Commit Graph

2362 Commits

Author SHA1 Message Date
Miroslav Stampar
6629233de5 Minor update 2013-02-14 10:18:40 +01:00
Miroslav Stampar
0a4605644e Minor fix for previous commit 2013-02-13 16:31:03 +01:00
Miroslav Stampar
2b121c938b Minor fix 2013-02-13 16:24:21 +01:00
Miroslav Stampar
c6d29e093e Fixing issue with newlines after the data in -r mode 2013-02-13 12:36:01 +01:00
Miroslav Stampar
965fa04a33 Trivial update 2013-02-13 12:28:51 +01:00
Miroslav Stampar
d78a3e977b Update (allowing regular char * to be inside SOAP/JSON/XML) 2013-02-13 12:24:42 +01:00
Miroslav Stampar
6314d64a70 Renaming --binary to --binary-fields 2013-02-13 11:27:03 +01:00
Miroslav Stampar
7c802ed8cc Minor fix 2013-02-13 11:14:45 +01:00
Miroslav Stampar
dc41484b3f Refactoring of funcionality for finding out if stacking is available 2013-02-13 09:57:16 +01:00
Miroslav Stampar
8b4f72322a Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format) 2013-02-13 09:56:44 +01:00
Miroslav Stampar
c34f6e25b2 Minor fix for --eval (urldecoded values should be used inside evaluation) 2013-02-12 17:01:47 +01:00
Miroslav Stampar
212e92ea01 Minor update regarding --load-cookies (warning about expired ones) 2013-02-12 14:29:56 +01:00
Miroslav Stampar
c67b39d14d Update for a last update 2013-02-12 12:58:15 +01:00
Miroslav Stampar
72984a578d Update for --load-cookies 2013-02-12 12:42:12 +01:00
Miroslav Stampar
c2672e78fc Support for multiple injection marks inside the same header value (Issue #48) 2013-02-12 12:06:13 +01:00
Miroslav Stampar
c75560ba69 Minor bug fix (getting ? in < 0xf char cases) 2013-02-11 21:16:35 +01:00
Miroslav Stampar
c0e59d94a9 Better naming 2013-02-08 16:28:58 +01:00
Miroslav Stampar
cdfe43560b Update for an Issue #207 (and a potential patch for regression tests) 2013-02-08 16:20:48 +01:00
Bernardo Damele
d015bf98fc renamed variable to avoid confusion 2013-02-07 14:19:07 +00:00
Bernardo Damele
07fe6d44fb unnecessary condition here 2013-02-07 14:18:52 +00:00
Bernardo Damele
b477c56b52 first steps to allow multiple scans on the same taskid - issue #297 2013-02-07 00:05:26 +00:00
Bernardo Damele
5c8335876f minor bug fix to make --disable-coloring work on log messages too 2013-02-06 21:04:54 +00:00
Bernardo Damele
477c66ac4b minor refactoring and trivial bug fix 2013-02-06 17:45:25 +00:00
Bernardo Damele
f7d826fee1 first case where partial output is retrievable via RESTful API - issue #297 2013-02-05 14:43:03 +00:00
Miroslav Stampar
e836629215 Bug fixes for search (safeStringFormat should not replace all if given scalar values) 2013-02-05 11:37:49 +01:00
Bernardo Damele
9d04ae5db5 minor improvement to temporary folder name 2013-02-05 09:11:38 +00:00
Miroslav Stampar
6cab3d4759 Minor update 2013-02-04 16:46:08 +01:00
Miroslav Stampar
f4b8a3c1d8 Bug fix for boolean (multithreaded Ctrl+C) resumed values 2013-02-04 15:49:29 +01:00
Miroslav Stampar
5e4e863986 Bug fix (introduced with f1ab887c55) 2013-02-04 15:31:28 +01:00
Miroslav Stampar
235153ab39 Removal of unused imports 2013-02-04 15:29:13 +01:00
Miroslav Stampar
7e1ff1bb8e Same refactoring as the last commit 2013-02-04 15:26:44 +01:00
Bernardo Damele
9370f96a67 step by step getting there to partial output presentation to restful API (issue #297), not quite yet though.. 2013-02-03 22:09:33 +00:00
Bernardo Damele
df3cc38cd9 minor improvements 2013-02-03 15:39:07 +00:00
Bernardo Damele
bd1ea13b8d Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-03 11:31:12 +00:00
Bernardo Damele
f8bc74758c improvement to restful API to store to IPC database partial entries, not yet functional (issue #297) 2013-02-03 11:31:05 +00:00
Miroslav Stampar
e7b93b5b66 Implementation for an Issue #363 2013-02-01 17:24:04 +01:00
Miroslav Stampar
6d942f92b5 Removing --check-payload (PHPIDS doesn't update rules lately; also, WAF/IDS/IPS is more than just regexes (unencoding, removing junk, etc.)) 2013-02-01 10:03:06 +01:00
