor layout adjustments	2011-03-17 12:35:40 +00:00
Bernardo Damele	03fac62592	Minor code restyle	2011-03-17 12:34:29 +00:00
Miroslav Stampar	cbdd9e921e	minor cosmetics	2011-03-17 12:23:56 +00:00
Miroslav Stampar	6607a240cf	added logging to redirecthandler	2011-03-17 12:21:27 +00:00
Miroslav Stampar	9a513198dd	minor fix regarding last couple of commits	2011-03-17 11:25:37 +00:00
Miroslav Stampar	970cde5a8a	minor update regarding last commit	2011-03-17 09:23:46 +00:00
Miroslav Stampar	beba69faa9	implementation of request from Santiago (look for error based responses in redirects)	2011-03-17 09:12:28 +00:00
Miroslav Stampar	847ce863e3	refactoring	2011-03-17 08:54:20 +00:00
Miroslav Stampar	fbd0cfda29	minor update toward the implementation of request from Santiago	2011-03-17 06:39:05 +00:00
Bernardo Damele	f00aff5303	-v 0 shows both error, critical and raw_input messages	2011-03-11 22:02:38 +00:00
Bernardo Damele	d7d47b6257	Minor bug fix (revert)	2011-03-11 21:56:45 +00:00
Miroslav Stampar	e64f225e65	minor refactoring	2011-03-11 20:16:34 +00:00
Miroslav Stampar	2fd3f0d7b2	minor update (added comment)	2011-03-11 20:07:52 +00:00
Miroslav Stampar	6cc745f789	removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)	2011-03-11 20:04:15 +00:00
Miroslav Stampar	5eae525010	this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)	2011-03-11 19:57:44 +00:00
Bernardo Damele	d8a76ebe34	Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs	2011-03-11 16:03:19 +00:00
Bernardo Damele	3cb0ca4b63	Minor bug fix for --privileges on PgSQL with error-based SQL inj technique	2011-03-11 15:24:25 +00:00
Bernardo Damele	5af7410cb1	Another bug fix for --privileges on PgSQL with UNION query technique	2011-03-11 15:13:09 +00:00
Bernardo Damele	74ef1e53c7	Minor bug fixes to --privileges for PostgreSQL query (corner case)	2011-03-11 14:54:41 +00:00
Miroslav Stampar	1879a49506	fix for a bug reported by andreoaz@gmail.com	2011-03-10 20:40:12 +00:00
Miroslav Stampar	eb1cda7065	minor refactoring (more consistent)	2011-03-09 12:06:32 +00:00
Miroslav Stampar	62e3510387	minor refactoring	2011-03-09 11:37:37 +00:00
Miroslav Stampar	5c97f9a496	improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)	2011-03-09 09:36:56 +00:00
Miroslav Stampar	9b2962ff1c	now when we don't urlencode whole URI using : and \ as safe chars is not a good idea	2011-03-09 08:56:29 +00:00
Miroslav Stampar	30619c599b	minor update regarding encoding (adding few safe chars for e.g. CHR(50)\|...)	2011-03-08 11:53:59 +00:00
Miroslav Stampar	99adbbeaa3	los cosmeticados	2011-03-07 22:04:17 +00:00
Miroslav Stampar	cc0306044c	adding SVN revision number support for non SVN client platforms	2011-03-07 21:54:30 +00:00
Miroslav Stampar	154d947c62	minor update	2011-03-07 10:15:41 +00:00
Miroslav Stampar	16b286982d	fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')	2011-03-07 09:50:43 +00:00
Miroslav Stampar	8edc3b3302	further update regarding last commit	2011-03-03 10:39:04 +00:00
Miroslav Stampar	bc50387a17	possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)	2011-03-03 09:42:50 +00:00
