| 
							
							
								 Miroslav Stampar | 8fe069b495 | minor fix | 2011-08-23 21:48:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cfc1f2b70b | minor update | 2011-08-22 22:43:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f4127a80d7 | improvement of UNION based injection detection (with non-NULL kb.uChar values searching of the content inside -1 UNION.. pages is used) | 2011-08-22 21:43:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cb32d46f2a | minor minor update | 2011-08-18 06:09:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9d31322f3d | update regarding special case when conf.uChar appears only in testable pages | 2011-08-17 21:40:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e1dbb4443b | minor update related to the last commit | 2011-08-16 07:01:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7cc5743c5d | minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters) | 2011-08-16 06:50:20 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 702ed73a65 | Added --code switch to match in boolean-based tests against the HTTP response code | 2011-08-12 16:48:11 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | fff4c34e33 | Search for --string and --regexp matches also in HTTP response headers | 2011-08-12 15:33:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e849b71027 | minor typo | 2011-08-03 14:31:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 538b49bcc5 | removing word "dramatically". i was too excited at the moment :). it is cool and all but we shouldn't put "highly subjective" attribs in reports | 2011-08-03 13:26:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9423d15fb3 | ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix | 2011-08-03 09:08:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | edab7d01a5 | minor fix | 2011-08-02 17:31:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cb0981d858 | proper way of handling 0 length results (as in __goInferenceProxy) | 2011-08-02 08:39:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 018d7ed646 | improvement for limited queries (more stable to have TOP/LIMIT/OFFSET mechanisms as part of a subquery) | 2011-07-31 23:40:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e522263640 | fix for a neverending data retrieval in large full inband cases | 2011-07-29 10:45:09 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 938716e361 | Proper fix for --start and --stop consistency amongst different techniques | 2011-07-26 10:06:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6bbb8139a0 | update (smaller memory footprint in postprocessing phase because of safecharencode part) | 2011-07-25 20:40:31 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5770c08784 | minor optimization and refactoring | 2011-07-25 20:17:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2033a28ae7 | minor update regarding last commit (cleaner code) | 2011-07-24 20:44:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3a3561fdaa | doing proper big table support for partial union too | 2011-07-24 20:36:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ec1bc0219c | hello big tables, this is sqlmap, sqlmap this is big tables | 2011-07-24 09:19:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a89140e1ce | revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) | 2011-07-23 06:07:00 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | aedcf8c8d7 | Changed homepage address | 2011-07-07 20:10:03 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 067354b97f | Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access | 2011-07-07 13:20:40 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9e1a6beb7a | Major bug fix in UNION detection, it was a leftover | 2011-07-07 00:06:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b8ffcf9495 | few fixes here and there and multi-core processing for dictionary based hash attack | 2011-07-04 19:58:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 34d9a91af1 | bulk of fixes | 2011-07-02 22:48:56 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9eb683531d | Minor improvement at blind SQL inj technique for DB2 | 2011-06-27 22:28:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9e232256f4 | reverting that last commit because there is a  mess with default dumping (startLimit is set to 0 which is not so friendly with --start and --stop logic) | 2011-06-21 18:29:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3536320fc9 | --stop is inclusive ("Last query output entry to retrieve") | 2011-06-21 18:08:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 83af83da9e | minor beautification (WordsSet is considered as a bad english) | 2011-06-18 15:47:19 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f8c32cf6b9 | Moved folder | 2011-06-18 12:34:41 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 28ef61b997 | Use getPageTextWordsSet() also in --common-columns | 2011-06-18 12:30:26 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | cd07139919 | Layout adjustments | 2011-06-18 11:58:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 905fef0eae | now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5) | 2011-06-18 10:51:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fde3e4cece | better | 2011-06-18 09:52:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2f129b01c0 | "Please consider to provide" is a bad English | 2011-06-18 09:46:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9498a3f259 | little stabilization of multi threading | 2011-06-17 12:50:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d27afaed7e | some fixes | 2011-06-16 14:27:44 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6aade8e6fc | grammar fix, again | 2011-06-08 16:40:22 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | d160888784 | Grammar fix | 2011-06-08 16:25:18 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 1c6ee1dc36 | Rephrase | 2011-06-08 16:22:16 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0d8d6a4ace | Cosmetics | 2011-06-08 16:08:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4a9640160e | more concise | 2011-06-08 14:35:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6b81eef65a | refactoring | 2011-06-08 14:30:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e7e23d1b79 | fix for a Ctrl+C bug reported by nightman@email.de | 2011-06-07 17:16:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 50dde39e68 | minor update | 2011-06-07 10:32:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e9bf768f23 | more refactoring | 2011-06-07 10:08:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7a3cc38e3c | refactoring and stabilization of multithreading | 2011-06-07 09:50:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 