Miroslav Stampar
8d51b4b63a Minor bug fix 2013-01-31 16:24:44 +01:00
Miroslav Stampar
d6606a8f31 Patch to prevent problems like Issue #381 2013-01-31 13:58:39 +01:00
Miroslav Stampar
cfcf8a3abb Another update for an Issue #380 (--common-... switches) 2013-01-31 13:49:19 +01:00
Miroslav Stampar
2420a4b626 Update for an Issue #342 and #372 2013-01-31 10:01:52 +01:00
Miroslav Stampar
9b4eaa9272 Minor fix 2013-01-30 18:21:15 +01:00
Miroslav Stampar
fdea8ddea6 Starting to clean up a mess in Oracle's world of DISTINCT (part of Issue #342 and #372) 2013-01-30 16:55:09 +01:00
Bernardo Damele
103045d284 variable renamed 2013-01-30 15:30:34 +00:00
Miroslav Stampar
f33bf06c88 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-30 11:38:20 +01:00
Bernardo Damele
6dfe91165d Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-30 10:34:51 +00:00
Bernardo Damele
8519717f25 minor fixes to --live-test 2013-01-30 10:32:56 +00:00
Miroslav Stampar
f391937083 Minor refactoring 2013-01-30 10:43:46 +01:00
Miroslav Stampar
d6fb0e8545 Update for an Issue #352 2013-01-30 10:38:11 +01:00
Miroslav Stampar
bd08ede117 Minor fine tuning 2013-01-29 21:06:02 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Bernardo Damele
e8bd3c9c9f cosmetics 2013-01-29 17:00:28 +00:00
Bernardo Damele
8f36f92dd3 minor fix 2013-01-29 16:23:30 +00:00
Bernardo Damele
c47b44e93f Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 15:38:16 +00:00
Bernardo Damele
9677e0f910 more data content types for API (issue #297) 2013-01-29 15:36:19 +00:00
Bernardo Damele
92ae8145df ignore any non-relevant string: avoid storing to the API, careful this can introduce bugs but it is necessary at this stage of development (issue #297) 2013-01-29 15:35:51 +00:00
Bernardo Damele
bfce7210e6 improvements to the dump library to output to the API data fetched properly formatted (issue #297) 2013-01-29 15:34:20 +00:00
Bernardo Damele
eeecb3fe2c split init() into two separate functions for API purposes (issue #297) 2013-01-29 15:33:16 +00:00
Miroslav Stampar
f4b7b3fd35 Minor cosmetics 2013-01-29 16:04:20 +01:00
Miroslav Stampar
9eca41bae2 Minor fix 2013-01-29 15:55:50 +01:00
Miroslav Stampar
a104de01d7 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-29 15:35:01 +01:00
Miroslav Stampar
7e73825ece Minor cosmetics 2013-01-29 15:34:41 +01:00
Bernardo Damele
085495024f minor adjustment 2013-01-29 01:44:57 +00:00
Bernardo Damele
f1ab887c55 major enhancement, code refactoring for issue #297 2013-01-29 01:39:27 +00:00
Bernardo Damele
cd4075f6a3 no raise, just pass at ctrl-c 2013-01-26 15:33:09 +00:00
Bernardo Damele
a0b9e0f1c5 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-25 17:11:38 +00:00
Bernardo Damele
195d17449e first test of stdout/stderr redirect to a database when sqlmap is executed from restful API (#297) 2013-01-25 17:11:31 +00:00
Miroslav Stampar
c06f94e2c8 Fix for an Issue #378 2013-01-25 16:38:41 +01:00
Miroslav Stampar
8c84a16cb7 Minor style update for an Issue #377 2013-01-25 12:52:31 +01:00
Miroslav Stampar
194a9e7b88 Implementation for an Issue #377 2013-01-25 12:34:57 +01:00
Bernardo Damele
5b3c8d8991 first implementation of asynchronous inter-protocol communication between the sqlmap RESTful API and the sqlmap engine with SQLite 2013-01-24 12:57:24 +00:00
Miroslav Stampar
232f8d3585 Fix for an Issue #368 2013-01-23 13:36:17 +01:00
Bernardo Damele
5635776173 proper SQLite 2 library 2013-01-22 18:56:25 +00:00
Miroslav Stampar
719c7f622b Probable fix for --technique=Q --dbms=Firebird (but also other potential issues with splitting of fields in expressions) 2013-01-22 15:51:06 +01:00
Miroslav Stampar
2ec828f1cb Fix for an Issue #367 2013-01-22 14:27:17 +01:00
Miroslav Stampar
09c02c6c72 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-22 14:08:31 +01:00