Miroslav Stampar	3a1f5744be	minor update to make counting variable totally independent of the urllib2's self.retried	2011-03-02 10:42:17 +00:00
Miroslav Stampar	a010386a23	finally a proper fix for that annoying recursive bug	2011-03-02 10:29:38 +00:00
Miroslav Stampar	f27f05308a	minor update for masking sensitive data in error report (added aCred too)	2011-03-02 10:09:17 +00:00
Miroslav Stampar	ad2e4002ea	minor improvement	2011-03-01 10:38:27 +00:00
Miroslav Stampar	0f3cc153a3	fix for --technique	2011-03-01 09:54:06 +00:00
Miroslav Stampar	9856cb71de	redo of the last commit with comments added	2011-02-28 18:58:05 +00:00
Miroslav Stampar	ade31b2cb0	removal of obsolete item	2011-02-28 18:49:25 +00:00
Miroslav Stampar	2bf212ffa9	minor minor update	2011-02-27 20:43:38 +00:00
Miroslav Stampar	7036190e8e	minor improvement of regular expression	2011-02-27 17:58:01 +00:00
Miroslav Stampar	21041f8b90	further reflective value handling improvement	2011-02-27 17:43:41 +00:00
Bernardo Damele	6e8ebd35f4	Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable	2011-02-27 12:17:41 +00:00
Bernardo Damele	60605b6e7c	Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)	2011-02-27 12:14:13 +00:00
Miroslav Stampar	88faedc0fe	fix for a bug reported by -insane-	2011-02-26 17:48:19 +00:00
Miroslav Stampar	11996ce12e	bug fix for international encoded letters	2011-02-25 22:43:01 +00:00
Miroslav Stampar	63b8156c00	some update (if header key is non-unicode comformant)	2011-02-25 09:43:04 +00:00
Miroslav Stampar	2bbbc9a41e	few updates	2011-02-25 09:35:24 +00:00
Miroslav Stampar	aa88361ab1	incorporation of method for neutralization of reflective values	2011-02-25 09:22:44 +00:00
Miroslav Stampar	708ddf5608	added protection mechanism against reflected values	2011-02-24 16:52:46 +00:00
Miroslav Stampar	38dc82e13e	If no Accept header field is present, then it is assumed that the client accepts all media types.	2011-02-22 22:26:22 +00:00
Miroslav Stampar	d05bd75068	adding experimental for --group-concat	2011-02-22 14:35:38 +00:00
Miroslav Stampar	12ede1e5de	minor JIC (just-in-case) update	2011-02-22 13:18:47 +00:00
Miroslav Stampar	3f8eadf4fe	minor refactoring	2011-02-22 13:00:58 +00:00
Miroslav Stampar	dcad5410fe	minor refactoring	2011-02-22 12:54:22 +00:00
Miroslav Stampar	17c39fe231	fix for that non-HTML stuff	2011-02-22 11:32:55 +00:00
Bernardo Damele	3e8c204121	Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba	2011-02-21 16:00:56 +00:00
Miroslav Stampar	90582ed7dc	minor change	2011-02-21 11:35:21 +00:00
Miroslav Stampar	aac817935a	further improvement of MaxDB support	2011-02-20 22:41:42 +00:00
Miroslav Stampar	70449eb01b	minor bug fix	2011-02-20 21:35:28 +00:00
Miroslav Stampar	345df5968d	minor update	2011-02-20 21:27:38 +00:00
Miroslav Stampar	0c57f2af0f	minor fix	2011-02-20 12:20:44 +00:00
Bernardo Damele	023a80c31c	Section explanation change to reflect recent enhancements	2011-02-19 21:06:24 +00:00
Bernardo Damele	60b05ff49f	Reflect new switch name	2011-02-19 21:05:15 +00:00
Bernardo Damele	8e60acae5d	Added support for --scope also in WebScarab logs (-l)	2011-02-19 21:03:55 +00:00
Miroslav Stampar	b71bb321dd	some more Sybase updates	2011-02-19 18:04:27 +00:00
