Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							265e7ca272 
							
						 
					 
					
						
						
							
							fix for that MSSQL limit/top problem  
						
						
						
					 
					
						2011-02-07 16:24:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71d1b72e0e 
							
						 
					 
					
						
						
							
							minor adjustment  
						
						
						
					 
					
						2011-02-07 12:51:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b33ac19d39 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-02-07 12:36:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99e9412f74 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-07 12:34:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e023e0d233 
							
						 
					 
					
						
						
							
							proper fix  
						
						
						
					 
					
						2011-02-07 12:32:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							39decebe85 
							
						 
					 
					
						
						
							
							Minor fixes to checking/re-enabling of xp_cmdshell procedure  
						
						
						
					 
					
						2011-02-07 12:17:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c0233dcd4f 
							
						 
					 
					
						
						
							
							preventing crashes for output=[]  
						
						
						
					 
					
						2011-02-07 10:24:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							096efea282 
							
						 
					 
					
						
						
							
							added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]  
						
						
						
					 
					
						2011-02-07 10:22:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ba3a8a69d4 
							
						 
					 
					
						
						
							
							More statements to exclude from unescap'ing  
						
						
						
					 
					
						2011-02-07 00:33:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3719f085ae 
							
						 
					 
					
						
						
							
							Added back-end dbms' OS based methods to Backend object - will be used for refactoring  
						
						
						
					 
					
						2011-02-07 00:21:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2e00656235 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-02-07 00:20:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bf5ca4bd9a 
							
						 
					 
					
						
						
							
							No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')  
						
						
						
					 
					
						2011-02-06 23:30:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							061f56daf9 
							
						 
					 
					
						
						
							
							More adjustments related to unescape() and cleanupPayload().  
						
						... 
						
						
						
						Minor code cleanup related to error-based payload. 
						
					 
					
						2011-02-06 23:27:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6a71629575 
							
						 
					 
					
						
						
							
							Converted from DOS format (\n\r to \n only)  
						
						
						
					 
					
						2011-02-06 23:25:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0800d9e49b 
							
						 
					 
					
						
						
							
							Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()  
						
						
						
					 
					
						2011-02-06 22:58:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9eac2339ca 
							
						 
					 
					
						
						
							
							 
						
						
						
					 
					
						2011-02-06 22:55:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f3d6be7868 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-02-06 22:32:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							078a2207cc 
							
						 
					 
					
						
						
							
							few reverts  
						
						
						
					 
					
						2011-02-06 22:10:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b9b2fe0e7c 
							
						 
					 
					
						
						
							
							little cleanup  
						
						
						
					 
					
						2011-02-06 21:52:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c4c2cf1d58 
							
						 
					 
					
						
						
							
							can't stay as it is right now. temporary disabling.  
						
						
						
					 
					
						2011-02-06 21:17:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2b96a66a2 
							
						 
					 
					
						
						
							
							one more update regarding last few "unescape" related commits  
						
						
						
					 
					
						2011-02-06 20:23:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6191a7f26f 
							
						 
					 
					
						
						
							
							Major fix for a silent bug  
						
						
						
					 
					
						2011-02-06 15:53:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c44978862e 
							
						 
					 
					
						
						
							
							Minor reordering of what gets saved into the injection object  
						
						
						
					 
					
						2011-02-06 15:20:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							412a97b7fe 
							
						 
					 
					
						
						
							
							fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType')  
						
						
						
					 
					
						2011-02-05 14:17:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4df8a03c04 
							
						 
					 
					
						
						
							
							using OrderedDict to store parameters in order of appearance  
						
						
						
					 
					
						2011-02-04 18:07:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							acb986ae80 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-04 17:40:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fec88f6a6d 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2011-02-04 15:57:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							09e88cfb19 
							
						 
					 
					
						
						
							
							fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())  
						
						
						
					 
					
						2011-02-04 14:05:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f83f1a1e06 
							
						 
					 
					
						
						
							
							minor just in case update  
						
						
						
					 
					
						2011-02-04 13:08:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c69b76776e 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-04 13:04:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							accf4e6ce0 
							
						 
					 
					
						
						
							
							one important fix (URI injection parameter '*' now can go anywhere)  
						
						
						
					 
					
						2011-02-04 12:43:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c19d481bb1 
							
						 
					 
					
						
						
							
							little clean up  
						
						
						
					 
					
						2011-02-04 12:25:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c229efba05 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-02-04 11:33:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d211def899 
							
						 
					 
					
						
						
							
							minor adjustment (accepting strange new looking uri formats)  
						
						
						
					 
					
						2011-02-04 10:55:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1af418d444 
							
						 
					 
					
						
						
							
							huge bug fix  
						
						
						
					 
					
						2011-02-04 10:18:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4933f0c92 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-02-03 23:25:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9a1a28c804 
							