Miroslav Stampar
15b0ab1b44 Fix for a 'no parameter found' problem when user says N on 'custom injection mark found in POST...' 2013-01-22 14:08:19 +01:00
Bernardo Damele
061aef57ba missing import 2013-01-22 11:25:01 +00:00
Bernardo Damele
e558040810 minor fix to previous commit 2013-01-21 17:10:56 +00:00
Bernardo Damele
d43b04c582 better detection if vulnerable of not for regression test 2013-01-21 17:09:35 +00:00
Miroslav Stampar
b35a0810ef Fix for an Issue #364 2013-01-21 17:01:52 +01:00
Miroslav Stampar
1e3f68c7ff Rewriting some query crafting parts (especially those .find(' FROM ')) 2013-01-21 16:15:38 +01:00
Miroslav Stampar
832d95984c IFNULL-like mechanism now works on SQLite 2 too 2013-01-21 15:04:27 +01:00
Miroslav Stampar
c55a002f95 Language fix 2013-01-21 13:19:08 +01:00
Miroslav Stampar
80255433b0 Trivial style update 2013-01-21 13:18:34 +01:00
Miroslav Stampar
0e86175342 Adding new common function for further refactoring 2013-01-21 11:50:47 +01:00
Miroslav Stampar
3200134b3b Fix for a regression test #30 test case fail (Firebird inline) 2013-01-21 10:12:54 +01:00
Bernardo Damele
3373e30808 minor fix for a bug introduced with commit 1ad9e26a21 2013-01-20 02:40:40 +00:00
Bernardo Damele
115be9d7b5 minor fixes 2013-01-20 01:26:46 +00:00
Miroslav Stampar
0a4f5d2e51 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 19:08:18 +01:00
Miroslav Stampar
e9641e30db This last commit was in haste :) 2013-01-19 19:07:38 +01:00
Miroslav Stampar
6a87dd9225 Minor update (just for consistency with the rest of code) 2013-01-19 19:07:06 +01:00
Miroslav Stampar
979e108c87 Minor update (just for consistency with the rest of code) 2013-01-19 19:06:51 +01:00
Bernardo Damele
f89b25fdb6 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 18:04:38 +00:00
Bernardo Damele
adf97e630f add possibility to provide a list of web server document root possible directories for web shell upload in --os-cmd and --os-shell for MySQL 2013-01-19 18:04:33 +00:00
Miroslav Stampar
9ce2395405 Minor refactoring 2013-01-19 18:40:44 +01:00
Miroslav Stampar
3f4c010370 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-19 18:28:52 +01:00
Miroslav Stampar
efe26ac3f8 In case that content-length header was not in a desired case ('Content-length') POST request file would fail badly (repeating original content-length header value) 2013-01-19 18:28:37 +01:00
Bernardo Damele
6a62292a3f layout adjustment 2013-01-19 17:11:16 +00:00
Miroslav Stampar
bb6b89fe93 Patch for an Issue #360 2013-01-19 18:06:36 +01:00
Bernardo Damele
dcf2dcd03d all we need to debug failed test cases while regression test run.. 2013-01-19 17:04:57 +00:00
Bernardo Damele
f22fd396ef write the test case name before it is run so if the test case crashes badly, we can trace back what test case it was at a later stage 2013-01-19 16:41:19 +00:00
Bernardo Damele
1923ef691e just in case, add also the test case name inside the temp folder for debug purposes 2013-01-19 16:06:46 +00:00
Bernardo Damele
0e78fbef56 correctly format SQLi payload for inline query technique 2013-01-19 00:28:03 +00:00
Bernardo Damele
6be7eee8d6 more fixes 2013-01-18 23:35:16 +00:00
Bernardo Damele
56eaa073ce fixed test cases for Firebird - #312 2013-01-18 23:32:39 +00:00
Bernardo Damele
1f4c6a8371 avoid blank line if password hashes have not been fetched 2013-01-18 22:10:36 +00:00
Bernardo Damele
1ad9e26a21 bug fix for ORDER BY users provided statements (issue #354) 2013-01-18 21:40:50 +00:00
Miroslav Stampar
ac7709204a Better fix for that page/headers/comparison --string candidate problem 2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985 Revert of previous commit (more care has to be done regarding headers dynamicity) 2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c Fix for an Issue where '--string' is being automatically picked not looking properly in headers too 2013-01-18 16:35:09 +01:00