Miroslav Stampar	cec7694aac	some progress regarding SYBASE	2011-02-19 14:56:58 +00:00
Miroslav Stampar	e0efe453ab	minor update regarding Sybase support	2011-02-19 14:07:08 +00:00
Miroslav Stampar	df58bcaf95	minor improvement	2011-02-18 14:27:02 +00:00
Miroslav Stampar	3badf92ceb	not doing "basic" filtering in default cases because of a bug reported by Kazim	2011-02-18 07:38:13 +00:00
Miroslav Stampar	6cdf08b81c	minor fix	2011-02-17 21:51:40 +00:00
Miroslav Stampar	22cd49a217	--technique can now be something like 123 which includes both techniques 1, 2 and 3	2011-02-17 21:39:16 +00:00
Miroslav Stampar	7ebc1ab90a	minor cosmetics	2011-02-17 08:59:14 +00:00
Miroslav Stampar	199f14df46	implementation of MySQL GROUP_CONCAT technique	2011-02-15 00:28:27 +00:00
Bernardo Damele	2ea828e416	Proper fix for r3307 (file-write on MySQL via UNION query tech)	2011-02-13 22:48:01 +00:00
Miroslav Stampar	417b311475	minor update	2011-02-13 22:02:47 +00:00
Miroslav Stampar	50d25c3b4d	update regarding explicit testing of ua and referer when using -p	2011-02-13 21:58:48 +00:00
Bernardo Damele	429ab631fe	Minor refactoring	2011-02-13 21:25:01 +00:00
Miroslav Stampar	5fb11fd173	update regarding multiple DBMS payloads	2011-02-13 21:20:21 +00:00
Bernardo Damele	45a005737d	Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2	2011-02-13 21:08:42 +00:00
Miroslav Stampar	83d7803ce7	other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)	2011-02-12 20:03:28 +00:00
Miroslav Stampar	9f7d666451	removing --method per request of buawig	2011-02-12 19:50:27 +00:00
Miroslav Stampar	1cd483f42f	one more update	2011-02-12 10:24:09 +00:00
Miroslav Stampar	25a3a64327	we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes.	2011-02-12 10:15:42 +00:00
Miroslav Stampar	521635c84d	quick fix for UA and Referer	2011-02-11 23:36:23 +00:00
Bernardo Damele	7253362114	Minor bug fix so that --file-write on MySQL via UNION query now works again	2011-02-11 23:35:45 +00:00
Miroslav Stampar	535eb9f3eb	implementation of referer feature	2011-02-11 23:07:03 +00:00
Miroslav Stampar	a6ab24e0b5	just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed	2011-02-10 22:47:43 +00:00
Miroslav Stampar	5f2fcd1eea	minor adjustment regarding "file" switches	2011-02-10 19:55:47 +00:00
Miroslav Stampar	4295a78c5f	minor update	2011-02-10 19:51:34 +00:00
Bernardo Damele	c078de894f	Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA	2011-02-10 14:24:04 +00:00
Bernardo Damele	864eade744	Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase	2011-02-10 11:14:05 +00:00
Bernardo Damele	aa0fb276ba	More fixes for --common-columns to work against MSSQL too	2011-02-09 17:22:07 +00:00
Miroslav Stampar	917b2b0d6b	one more commit related to the previous one	2011-02-09 17:07:02 +00:00
Miroslav Stampar	6c582343fe	.. fix	2011-02-09 17:05:06 +00:00
Miroslav Stampar	d9af01d73d	imporant fix for boolean expression which return [None]	2011-02-09 16:53:22 +00:00
Miroslav Stampar	7d9be18789	added one comment	2011-02-09 14:34:18 +00:00
Miroslav Stampar	bafc8a1b0f	another update	2011-02-09 13:29:52 +00:00
Miroslav Stampar	600f729139	fix for a bug reported by skysbsb@gmail.com (double ORDER BY)	2011-02-09 12:43:09 +00:00