						 
					 
					
						
						
							
							adding comments to filtering function  
						
						
						
					 
					
						2011-02-03 23:09:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1aecbe6b08 
							
						 
					 
					
						
						
							
							minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection)  
						
						
						
					 
					
						2011-02-03 22:59:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e5f54644f0 
							
						 
					 
					
						
						
							
							minor "statistical" update  
						
						
						
					 
					
						2011-02-03 16:59:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3bd6e538f8 
							
						 
					 
					
						
						
							
							more appropriate  
						
						
						
					 
					
						2011-02-03 16:48:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3a13fd87fd 
							
						 
					 
					
						
						
							
							new UNION column detection is going into wild  
						
						
						
					 
					
						2011-02-03 16:16:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b56a77e573 
							
						 
					 
					
						
						
							
							removing obsolete switches (--threshold, --excl-reg, --excl-str)  
						
						
						
					 
					
						2011-02-03 15:55:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							253a8d0679 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-02-03 15:24:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0edb4ee314 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-02-03 13:28:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1b9850b73a 
							
						 
					 
					
						
						
							
							revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )  
						
						
						
					 
					
						2011-02-03 12:21:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5edba2ffbc 
							
						 
					 
					
						
						
							
							minor change (conf.updateAll to conf.update)  
						
						
						
					 
					
						2011-02-03 11:13:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							402c1b622e 
							
						 
					 
					
						
						
							
							removing urlencode from UA  
						
						
						
					 
					
						2011-02-02 15:18:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f49e20cc8 
							
						 
					 
					
						
						
							
							adding --random-agent and removing -a  
						
						
						
					 
					
						2011-02-02 14:51:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2dae57a56d 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-02-02 14:35:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6c87bd1c63 
							
						 
					 
					
						
						
							
							added maskSensitiveData function  
						
						
						
					 
					
						2011-02-02 14:25:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f0114a2a8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-02-02 14:06:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8134c2154a 
							
						 
					 
					
						
						
							
							adding WHERE enum for payloads  
						
						
						
					 
					
						2011-02-02 13:34:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d6c9515f78 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-02 13:03:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							847b648e4a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-02 12:42:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e73a147fb5 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-02-02 11:49:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e33428b833 
							
						 
					 
					
						
						
							
							adding __findUnionCharCount function  
						
						
						
					 
					
						2011-02-02 11:22:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99aa38b58f 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-02-02 10:10:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							23c95107ed 
							
						 
					 
					
						
						
							
							we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)  
						
						
						
					 
					
						2011-02-02 09:24:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							af99105c27 
							
						 
					 
					
						
						
							
							lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)  
						
						
						
					 
					
						2011-02-01 22:45:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a37f5e05b9 
							
						 
					 
					
						
						
							
							Refactoring  
						
						
						
					 
					
						2011-02-01 22:27:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9b342a4c95 
							
						 
					 
					
						
						
							
							Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.  
						
						... 
						
						
						
						Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too. 
						
					 
					
						2011-02-01 22:07:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2619e4895f 
							
						 
					 
					
						
						
							
							Properly handle --technique at save/resume phase  
						
						
						
					 
					
						2011-02-01 22:05:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3d966bd569 
							
						 
					 
					
						
						
							
							You never know..  
						
						
						
					 
					
						2011-02-01 22:05:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d875d848ce 
							
						 
					 
					
						
						
							
							Better sort  
						
						
						
					 
					
						2011-02-01 22:04:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							705d45f4db 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-02-01 11:10:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							196e2d35b2 
							
						 
					 
					
						
						
							
							maybe we could ask user "are you willing to import local data content into error report" and use this function respectably  
						
						
						
					 
					
						2011-02-01 11:06:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6761933f75 
							
						 
					 
					
						
						
							
							Just.. cosmetics ;)  
						
						
						
					 
					
						2011-01-31 22:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							35b6d7278a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-31 22:50:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							25c175a9a5 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-01-31 22:34:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b04e1a0313 
							
						 
					 
					
						
						
							
							More detailed message for unhandled exception  
						
						
						
					 
					
						2011-01-31 21:23:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2fd9621499 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						... 
						