64a862ed58 | minor usability update | 2011-06-03 14:04:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fc96764f80 | minor bug fix ("trimmed" error message was shown for empty cases too because u'' or None == None) | 2011-06-01 22:06:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 091c174bc4 | better language | 2011-06-01 08:30:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 42100e0e5b | big bug fix | 2011-05-30 23:15:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9600556dae | better language | 2011-05-30 23:04:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b79dae6e95 | minor update | 2011-05-30 14:49:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d5ede6afb4 | fix for a dirty reading issue reported by skysbsb@gmail.com (IndexError: list index out of range) | 2011-05-30 06:38:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6fd8602f01 | minor update | 2011-05-29 23:33:34 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 86455ceb9c | implementation of multithreading for UNION and ERROR techniques | 2011-05-29 23:17:50 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ecbeecdccf | minor refactoring | 2011-05-28 18:11:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 95dea1fbf9 | sharp tuning UNION tests even more | 2011-05-28 08:06:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8227298057 | user friendliness uber 9000 | 2011-05-27 08:30:52 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5369657cd5 | fix for cases with retrieved binary files (preventing difflib nagging around comparison) | 2011-05-25 20:54:30 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 31b48ec11c | removing space left | 2011-05-23 14:18:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fb23beef6f | most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested) | 2011-05-22 19:14:36 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4fdb6ac9b9 | adding useful info | 2011-05-22 15:30:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 48c20a62ac | minor nag fix | 2011-05-22 15:08:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9e5856caf8 | improvement for recognition of scalar vs multiple-row commands | 2011-05-19 16:45:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6ba9dea640 | just in case for trimmed output | 2011-05-16 06:17:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d2221e4604 | fix for a minor "retrieved" cosmetic issue in partial union technique reported by Devon Mitchell (retrieved: "information_schema","COLUMNS</title><...) | 2011-05-16 00:23:50 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c64eb38a8b | same thing as for the last commit, but for error technique this time | 2011-05-12 11:52:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 84a7e5ffb9 | "unfix" for r3172 which was causing "AttributeError: 'list' object has no attribute 'isdigit'" because of change of appereance | 2011-05-12 11:36:02 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3a8309c4b0 | Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches | 2011-05-10 15:34:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 22a1870c2c | adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1 | 2011-05-10 12:32:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 83fac3f6d9 | fix for proper MSSQL error chunking in some cases (not screwing output length toward lower values at chunk phase) | 2011-05-03 21:12:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e6f010734e | minor fix for cases when the retrieved output is safe encoded (like for --os-shell) | 2011-05-03 16:14:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 742b0ef76e | major improvement of ERROR data retrieval on MSSQL | 2011-05-03 13:25:20 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9a4ae7d9e2 | More code refactoring of Backend class methods used | 2011-04-30 14:54:29 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f56d135438 | Minor code restyling | 2011-04-30 13:20:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f88aa4b165 | implemented suppressResumeInfo mechanism (huge slowdown on large tables) | 2011-04-22 19:58:10 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | fbe5ba5394 | cosmetics | 2011-04-21 10:54:12 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 8d8fc2bbd8 | cosmetics | 2011-04-21 10:17:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e4d3190f41 | reverting back to NVARCHAR because of error technique | 2011-04-20 12:59:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3607f03a9e | fix of a minor typo | 2011-04-20 12:42:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1286cc0913 | now showing trimmed output in for of warning message (UNION and ERROR techniques affected) | 2011-04-20 12:41:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4fadcf0615 | improvement for UNION/ERROR case | 2011-04-20 10:17:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 29ee760021 | improving time based data retrieval mechanism | 2011-04-17 07:24:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 88c76147e1 | removed few trailing whitespace lines | 2011-04-15 20:52:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3b6f9945ae | minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...) | 2011-04-15 14:15:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0387654166 | update of copyright string (until year) | 2011-04-15 12:33:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bb99bd2fbe | one more commit related to the issue with displaying of garbled characters | 2011-04-14 09:43:36 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 04986be4b9 | update regarding safe character output together with a small fix for newlines | 2011-04-14 09:31:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d06ae9cd47 | implemented retrieved items info for partial union too | 2011-04-13 14:33:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f5f2201bbc | minor cosmetics for partial inband retrieval | 2011-04-13 11:25:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c193b896be | just in case update to prevent gibberish "retrieved: " outputs | 2011-04-12 23:07:50 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6012ab1c46 | better one for previous commit | 2011-04-10 21:52:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e6c50df4f9 | preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case) | 2011-04-10 21:38:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 277f16d6b3 | removing commented out debug print | 2011-04-08 22:44:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6fa2fd139c | implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field) | 2011-04-08 15:17:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 228cc68747 | fix