Miroslav Stampar	5b57a69f3e	fix	2011-02-09 11:20:03 +00:00
Miroslav Stampar	3de6117253	revert of the r3247 (output always has to be appended to the outputs - no matter of it's value)	2011-02-09 09:53:59 +00:00
Miroslav Stampar	98ca1702ae	los cosmeticado	2011-02-08 16:30:32 +00:00
Miroslav Stampar	87e36796c6	just to not cause confusion	2011-02-08 16:29:42 +00:00
Miroslav Stampar	dcb9c93328	minor cleanup	2011-02-08 16:27:58 +00:00
Miroslav Stampar	37f7001143	first commit with mysql/error/substringing	2011-02-08 16:23:33 +00:00
Bernardo Damele	c3eb82e60b	Proper fix	2011-02-08 10:08:48 +00:00
Miroslav Stampar	dba2f74588	revert of r3274	2011-02-08 09:44:34 +00:00
Bernardo Damele	156d8cd99b	Directory restyling	2011-02-08 00:15:02 +00:00
Bernardo Damele	cfe2da0195	Minor fix	2011-02-08 00:13:39 +00:00
Bernardo Damele	0a81415f2f	Minor code cleanup	2011-02-08 00:02:54 +00:00
Miroslav Stampar	2c4f6d2e99	fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too	2011-02-07 21:53:05 +00:00
Miroslav Stampar	a577d0e9a5	restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)	2011-02-07 21:18:01 +00:00
Miroslav Stampar	66adf23532	Unbiased approach for searching appropriate usable column	2011-02-07 21:00:59 +00:00
Miroslav Stampar	f958b21613	there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)	2011-02-07 16:55:02 +00:00
Miroslav Stampar	771020abd6	one more related commit	2011-02-07 16:32:08 +00:00
Miroslav Stampar	265e7ca272	fix for that MSSQL limit/top problem	2011-02-07 16:24:23 +00:00
Miroslav Stampar	71d1b72e0e	minor adjustment	2011-02-07 12:51:38 +00:00
Bernardo Damele	b33ac19d39	Minor fix	2011-02-07 12:36:00 +00:00
Miroslav Stampar	99e9412f74	minor update	2011-02-07 12:34:23 +00:00
Miroslav Stampar	e023e0d233	proper fix	2011-02-07 12:32:08 +00:00
Bernardo Damele	39decebe85	Minor fixes to checking/re-enabling of xp_cmdshell procedure	2011-02-07 12:17:19 +00:00
Miroslav Stampar	c0233dcd4f	preventing crashes for output=[]	2011-02-07 10:24:15 +00:00
Miroslav Stampar	096efea282	added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]	2011-02-07 10:22:43 +00:00
Bernardo Damele	ba3a8a69d4	More statements to exclude from unescap'ing	2011-02-07 00:33:54 +00:00
Bernardo Damele	3719f085ae	Added back-end dbms' OS based methods to Backend object - will be used for refactoring	2011-02-07 00:21:17 +00:00
Bernardo Damele	2e00656235	Minor fix	2011-02-07 00:20:23 +00:00
Bernardo Damele	bf5ca4bd9a	No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')	2011-02-06 23:30:43 +00:00
Bernardo Damele	061f56daf9	More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload.	2011-02-06 23:27:56 +00:00
Bernardo Damele	6a71629575	Converted from DOS format (\n\r to \n only)	2011-02-06 23:25:55 +00:00
Bernardo Damele	0800d9e49b	Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()	2011-02-06 22:58:12 +00:00
Bernardo Damele	9eac2339ca		2011-02-06 22:55:26 +00:00
Bernardo Damele	f3d6be7868	Code cleanup	2011-02-06 22:32:44 +00:00
Miroslav Stampar	078a2207cc	few reverts	2011-02-06 22:10:28 +00:00
Miroslav Stampar	b9b2fe0e7c	little cleanup	2011-02-06 21:52:39 +00:00