						
						
						Cosmetics 
						
					 
					
						2011-01-31 21:22:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ec9ebb3479 
							
						 
					 
					
						
						
							
							Set threads to 4 when optimization switch is provided, -o  
						
						
						
					 
					
						2011-01-31 21:21:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8397c526d8 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2011-01-31 21:20:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e3a3ae11cc 
							
						 
					 
					
						
						
							
							Proper return from error-based technique enumeration  
						
						
						
					 
					
						2011-01-31 21:13:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fa58a9c86b 
							
						 
					 
					
						
						
							
							update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)  
						
						
						
					 
					
						2011-01-31 20:36:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							777a19cfa9 
							
						 
					 
					
						
						
							
							LOL. removing that debug 'True'  
						
						
						
					 
					
						2011-01-31 16:22:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a80fe28631 
							
						 
					 
					
						
						
							
							one more thing ;)  
						
						
						
					 
					
						2011-01-31 16:21:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							933d701667 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-31 16:14:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b1dc928e68 
							
						 
					 
					
						
						
							
							implemented validation for time-based inference  
						
						
						
					 
					
						2011-01-31 16:07:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							25463bc67c 
							
						 
					 
					
						
						
							
							fix for a bug (--predict-output) noticed by Bernardo  
						
						
						
					 
					
						2011-01-31 15:00:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							60a2364f2b 
							
						 
					 
					
						
						
							
							now union technique parses headers too  
						
						
						
					 
					
						2011-01-31 12:41:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8ef47307db 
							
						 
					 
					
						
						
							
							added checking of header values for GREP (error); still UNION to do  
						
						
						
					 
					
						2011-01-31 12:21:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6f2cd56ff 
							
						 
					 
					
						
						
							
							removed junky import  
						
						
						
					 
					
						2011-01-31 11:59:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb3513650d 
							
						 
					 
					
						
						
							
							adding ID properties  
						
						
						
					 
					
						2011-01-31 11:41:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f9eac97fe8 
							
						 
					 
					
						
						
							
							refactoring of MSSQL XML banner parsing  
						
						
						
					 
					
						2011-01-31 11:38:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7175efcae1 
							
						 
					 
					
						
						
							
							another minor cosmetic update  
						
						
						
					 
					
						2011-01-31 10:59:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							97328c3104 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-31 10:54:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5e768be509 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-01-31 09:34:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f7feebe0df 
							
						 
					 
					
						
						
							
							fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)  
						
						
						
					 
					
						2011-01-31 09:28:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2a0b03e5c6 
							
						 
					 
					
						
						
							
							Unused import  
						
						
						
					 
					
						2011-01-30 17:07:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fc9c626f9e 
							
						 
					 
					
						
						
							
							minor refactoring (removed URL_ENCODE_PAYLOAD)  
						
						
						
					 
					
						2011-01-30 17:03:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							21e7223779 
							
						 
					 
					
						
						
							
							perhaps this is better english  
						
						
						
					 
					
						2011-01-30 16:34:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8278d821ac 
							
						 
					 
					
						
						
							
							Another layout adjustment  
						
						
						
					 
					
						2011-01-30 16:23:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							71d82e6f57 
							
						 
					 
					
						
						
							
							Minor layout adjustment  
						
						
						
					 
					
						2011-01-30 16:19:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							02e5c4b1e6 
							
						 
					 
					
						
						
							
							Minor bug fix for --sql-query/-shell with error-based technique  
						
						
						
					 
					
						2011-01-30 14:19:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bc8f1142c9 
							
						 
					 
					
						
						
							
							minor revert  
						
						
						
					 
					
						2011-01-30 11:41:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ddf23ba7cc 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-01-30 11:36:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3060c369a5 
							
						 
					 
					
						
						
							
							minor fix for previous commit  
						
						
						
					 
					
						2011-01-30 07:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1abf354630 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-30 07:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d63339ca26 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2011-01-30 07:34:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8883de2c6 
							
						 
					 
					
						
						
							
							minor update regarding unicode decoding of supplied arguments  
						
						
						
					 
					
						2011-01-29 23:01:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							367d0639f0 
							
						 
					 
					
						
						
							
							refactoring (class names should always be Capital cased)  
						
						
						
					 
					
						2011-01-28 16:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ddd296030d 
							
						 
					 
					
						
						
							
							added some more info to unhandled exception message(s)  
						
						
						
					 
					
						2011-01-28 16:15:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a184a4c772 
							
						 
					 
					
						
						
							
							major of majors bug fix  
						
						
						
					 
					
						2011-01-28 14:31:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f4fb156d3 
							
						 
					 
					
						
						
							
							major bug fix  
						
						
						
					 
					
						2011-01-28 14:09:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b98cbeee04 
							
						 
					 
					
						
						
							
							page for handling binary files  
						
						
						
					 
					
						2011-01-27 22:00:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e74c571bc 
							
						 
					 
					
						
						
							
							centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels  
						
						
						
					 
					
						2011-01-27 19:44:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							49aeb41be8 
							
						 
					 
					
						
						
							
							quick bug fix for FALSE positives with UNION based technique  
						
						
						
					 
					
						2011-01-27 18:49:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81722b6881 
							
						 
					 
					
						
						
							
							major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)  
						
						
						
					 
					
						2011-01-27 18:36:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03413bd5e0 
							
						 
					 
					
						
						
							
							minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)  
						
						
						
					 
					