for those ugly DEBUG messages in brute mode | 2011-04-08 11:02:21 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 5b21352656 | cosmeticados ;) | 2011-04-08 10:39:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e33a48d40f | minor refactoring | 2011-04-07 12:54:30 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c6b9d89d31 | Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly | 2011-04-07 11:10:35 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 8b14a9eaa7 | Minor code adjustments | 2011-04-06 14:40:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b327bbcd9b | minor fix (it was quite ... to have this check at the later stage) | 2011-04-06 08:39:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 557ed7d665 | minor fix for a invalid charset reported by Kirill | 2011-03-31 14:39:01 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | fed57282fc | Added one more warning message to show what's going on with ctrl+c | 2011-03-31 14:26:14 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3948cd9e77 | Minor layout adjustments | 2011-03-31 14:13:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c5de903eab | minor improvement ("quick defense against substr fields") | 2011-03-31 09:35:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ce51326bff | quick fix | 2011-03-31 08:43:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0916117447 | improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names | 2011-03-30 18:32:10 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b6af80bab3 | refactoring, cleanup and improvement | 2011-03-29 21:54:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 12f3024c8a | removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header) | 2011-03-29 20:45:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d0861a00e2 | minor improvement | 2011-03-29 15:37:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1823c116bb | minor update for special cases of union testing results | 2011-03-28 21:45:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1119a85f39 | it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage) | 2011-03-25 21:31:26 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6c6133e8aa | revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is) | 2011-03-25 20:46:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 737b4abf13 | this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user) | 2011-03-25 20:30:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 422967fbcd | just an minor update related to the last commit | 2011-03-25 12:21:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ea52d7acad | minor revisit of inference | 2011-03-24 20:10:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0f7bce5c66 | fixing a huge mess going on because of counting on error and union techniques | 2011-03-23 11:36:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7613134515 | it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic) | 2011-03-22 12:37:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9479a68eb5 | minor fix regarding last commit | 2011-03-22 12:21:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c24ed6e622 | minor fix related to a bug reported by warninggp@gmail.com | 2011-03-22 09:22:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b5c9ccb755 | Oracle XML based error payload has problems with char $ as with space | 2011-03-21 13:13:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9b1f2d82d0 | minor update (that .strip() was a leftover) | 2011-03-20 23:20:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | db992a0a86 | mssql likes to htmlescape error reports | 2011-03-20 23:16:34 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 03fac62592 | Minor code restyle | 2011-03-17 12:34:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | beba69faa9 | implementation of request from Santiago (look for error based responses in redirects) | 2011-03-17 09:12:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 847ce863e3 | refactoring | 2011-03-17 08:54:20 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | d8a76ebe34 | Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs | 2011-03-11 16:03:19 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3cb0ca4b63 | Minor bug fix for --privileges on PgSQL with error-based SQL inj technique | 2011-03-11 15:24:25 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 60605b6e7c | Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only) | 2011-02-27 12:14:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | aa88361ab1 | incorporation of method for neutralization of reflective values | 2011-02-25 09:22:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 708ddf5608 | added protection mechanism against reflected values | 2011-02-24 16:52:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 83d7803ce7 | other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2) | 2011-02-12 20:03:28 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 864eade744 | Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase | 2011-02-10 11:14:05 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | aa0fb276ba | More fixes for --common-columns to work against MSSQL too | 2011-02-09 17:22:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 917b2b0d6b | one more commit related to the previous one | 2011-02-09 17:07:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6c582343fe | .. fix | 2011-02-09 17:05:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3de6117253 | revert of the r3247 (output always has to be appended to the outputs - no matter of it's value) | 2011-02-09 09:53:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 98ca1702ae | los cosmeticado | 2011-02-08 16:30:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 87e36796c6 | just to not cause confusion | 2011-02-08 16:29:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dcb9c93328 | minor cleanup | 2011-02-08 16:27:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 37f7001143 | first commit with mysql/error/substringing | 2011-02-08 16:23:33 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0a81415f2f | Minor code cleanup | 2011-02-08 00:02:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 66adf23532 | Unbiased approach for searching appropriate usable column | 2011-02-07 21:00:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f958b21613 | there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) | 2011-02-07 16:55:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 265e7ca272 | fix for that MSSQL limit/top problem | 2011-02-07 16:24:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 061f56daf9 | More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload. | 2011-02-06 23:27:56 +00:00 |  |