Miroslav Stampar	c4c2cf1d58	can't stay as it is right now. temporary disabling.	2011-02-06 21:17:41 +00:00
Miroslav Stampar	d2b96a66a2	one more update regarding last few "unescape" related commits	2011-02-06 20:23:23 +00:00
Bernardo Damele	6191a7f26f	Major fix for a silent bug	2011-02-06 15:53:43 +00:00
Bernardo Damele	c44978862e	Minor reordering of what gets saved into the injection object	2011-02-06 15:20:44 +00:00
Miroslav Stampar	412a97b7fe	fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType')	2011-02-05 14:17:28 +00:00
Miroslav Stampar	4df8a03c04	using OrderedDict to store parameters in order of appearance	2011-02-04 18:07:21 +00:00
Miroslav Stampar	acb986ae80	minor refactoring	2011-02-04 17:40:55 +00:00
Bernardo Damele	fec88f6a6d	Minor fix	2011-02-04 15:57:53 +00:00
Miroslav Stampar	09e88cfb19	fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())	2011-02-04 14:05:47 +00:00
Miroslav Stampar	f83f1a1e06	minor just in case update	2011-02-04 13:08:54 +00:00
Miroslav Stampar	c69b76776e	minor refactoring	2011-02-04 13:04:19 +00:00
Miroslav Stampar	accf4e6ce0	one important fix (URI injection parameter '*' now can go anywhere)	2011-02-04 12:43:18 +00:00
Miroslav Stampar	c19d481bb1	little clean up	2011-02-04 12:25:14 +00:00
Miroslav Stampar	c229efba05	revert	2011-02-04 11:33:21 +00:00
Miroslav Stampar	d211def899	minor adjustment (accepting strange new looking uri formats)	2011-02-04 10:55:03 +00:00
Miroslav Stampar	1af418d444	huge bug fix	2011-02-04 10:18:26 +00:00
Miroslav Stampar	e4933f0c92	refactoring	2011-02-03 23:25:56 +00:00
Miroslav Stampar	9a1a28c804	adding comments to filtering function	2011-02-03 23:09:08 +00:00
Miroslav Stampar	1aecbe6b08	minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection)	2011-02-03 22:59:26 +00:00
Miroslav Stampar	e5f54644f0	minor "statistical" update	2011-02-03 16:59:49 +00:00
Miroslav Stampar	3bd6e538f8	more appropriate	2011-02-03 16:48:27 +00:00
Miroslav Stampar	3a13fd87fd	new UNION column detection is going into wild	2011-02-03 16:16:38 +00:00
Miroslav Stampar	b56a77e573	removing obsolete switches (--threshold, --excl-reg, --excl-str)	2011-02-03 15:55:19 +00:00
Bernardo Damele	253a8d0679	Minor bug fix	2011-02-03 15:24:36 +00:00
Miroslav Stampar	0edb4ee314	minor fix	2011-02-03 13:28:10 +00:00
Miroslav Stampar	1b9850b73a	revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )	2011-02-03 12:21:29 +00:00
Miroslav Stampar	5edba2ffbc	minor change (conf.updateAll to conf.update)	2011-02-03 11:13:39 +00:00
Miroslav Stampar	402c1b622e	removing urlencode from UA	2011-02-02 15:18:06 +00:00
Miroslav Stampar	5f49e20cc8	adding --random-agent and removing -a	2011-02-02 14:51:12 +00:00
Miroslav Stampar	2dae57a56d	cosmetics	2011-02-02 14:35:21 +00:00
Miroslav Stampar	6c87bd1c63	added maskSensitiveData function	2011-02-02 14:25:16 +00:00
Bernardo Damele	5f0114a2a8	Minor bug fix	2011-02-02 14:06:40 +00:00
Miroslav Stampar	8134c2154a	adding WHERE enum for payloads	2011-02-02 13:34:09 +00:00
Miroslav Stampar	d6c9515f78	minor update	2011-02-02 13:03:24 +00:00
Miroslav Stampar	847b648e4a	minor update	2011-02-02 12:42:55 +00:00

... 14 15 16 17 18 ...

3034 Commits