						2011-01-27 16:55:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							539168dcca 
							
						 
					 
					
						
						
							
							sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there)  
						
						
						
					 
					
						2011-01-27 13:40:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bb6e36fb02 
							
						 
					 
					
						
						
							
							minor updates  
						
						
						
					 
					
						2011-01-27 12:38:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10b723f196 
							
						 
					 
					
						
						
							
							minor fix for a bug reported by yonnym@googlemail.com  
						
						
						
					 
					
						2011-01-25 22:26:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							430fd5cd63 
							
						 
					 
					
						
						
							
							minor fixes  
						
						
						
					 
					
						2011-01-25 16:05:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d3ddaba7be 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-01-25 13:04:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cab86871fe 
							
						 
					 
					
						
						
							
							fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)  
						
						
						
					 
					
						2011-01-25 11:02:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5692506131 
							
						 
					 
					
						
						
							
							this was bad thing to have  
						
						
						
					 
					
						2011-01-25 01:08:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6cc69f5e16 
							
						 
					 
					
						
						
							
							now --technique is appliable also after the injections have been identified  
						
						
						
					 
					
						2011-01-24 16:47:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81011be0d7 
							
						 
					 
					
						
						
							
							minor update of parseTargetUrl method  
						
						
						
					 
					
						2011-01-24 14:52:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4093599f38 
							
						 
					 
					
						
						
							
							added parseTargetUrl to redirect choice  
						
						
						
					 
					
						2011-01-24 14:45:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e1db2700f0 
							
						 
					 
					
						
						
							
							Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads  
						
						
						
					 
					
						2011-01-24 12:25:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8d0c2efbe2 
							
						 
					 
					
						
						
							
							unescaping of char marked payloads  
						
						
						
					 
					
						2011-01-24 12:00:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4441e11f68 
							
						 
					 
					
						
						
							
							fix for case -r with no params and cookie available  
						
						
						
					 
					
						2011-01-24 11:26:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47fa600c04 
							
						 
					 
					
						
						
							
							Minor fix and cosmetics  
						
						
						
					 
					
						2011-01-24 11:12:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3e3387113 
							
						 
					 
					
						
						
							
							fix for proper Firebird resume of version  
						
						
						
					 
					
						2011-01-24 11:04:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1145c244e 
							
						 
					 
					
						
						
							
							fix for user-agent injections  
						
						
						
					 
					
						2011-01-23 23:23:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							818c9787b2 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-23 21:20:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b18397fbc7 
							
						 
					 
					
						
						
							
							major revisit of --os-shell methods  
						
						
						
					 
					
						2011-01-23 20:47:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ff7707579f 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-01-23 11:35:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5ff78d40c 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-01-23 11:21:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							97f66a87c5 
							
						 
					 
					
						
						
							
							minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message  
						
						
						
					 
					
						2011-01-23 10:51:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3a5f0760f6 
							
						 
					 
					
						
						
							
							minor optimization (only way to prematurely stop SAX parser)  
						
						
						
					 
					
						2011-01-23 10:12:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30cd877c4a 
							
						 
					 
					
						
						
							
							fix for URI based injections  
						
						
						
					 
					
						2011-01-22 16:23:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c4c79477d 
							
						 
					 
					
						
						
							
							world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)  
						
						
						
					 
					
						2011-01-21 18:32:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							03a880c6f1 
							
						 
					 
					
						
						
							
							Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors  
						
						
						
					 
					
						2011-01-20 22:02:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0f2634c4b0 
							
						 
					 
					
						
						
							
							Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle)  
						
						
						
					 
					
						2011-01-20 22:01:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							97573693be 
							
						 
					 
					
						
						
							
							Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT  
						
						
						
					 
					
						2011-01-20 21:59:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f1b402b103 
							
						 
					 
					
						
						
							
							Proper handling of CASE in Oracle, finally  
						
						
						
					 
					
						2011-01-20 21:58:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4128b2c87f 
							
						 
					 
					
						
						
							
							Enforce that when --prefix is provided, --suffix is too and viceversa.  
						
						
						
					 
					
						2011-01-20 21:57:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d1c704575 
							
						 
					 
					
						
						
							
							Moved little precaution from checks.py to common.py.  
						
						... 
						
						
						
						Initial refactoring of kb.os* get/set. 
						
