sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
5,509 Commits 4 Branches 117 Tags 97 MiB
084cfc797a
Commit Graph

3846 Commits

Author SHA1 Message Date
Bernardo Damele
e48181e28d another attempt to fix the stall during regression test 2013-02-09 12:16:56 +00:00
Bernardo Damele
138a846cf1 possible fix for regression test stall 2013-02-09 10:50:06 +00:00
Bernardo Damele
1596b9ed59 revert 2013-02-08 16:43:49 +00:00
Bernardo Damele
98864e425f minor "fix" 2013-02-08 16:30:34 +00:00
Bernardo Damele
8b510c55fb minor code cleanup 2013-02-08 16:29:16 +00:00
Miroslav Stampar
5aaf7f1aa6 BUG fix 2013-02-08 16:44:30 +01:00
Miroslav Stampar
c0e59d94a9 Better naming 2013-02-08 16:28:58 +01:00
Miroslav Stampar
cdfe43560b Update for an Issue #207 (and a potential patch for regression tests) 2013-02-08 16:20:48 +01:00
Miroslav Stampar
ee1017a5a7 Minor fix 2013-02-08 13:46:39 +01:00
Bernardo Damele
d015bf98fc renamed variable to avoid confusion 2013-02-07 14:19:07 +00:00
Bernardo Damele
07fe6d44fb unnecessary condition here 2013-02-07 14:18:52 +00:00
Bernardo Damele
b477c56b52 first steps to allow multiple scans on the same taskid - issue #297 2013-02-07 00:05:26 +00:00
Bernardo Damele
dd6c73ea24 fixed --passwords output for API - #297 2013-02-06 21:45:51 +00:00
Bernardo Damele
21afba9571 got the partial output finally properly replaced by complete output in IPC database - #297 2013-02-06 21:32:26 +00:00
Bernardo Damele
5c8335876f minor bug fix to make --disable-coloring work on log messages too 2013-02-06 21:04:54 +00:00
Bernardo Damele
2fa2f30d21 slighlty better, still not optimal 2013-02-06 17:45:52 +00:00
Bernardo Damele
477c66ac4b minor refactoring and trivial bug fix 2013-02-06 17:45:25 +00:00
Bernardo Damele
e439c3d3f5 minor refactoring - #297 2013-02-06 17:09:43 +00:00
Bernardo Damele
b272b0574d minor fix to reset partRun value - #297 2013-02-06 17:09:28 +00:00
Miroslav Stampar
060eac110a Cleaner version checking 2013-02-06 10:28:17 +01:00
Miroslav Stampar
b1f31103f9 Removing that ugly disk I/O error in live testing mode 2013-02-05 17:04:42 +01:00
Miroslav Stampar
934808f53b Fix for an Issue #379 2013-02-05 16:13:45 +01:00
Bernardo Damele
e03010f48b got rid of unnecessary output for API - #297 2013-02-05 15:00:06 +00:00
Bernardo Damele
4428ad5345 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-05 14:43:14 +00:00
Bernardo Damele
f7d826fee1 first case where partial output is retrievable via RESTful API - issue #297 2013-02-05 14:43:03 +00:00
Miroslav Stampar
01219219fc Minor bug fix (for --first/--last through problematic DBMSes) 2013-02-05 15:03:55 +01:00
Miroslav Stampar
31daefc7c9 Minor fix (skipping one uneccesary request in single-threaded --first/--last mode) 2013-02-05 13:51:35 +01:00
Miroslav Stampar
62772125e3 Bug fix for HTTPSCertAuthHandler 2013-02-05 12:16:06 +01:00
Miroslav Stampar
e836629215 Bug fixes for search (safeStringFormat should not replace all if given scalar values) 2013-02-05 11:37:49 +01:00
Miroslav Stampar
1618086027 Minor fix 2013-02-05 10:58:02 +01:00
Miroslav Stampar
9296bdd959 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-05 10:27:43 +01:00
Miroslav Stampar
4faa5f0f49 Fix for stalling in retrieving international letters (--technique=B) 2013-02-05 10:27:31 +01:00
Bernardo Damele
9d04ae5db5 minor improvement to temporary folder name 2013-02-05 09:11:38 +00:00
Miroslav Stampar
44579120b5 Cosmetics 2013-02-05 10:02:11 +01:00
Miroslav Stampar
74e82b2b53 Removing redundant check 2013-02-04 20:42:28 +01:00
Miroslav Stampar
cf8e5d535d Minor cleanup 2013-02-04 20:15:44 +01:00
Miroslav Stampar
c5ae967fe0 Potential fix for an Issue #379 2013-02-04 17:43:58 +01:00