Miroslav Stampar
601eb1e49a Unescaping is renamed to escaping 2013-01-18 15:40:37 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Bernardo Damele
1bb061f68c improvements to --live-test 2013-01-18 13:02:35 +00:00
Bernardo Damele
738ccb643d minor output adjustment 2013-01-18 11:41:09 +00:00
Miroslav Stampar
33ea811c6c Removing some unused stuff (mainly imports) 2013-01-18 11:50:02 +01:00
Miroslav Stampar
aa467cb54c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-01-18 11:31:25 +01:00
Miroslav Stampar
17d36684b5 Removing obsolete proxy handling code (Python < 2.6) 2013-01-18 11:30:52 +01:00
Miroslav Stampar
4d5bae7131 Removing some obsolete functions 2013-01-18 11:18:56 +01:00
Miroslav Stampar
bcc907ce09 Minor update 2013-01-18 11:00:21 +01:00
Miroslav Stampar
d1008b45b5 Minor removal of unused function 2013-01-18 10:46:06 +01:00
Miroslav Stampar
caae773b2d Minor removal of redundant code 2013-01-18 10:44:57 +01:00
Bernardo Damele
d66f7e22b1 more fixes to test cases 2013-01-18 09:32:05 +00:00
Miroslav Stampar
e941e60b20 Minor just in place update for an Issue #348 2013-01-17 22:44:55 +01:00
Bernardo Damele
1d6e642d41 fixed url 2013-01-17 21:29:00 +00:00
Miroslav Stampar
507f185b69 Revert of patch for an Issue #347 2013-01-17 18:38:37 +01:00
Miroslav Stampar
f7eda07d92 Patch for an Issue #347 2013-01-17 15:30:14 +01:00
Miroslav Stampar
a38b3e397c Patch for an Issue #286 2013-01-17 14:17:39 +01:00
Miroslav Stampar
65273295e3 Implementing a check for an Issue #25 2013-01-17 13:56:04 +01:00
Miroslav Stampar
9428d1819e Fix for an Issue #346 2013-01-17 12:03:02 +01:00
Miroslav Stampar
3ab4a5e36d Fix for an Issue #345 2013-01-17 11:50:12 +01:00
Miroslav Stampar
51a77d1fe2 Minor update for an Issue #8 2013-01-17 11:37:45 +01:00
Miroslav Stampar
14b7e655a9 Minor refactoring 2013-01-16 16:33:04 +01:00
Miroslav Stampar
053b7d12b4 Minor language update 2013-01-16 16:07:12 +01:00
Miroslav Stampar
fb7243c237 Cleaning a mess where multi-threaded HTTP requests (in log) had sometimes same UIDs 2013-01-16 16:04:00 +01:00
Miroslav Stampar
c0a6e1c3a7 Finishing first usable prototype for an Issue #8 2013-01-16 14:54:37 +01:00
Miroslav Stampar
ff5ec48abd Minor update for an Issue #8 2013-01-16 14:16:22 +01:00
Bernardo Damele
3464a70ac2 bug fix: without this generic concatenation of strings in concatQuery(), detection of UNION query SQLi only (--technique U) when the page did not disclose any DBMS error message and it was not MySQL (for which there are UNION SQLi specific payloads) was not detected 2013-01-16 01:53:33 +00:00
Bernardo Damele
542f6de72e typo fix 2013-01-16 01:31:03 +00:00
Bernardo Damele
2a751e075d more work on #342 2013-01-15 17:14:44 +00:00
Bernardo Damele
ec076f5f8a write console output to temporary folder in any case the test case fails, even if no traceback is raised 2013-01-15 15:51:03 +00:00
Miroslav Stampar
7a1d484115 Implementation for an Issue #340 2013-01-15 16:05:33 +01:00
Bernardo Damele
c51358953a add more Oracle system dbs 2013-01-15 14:51:29 +00:00
Bernardo Damele
3e2c3851f3 Make --live-test Metasploit integration cases work, added more test cases for PostgreSQL and code refactoring (issue #312) 2013-01-14 13:42:50 +00:00
Bernardo Damele
515c1c6205 removed leftover 2013-01-14 10:26:22 +00:00
Bernardo Damele
83000de9e1 improved handling and storing of exceptions with --live-test (#312) 2013-01-14 10:23:40 +00:00
Bernardo Damele
8125fe90a7 code refactoring 2013-01-14 10:22:38 +00:00
Bernardo Damele
036b612bcb bug fix to be able to write unicode chars to debug file 2013-01-14 01:11:42 +00:00
Miroslav Stampar
fc560f2b75 Minor revert and proper fix 2013-01-14 00:47:29 +01:00
Bernardo Damele
b74cfbf336 minor enhancements for debug purposes (issue #312) 2013-01-13 23:15:56 +00:00