					 
					
						2011-01-20 21:56:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9770db597e 
							
						 
					 
					
						
						
							
							Centralization of unescape()  
						
						
						
					 
					
						2011-01-20 21:55:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e734efcda7 
							
						 
					 
					
						
						
							
							Removed deprecated code  
						
						
						
					 
					
						2011-01-20 21:50:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							496a84c356 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 18:32:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dd7262d9e6 
							
						 
					 
					
						
						
							
							we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode  
						
						
						
					 
					
						2011-01-20 17:53:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ad12242151 
							
						 
					 
					
						
						
							
							LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)  
						
						
						
					 
					
						2011-01-20 16:27:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e8c037de1a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 16:17:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4e5f0da1ae 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 16:07:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2fa066f892 
							
						 
					 
					
						
						
							
							added support for WebScarab logs  
						
						
						
					 
					
						2011-01-20 15:55:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							345e2288e1 
							
						 
					 
					
						
						
							
							important fix regarding encoding stuff  
						
						
						
					 
					
						2011-01-20 13:54:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f6f4b5e9dd 
							
						 
					 
					
						
						
							
							bug fix for charset used in inference for pages retrieved with --null-connection  
						
						
						
					 
					
						2011-01-20 11:01:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4a0f10950 
							
						 
					 
					
						
						
							
							minor minor minor  
						
						
						
					 
					
						2011-01-20 09:25:34 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							701947490b 
							
						 
					 
					
						
						
							
							Two major bug fixes related to UNION technique query forging  
						
						
						
					 
					
						2011-01-19 23:46:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a060e756d 
							
						 
					 
					
						
						
							
							dummy fix for SQLite schema retrieval (lots of spaces inside)  
						
						
						
					 
					
						2011-01-19 23:16:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bade0e3124 
							
						 
					 
					
						
						
							
							Major code refactoring - centralized all kb.dbms* info for both retrieval and set.  
						
						
						
					 
					
						2011-01-19 23:06:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4bdc19d879 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-19 22:48:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c106dc829a 
							
						 
					 
					
						
						
							
							more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)  
						
						
						
					 
					
						2011-01-19 22:08:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7ad41f9b19 
							
						 
					 
					
						
						
							
							bug fix (UnboundLocalError: local variable 'colType' referenced before assignment)  
						
						
						
					 
					
						2011-01-19 21:46:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aea43a1e43 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-01-19 15:26:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eadaf680de 
							
						 
					 
					
						
						
							
							fuck yea  
						
						
						
					 
					
						2011-01-19 15:25:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							89e0fd0709 
							
						 
					 
					
						
						
							
							back to roots  
						
						
						
					 
					
						2011-01-19 14:06:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							33485198e1 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-01-18 23:05:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eda0b41859 
							
						 
					 
					
						
						
							
							Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.  
						
						... 
						
						
						
						Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup 
						
					 
					
						2011-01-18 23:03:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cffa17f5a6 
							
						 
					 
					
						
						
							
							Major bug fix - before it raised a traceback, now works.  
						
						
						
					 
					
						2011-01-18 23:02:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							daebb0010b 
							
						 
					 
					
						
						
							
							Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.  
						
						... 
						
						
						
						Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup. 
						
					 
					
						2011-01-18 23:02:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							38d0958781 
							
						 
					 
					
						
						
							
							minor fix (for numeric columns with all 0)  
						
						
						
					 
					
						2011-01-18 11:42:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3822b494ea 
							
						 
					 
					
						
						
							
							Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.  
						
						
						
					 
					
						2011-01-17 23:43:37 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c2a358561f 
							
						 
					 
					
						
						
							
							Proper support for --union-cols  
						
						
						
					 
					
						2011-01-17 22:57:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							35fb50a6ee 
							
						 
					 
					
						
						
							
							Major bug fix  
						
						
						
					 
					
						2011-01-17 22:56:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47565f9459 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2011-01-17 21:13:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							041abb56e2 
							
						 
					 
					
						
						
							
							you can't believe how much man can learn when having good testing points  
						
						
						
					 
					
						2011-01-17 13:59:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d225c5c9aa 
							
						 
					 
					
						
						
							
							was wrong about this one (just now tested on a real site)  
						
						
						
					 
					
						2011-01-17 11:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac0b5e6dbc 
							
						 
					 
					
						
						
							
							proper way to handle this (console output has totally different encoding than the page one)  
						
						
						
					 
					
						2011-01-17 10:27:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34d13be0d3 
							
						 
					 
					
						
						
							
							minor update regarding default page encoding  
						
						
						
					 
					
						2011-01-17 10:23:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5c857779c1 
							
						 
					 
					
						
						
							
							important fix for unicode based character inference  
						
						
						
					 
					
						2011-01-17 10:15:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							99a3a3b89c 
							
						 
					 
					
						
						
							
							minor fix (break if all found)  
						
						
						
					 
					
						2011-01-17 09:41:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0fcca671bd 
							
						 
					 
					
						
						
							
							information update regarding common password suffixes  
						
						
						
					 
					
						2011-01-17 09:28:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a835f233ac 
							
						 
					 
					
						
						
							
							fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer')  
						
						
						
					 
					
						2011-01-17 00:17:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2041361695 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-16 23:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e2c821eb81 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-16 22:35:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e881465a9f 
							