Miroslav Stampar
6cab3d4759 Minor update 2013-02-04 16:46:08 +01:00
Miroslav Stampar
4f2981f163 Minor fix 2013-02-04 16:37:54 +01:00
Miroslav Stampar
f4b8a3c1d8 Bug fix for boolean (multithreaded Ctrl+C) resumed values 2013-02-04 15:49:29 +01:00
Miroslav Stampar
5e4e863986 Bug fix (introduced with f1ab887c55) 2013-02-04 15:31:28 +01:00
Miroslav Stampar
235153ab39 Removal of unused imports 2013-02-04 15:29:13 +01:00
Miroslav Stampar
7e1ff1bb8e Same refactoring as the last commit 2013-02-04 15:26:44 +01:00
Bernardo Damele
9370f96a67 step by step getting there to partial output presentation to restful API (issue #297), not quite yet though.. 2013-02-03 22:09:33 +00:00
Bernardo Damele
b55555e4e5 minor bug fix 2013-02-03 21:39:26 +00:00
Bernardo Damele
dc2bbbeaa7 minor revert 2013-02-03 20:55:58 +00:00
Bernardo Damele
df3cc38cd9 minor improvements 2013-02-03 15:39:07 +00:00
Bernardo Damele
bd1ea13b8d Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-03 11:31:12 +00:00
Bernardo Damele
f8bc74758c improvement to restful API to store to IPC database partial entries, not yet functional (issue #297) 2013-02-03 11:31:05 +00:00
Miroslav Stampar
e7b93b5b66 Implementation for an Issue #363 2013-02-01 17:24:04 +01:00
Miroslav Stampar
993372aae4 Bug fix (causing search problems) 2013-02-01 11:24:17 +01:00
Miroslav Stampar
6d942f92b5 Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.)) 2013-02-01 10:03:06 +01:00
Miroslav Stampar
8d51b4b63a Minor bug fix 2013-01-31 16:24:44 +01:00
Miroslav Stampar
d6606a8f31 Patch to prevent problems like Issue #381 2013-01-31 13:58:39 +01:00
Miroslav Stampar
cfcf8a3abb Another update for an Issue #380 (--common-... switches) 2013-01-31 13:49:19 +01:00
Miroslav Stampar
f5844eabae Valuable data is potentially lost if page not parsed in dump mode (e.g. --technique=B and error occuring) <- partial revert of previous optimization commit 10bdd90e60 2013-01-31 13:32:14 +01:00
Miroslav Stampar
2420a4b626 Update for an Issue #342 and #372 2013-01-31 10:01:52 +01:00
Miroslav Stampar
9b4eaa9272 Minor fix 2013-01-30 18:21:15 +01:00
Miroslav Stampar
fdea8ddea6 Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 16:55:09 +01:00
Bernardo Damele
103045d284 variable renamed 2013-01-30 15:30:34 +00:00
Miroslav Stampar
f33bf06c88 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-30 11:38:20 +01:00
Bernardo Damele
6dfe91165d Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-30 10:34:51 +00:00
Bernardo Damele
8519717f25 minor fixes to --live-test 2013-01-30 10:32:56 +00:00
Miroslav Stampar
f391937083 Minor refactoring 2013-01-30 10:43:46 +01:00
Miroslav Stampar
d6fb0e8545 Update for an Issue #352 2013-01-30 10:38:11 +01:00
Miroslav Stampar
bd08ede117 Minor fine tuning 2013-01-29 21:06:02 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
95b922309c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 20:50:40 +01:00
Bernardo Damele
e8bd3c9c9f cosmetics 2013-01-29 17:00:28 +00:00
Bernardo Damele
8f36f92dd3 minor fix 2013-01-29 16:23:30 +00:00
Bernardo Damele
edd6699ed1 code refactoring and added /status method for scan (issue #297) 2013-01-29 16:11:25 +00:00
Bernardo Damele
c47b44e93f Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 15:38:16 +00:00
Bernardo Damele
1152cf8958 increased SQLite connection timeout to 3 seconds, the object will now wait for the lock to go away max 3 seconds, no longer 1 only. Relevant code refactoring and minor improvements all over the API library (issue #297) 2013-01-29 15:38:09 +00:00
Bernardo Damele
9677e0f910 more data content types for API (issue #297) 2013-01-29 15:36:19 +00:00
Bernardo Damele
92ae8145df ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297) 2013-01-29 15:35:51 +00:00