						 
					 
					
						
						
							
							minor improvement  
						
						
						
					 
					
						2011-01-16 20:55:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5e36876e7 
							
						 
					 
					
						
						
							
							removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency  
						
						
						
					 
					
						2011-01-16 19:29:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6516798c0 
							
						 
					 
					
						
						
							
							proper fix for that previous "stacked" fix (that one screwed other injection types)  
						
						
						
					 
					
						2011-01-16 19:25:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5476a8a27e 
							
						 
					 
					
						
						
							
							russian sites are great for testing :)  
						
						
						
					 
					
						2011-01-16 19:00:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19dcaeaabf 
							
						 
					 
					
						
						
							
							fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated)  
						
						
						
					 
					
						2011-01-16 18:25:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							718eef8753 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-16 18:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30d6791968 
							
						 
					 
					
						
						
							
							update regarding time based data retrieval  
						
						
						
					 
					
						2011-01-16 17:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec1ab3cd2a 
							
						 
					 
					
						
						
							
							removing timeSec from injection configuration attributes as it highly depends on current connection "variables"  
						
						
						
					 
					
						2011-01-16 12:12:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2001bad7e1 
							
						 
					 
					
						
						
							
							automatic adjustment of timeSec for delayed queries  
						
						
						
					 
					
						2011-01-16 12:04:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71391874eb 
							
						 
					 
					
						
						
							
							slightly faster and thread safer inference  
						
						
						
					 
					
						2011-01-16 10:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc4ebdc1b 
							
						 
					 
					
						
						
							
							Major bug fix.  
						
						... 
						
						
						
						Minor code refactoring. 
						
					 
					
						2011-01-16 01:17:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c0d5daee99 
							
						 
					 
					
						
						
							
							More refactoring and cleanup  
						
						
						
					 
					
						2011-01-16 00:15:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							29ea0950b6 
							
						 
					 
					
						
						
							
							now False is also affected (along with None and "")  
						
						
						
					 
					
						2011-01-15 23:43:26 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e4b65a822 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-15 23:28:31 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							558f3894f4 
							
						 
					 
					
						
						
							
							Minor improvement  
						
						
						
					 
					
						2011-01-15 23:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d3a28124b1 
							
						 
					 
					
						
						
							
							More code cleanup  
						
						
						
					 
					
						2011-01-15 23:11:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4a35f598b8 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-15 22:09:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f565c941e 
							
						 
					 
					
						
						
							
							bug fix and proper warning message  
						
						
						
					 
					
						2011-01-15 16:59:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e105e1ea32 
							
						 
					 
					
						
						
							
							bug fix (some sites raise 404 during union tests)  
						
						
						
					 
					
						2011-01-15 16:42:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3873d204bb 
							
						 
					 
					
						
						
							
							important update for dictionary attack  
						
						
						
					 
					
						2011-01-15 15:56:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e17ac5fdca 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-15 15:14:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5bdb50c224 
							
						 
					 
					
						
						
							
							code review part 3  
						
						
						
					 
					
						2011-01-15 13:15:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1fa8f0cba7 
							
						 
					 
					
						
						
							
							code reviewing part 2  
						
						
						
					 
					
						2011-01-15 12:53:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a0e0cde3c 
							
						 
					 
					
						
						
							
							code review of modules in lib/core directory  
						
						
						
					 
					
						2011-01-15 12:13:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05b2a338fe 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-14 16:12:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bff989d348 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-14 15:43:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							daf5662eab 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-14 15:33:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1cfd6a6b9d 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-01-14 15:16:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08f7e20c51 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 14:55:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9d7cdfaa 
							
						 
					 
					
						
						
							
							refactoring, code clearing and removal of obsolete switch --longest-common  
						
						
						
					 
					
						2011-01-14 14:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							534f51f9fc 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-14 14:20:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e9b11b79 
							
						 
					 
					
						
						
							
							Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.  
						
						
						
					 
					
						2011-01-14 12:47:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3c95d71ea5 
							
						 
					 
					
						
						
							
							Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase  
						
						
						
					 
					
						2011-01-14 11:55:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7d9fd5a7b7 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-14 09:49:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b2c7ae77d4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-14 09:45:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							676b95b30a 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 09:44:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f8c04ce020 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-13 20:59:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a1d1f69c3f 
							
						 
					 
					
						
						
							
							revert  
						
						
						
					 
					
						2011-01-13 15:28:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d937e27b19 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-13 15:19:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b0fdbdb13b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-13 15:15:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							877ea31521 
							
						 
					 
					
						
						
							
							Verbose docstring  
						
						
						
					 
					
						2011-01-13 12:05:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac5b49f555 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-13 11:24:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af4ee81e62 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2011-01-13 11:23:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ece2eb31ca 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-13 11:08:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee4727850c 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-13 10:29:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ca33728fbc 
							
						 
					 
					
						
						
							
							Minor fix to avoid query splitting/unpacking when the statement is EXISTS()  
						
						
						
					 
					
						2011-01-13 10:00:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							be6e2d6a31 
							
						 
					 
					
						
						
							
							Important bug fix.  
						
						... 
						
						
						
						Minor code restyling. 
						
					 
					
						2011-01-13 09:41:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b3a0f38f3f 
							
						 
					 
					
						
						
							
							Minor code refactoring and added internal debug prints  
						
						
						
					 
					
						2011-01-12 12:03:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af9725214a 
							
						 
					 
					
						
						
							
							Properly deal with partial (single entry) UNION injections.  
						
						... 
						
						
						
						Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase. 
						
					 
					
						2011-01-12 12:01:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3cff42986f 
							
						 
					 
					
						
						
							
							Code cleanup  
						
						
						
					 
					
						2011-01-12 01:17:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8a67aea754 
							
						 
					 
					
						
						
							
							One more step to fully working UNION exploitation after merge into detection phase  
						
						
						
					 
					
						2011-01-12 01:13:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c6f7556f 
							
						 
					 
					
						
						
							
							Minor update  
						
						
						
					 
					
						2011-01-12 00:53:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8bdb7ec58c 
							
						 
					 
					
						
						
							
							Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.  
						
						
						
					 
					
						2011-01-12 00:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							873951ab92 
							
						 
					 
					
						
						
							
							Proper fix to avoid UNION test false positives  
						
						
						
					 
					
						2011-01-11 23:59:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c2e994e806 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2011-01-11 23:56:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5c7c3c76c3 
							
						 
					 
					
						
						
							
							Fixed previous bug in getErrorParsedDBMSes() call in detection phase.  
						
						... 
						
						
						
						Added minor support to escape quotes in UNION payloads during detection phase. 
						
					 
					
						2011-01-11 23:47:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							aa49aa579f 
							
						 
					 
					
						
						
							
							Major bug fix  
						
						
						
					 
					
						2011-01-11 23:09:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f5995a7eb 
							
						 
					 
					
						
						
							
							Added generic and mysql UNION tests from 1 to 25 columns.  
						
						... 
						
						
						
						Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests. 
						
					 
					
						2011-01-11 22:56:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							300128042c 
							
						 
					 
					
						
						
							
							First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.  
						
						... 
						
						
						
						Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY. 
						
					 
					
						2011-01-11 22:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06230e4d92 
							
						 
					 
					
						
						
							
							Minor code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-11 21:46:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3146464da 
							
						 
					 
					
						
						
							
							minor fix for a bug reported by nightman  
						
						
						
					 
					
						2011-01-11 12:27:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							643c464268 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-11 12:16:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							394b6bc029 
							
						 
					 
					
						
						
							
							reverting some changes  
						
						
						
					 
					
						2011-01-11 12:11:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							54e0ba935a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-11 12:08:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							690281dce1 
							
						 
					 
					
						
						
							
							didn't know this to be honest  
						
						
						
					 
					
						2011-01-11 10:17:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0676b38063 
							
						 
					 
					
						
						
							
							revert of one thing for Bernardo and minor update  
						
						
						
					 
					
						2011-01-10 10:30:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							77b51dae57 
							
						 
					 
					
						
						
							
							adding openFile method with an exception block around file opening part  
						
						
						
					 
					
						2011-01-08 09:30:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3899f7467 
							
						 
					 
					
						
						
							
							fix of a fix  
						
						
						
					 
					
						2011-01-07 18:07:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e83a26acf 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-07 17:53:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ed2aed972f 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-07 17:38:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							27628dca42 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-07 17:25:22 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							97ae7e330f 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-07 17:10:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e373dac1f2 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2011-01-07 16:50:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c17714c423 
							
						 
					 
					
						
						
							
							suppress session in case of brute methods  
						
						
						
					 
					
						2011-01-07 16:47:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b313a20a3f 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2011-01-07 16:39:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							16a06117f7 
							
						 
					 
					
						
						
							
							Mere cosmetics  
						
						
						
					 
					
						2011-01-07 16:36:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1a079c62cb 
							
						 
					 
					
						
						
							
							minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)  
						
						
						
					 
					
						2011-01-07 16:08:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1c86ec374e 
							
						 
					 
					
						
						
							
							Code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-07 15:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a8d660db54 
							
						 
					 
					
						
						
							
							fixes for bugs reported by pragmatk@gmail.com  
						
						
						
					 
					
						2011-01-06 16:59:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c968b438f2 
							
						 
					 
					
						
						
							
							Ctrl+C added to union dump  
						
						
						
					 
					
						2011-01-06 09:48:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0616edcc44 
							
						 
					 