Bernardo Damele
a56f4ec15c techniques has to go too to the API (issue #297) 2013-01-29 15:34:53 +00:00
Bernardo Damele
bfce7210e6 improvements to the dump library to output to the API data fetched properly formatted (issue #297) 2013-01-29 15:34:20 +00:00
Bernardo Damele
eeecb3fe2c split init() into two separate functions for API purposes (issue #297) 2013-01-29 15:33:16 +00:00
Miroslav Stampar
a59ac8e27f Trivial cosmetics 2013-01-29 16:30:38 +01:00
Miroslav Stampar
f4b7b3fd35 Minor cosmetics 2013-01-29 16:04:20 +01:00
Miroslav Stampar
9eca41bae2 Minor fix 2013-01-29 15:55:50 +01:00
Miroslav Stampar
a104de01d7 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 15:35:01 +01:00
Miroslav Stampar
7e73825ece Minor cosmetics 2013-01-29 15:34:41 +01:00
Bernardo Damele
085495024f minor adjustment 2013-01-29 01:44:57 +00:00
Bernardo Damele
f1ab887c55 major enhancement, code refactoring for issue #297 2013-01-29 01:39:27 +00:00
Bernardo Damele
d07881b6c3 apply a little bit of secure coding practices to the API 2013-01-27 12:26:40 +00:00
Bernardo Damele
cd4075f6a3 no raise, just pass at ctrl-c 2013-01-26 15:33:09 +00:00
Bernardo Damele
a0b9e0f1c5 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-25 17:11:38 +00:00
Bernardo Damele
195d17449e first test of stdout/stderr redirect to a database when sqlmap is executed from restful API (#297) 2013-01-25 17:11:31 +00:00
Miroslav Stampar
c06f94e2c8 Fix for an Issue #378 2013-01-25 16:38:41 +01:00
Miroslav Stampar
8c84a16cb7 Minor style update for an Issue #377 2013-01-25 12:52:31 +01:00
Miroslav Stampar
479f791112 Minor fix 2013-01-25 12:41:51 +01:00
Miroslav Stampar
194a9e7b88 Implementation for an Issue #377 2013-01-25 12:34:57 +01:00
Bernardo Damele
5b3c8d8991 first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite 2013-01-24 12:57:24 +00:00
Chris Frohoff
218a6a9695 fixed response header logging for header names with special chars 2013-01-23 11:10:25 -08:00
Bernardo Damele
f848f259a6 upper() -D value for certain DBMSes 2013-01-23 16:22:28 +00:00
Bernardo Damele
012815333c minor bug fix to ignore provided -D when brute-forcing columns/tables names and the DBMS is either Access, Firebird or SQLite 2013-01-23 15:52:03 +00:00
Miroslav Stampar
232f8d3585 Fix for an Issue #368 2013-01-23 13:36:17 +01:00
Bernardo Damele
f4028bd7d2 minor adjustment 2013-01-23 02:10:38 +00:00
Bernardo Damele
d8a0e7eacb fixes #187 2013-01-23 01:27:01 +00:00
Bernardo Damele
5635776173 proper SQLite 2 library 2013-01-22 18:56:25 +00:00
Bernardo Damele
dea15b5892 notify user if --udf-inject is provided but no stacked queries SQLi is detected 2013-01-22 18:28:48 +00:00
Miroslav Stampar
d6a361f859 Proper implementation for --technique=Q --dbms=Firebird 2013-01-22 16:31:26 +01:00
Miroslav Stampar
719c7f622b Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions) 2013-01-22 15:51:06 +01:00
Miroslav Stampar
2ec828f1cb Fix for an Issue #367 2013-01-22 14:27:17 +01:00
Miroslav Stampar
09c02c6c72 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-22 14:08:31 +01:00
Miroslav Stampar
15b0ab1b44 Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...' 2013-01-22 14:08:19 +01:00
Bernardo Damele
061aef57ba missing import 2013-01-22 11:25:01 +00:00
Miroslav Stampar
59b02539ca More general approach regarding that last commit 2013-01-22 11:34:34 +01:00
Miroslav Stampar
01f1488f07 Minor patch (annoying trailing spaces for some DBMSes --technique=B --sql-query) 2013-01-22 11:29:51 +01:00
Bernardo Damele
e558040810 minor fix to previous commit 2013-01-21 17:10:56 +00:00
Bernardo Damele
d43b04c582 better detection if vulnerable of not for regression test 2013-01-21 17:09:35 +00:00