					
						
						
							
							adding progress to --union-test  
						
						
						
					 
					
						2011-01-06 09:26:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b9a624546 
							
						 
					 
					
						
						
							
							added progress into union based entry retrieval  
						
						
						
					 
					
						2011-01-06 09:10:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cc9ca802bf 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-06 08:54:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1297df66da 
							
						 
					 
					
						
						
							
							fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed)  
						
						
						
					 
					
						2011-01-06 08:04:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							694a65f6f1 
							
						 
					 
					
						
						
							
							minor fix/update  
						
						
						
					 
					
						2011-01-05 13:32:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7411052456 
							
						 
					 
					
						
						
							
							minor update regarding last commit  
						
						
						
					 
					
						2011-01-05 12:09:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							042e3f76ba 
							
						 
					 
					
						
						
							
							bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded)  
						
						
						
					 
					
						2011-01-05 11:36:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7ae5192070 
							
						 
					 
					
						
						
							
							adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)  
						
						
						
					 
					
						2011-01-05 10:25:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c83e9f6ca5 
							
						 
					 
					
						
						
							
							foundation for filtering binary string values (for example, replacement of non readable chars with #)  
						
						
						
					 
					
						2011-01-04 21:56:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aa81ed4033 
							
						 
					 
					
						
						
							
							implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)  
						
						
						
					 
					
						2011-01-04 15:49:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb11f5b2e0 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-04 13:07:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1dc73d0a1 
							
						 
					 
					
						
						
							
							minor, just in case update related to the previous commit  
						
						
						
					 
					
						2011-01-04 12:56:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							709a7d156b 
							
						 
					 
					
						
						
							
							fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)  
						
						
						
					 
					
						2011-01-04 12:51:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d288c6d6e3 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-04 08:40:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fdc463d08b 
							
						 
					 
					
						
						
							
							fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)  
						
						
						
					 
					
						2011-01-03 23:36:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eabca9fd4 
							
						 
					 
					
						
						
							
							update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)  
						
						
						
					 
					
						2011-01-03 22:31:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08ccbf2c1e 
							
						 
					 
					
						
						
							
							important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)  
						
						
						
					 
					
						2011-01-03 22:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							572f403069 
							
						 
					 
					
						
						
							
							update of one thing that was missing  
						
						
						
					 
					
						2011-01-03 21:28:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ce48ea75d0 
							
						 
					 
					
						
						
							
							noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links  
						
						
						
					 
					
						2011-01-03 14:39:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6aa616bd0d 
							
						 
					 
					
						
						
							
							minor minor fix  
						
						
						
					 
					
						2011-01-03 14:28:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							92e4cdb241 
							
						 
					 
					
						
						
							
							raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic  
						
						
						
					 
					
						2011-01-03 14:21:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							07129371bf 
							
						 
					 
					
						
						
							
							bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)  
						
						
						
					 
					
						2011-01-03 13:04:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3629c2737b 
							
						 
					 
					
						
						
							
							automatically turn on --text-only in case of heavily-dynamicity instead of critical exit  
						
						
						
					 
					
						2011-01-03 11:06:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adc41181e6 
							
						 
					 
					
						
						
							
							some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one  
						
						
						
					 
					
						2011-01-03 10:37:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5860b8942f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 09:16:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d19a8d53e4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 08:46:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8625494ff2 
							
						 
					 
					
						
						
							
							added one new quick check for multiple target(s) mode  
						
						
						
					 
					
						2011-01-03 08:32:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f9b6b2254 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2011-01-02 16:51:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f762f32de8 
							
						 
					 
					
						
						
							
							bug fix for proper --parse-errors on .aspx pages  
						
						
						
					 
					
						2011-01-02 13:00:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dce9a762f1 
							
						 
					 
					
						
						
							
							important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode  
						
						
						
					 
					
						2011-01-02 10:37:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96341f8f78 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-02 09:16:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5c6c870db4 
							
						 
					 
					
						
						
							
							removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode  
						
						
						
					 
					
						2011-01-02 08:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6651ba05eb 
							
						 
					 
					
						
						
							
							another fix (OS was set to None at all previous sessions if there was no explicit OS testing done)  
						
						
						
					 
					
						2011-01-02 08:08:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da138c46c1 
							
						 
					 
					
						
						
							
							added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)  
						
						
						
					 
					
						2011-01-02 07:37:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec4440108b 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-02 07:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							428e817a32 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2011-01-01 23:57:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							212035e64d 
							
						 
					 
					
						
						
							
							user can now choose if he wants to skip non-heuristic based DBMS tests  
						
						
						
					 
					
						2011-01-01 23:38:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8a93cfd975 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 22:43:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							52e44df86c 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 21:11:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							942cbafba6 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 20:19:55 +00:00