Miroslav Stampar
b35a0810ef Fix for an Issue #364 2013-01-21 17:01:52 +01:00
Miroslav Stampar
1e3f68c7ff Rewriting some query crafting parts (especially those .find(' FROM ')) 2013-01-21 16:15:38 +01:00
Miroslav Stampar
832d95984c IFNULL-like mechanism now works on SQLite 2 too 2013-01-21 15:04:27 +01:00
Miroslav Stampar
75bf8528d1 Minor just in case update 2013-01-21 14:50:43 +01:00
Miroslav Stampar
c55a002f95 Language fix 2013-01-21 13:19:08 +01:00
Miroslav Stampar
80255433b0 Trivial style update 2013-01-21 13:18:34 +01:00
Miroslav Stampar
0e86175342 Adding new common function for further refactoring 2013-01-21 11:50:47 +01:00
Miroslav Stampar
3200134b3b Fix for a regression test #30 test case fail (Firebird inline) 2013-01-21 10:12:54 +01:00
Miroslav Stampar
069c6acabd Another update for an Issue #362 2013-01-20 22:47:26 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Bernardo Damele
3373e30808 minor fix for a bug introduced with commit 1ad9e26a21 2013-01-20 02:40:40 +00:00
Bernardo Damele
115be9d7b5 minor fixes 2013-01-20 01:26:46 +00:00
Miroslav Stampar
0a4f5d2e51 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 19:08:18 +01:00
Miroslav Stampar
e9641e30db This last commit was in haste :) 2013-01-19 19:07:38 +01:00
Miroslav Stampar
6a87dd9225 Minor update (just for consistency with the rest of code) 2013-01-19 19:07:06 +01:00
Miroslav Stampar
979e108c87 Minor update (just for consistency with the rest of code) 2013-01-19 19:06:51 +01:00
Bernardo Damele
f89b25fdb6 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 18:04:38 +00:00
Bernardo Damele
adf97e630f add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL 2013-01-19 18:04:33 +00:00
Miroslav Stampar
9ce2395405 Minor refactoring 2013-01-19 18:40:44 +01:00
Miroslav Stampar
3f4c010370 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 18:28:52 +01:00
Miroslav Stampar
efe26ac3f8 In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value) 2013-01-19 18:28:37 +01:00
Bernardo Damele
6a62292a3f layout adjustment 2013-01-19 17:11:16 +00:00
Miroslav Stampar
bb6b89fe93 Patch for an Issue #360 2013-01-19 18:06:36 +01:00
Bernardo Damele
dcf2dcd03d all we need to debug failed test cases while regression test run.. 2013-01-19 17:04:57 +00:00
Bernardo Damele
f22fd396ef write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage 2013-01-19 16:41:19 +00:00
Bernardo Damele
1923ef691e just in case, add also the test case name inside the temp folder for debug purposes 2013-01-19 16:06:46 +00:00
Bernardo Damele
c95119559e minor bug fix 2013-01-19 00:41:51 +00:00
Bernardo Damele
0e78fbef56 correctly format SQLi payload for inline query technique 2013-01-19 00:28:03 +00:00
Bernardo Damele
6be7eee8d6 more fixes 2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce fixed test cases for Firebird - #312 2013-01-18 23:32:39 +00:00
Bernardo Damele
1f4c6a8371 avoid blank line if password hashes have not been fetched 2013-01-18 22:10:36 +00:00
Bernardo Damele
1ad9e26a21 bug fix for ORDER BY users provided statements (issue #354) 2013-01-18 21:40:50 +00:00
Miroslav Stampar
ac7709204a Better fix for that page/headers/comparison --string candidate problem 2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985 Revert of previous commit (more care has to be done regarding headers dynamicity) 2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c Fix for an Issue where '--string' is being automatically picked not looking properly in headers too 2013-01-18 16:35:09 +01:00
Miroslav Stampar
601eb1e49a Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Bernardo Damele
1bb061f68c improvements to --live-test 2013-01-18 13:02:35 +00:00