Miroslav Stampar
|
12f3024c8a
|
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
|
2011-03-29 20:45:21 +00:00 |
|
Miroslav Stampar
|
9f707febf5
|
minor update
|
2011-03-29 15:43:17 +00:00 |
|
Miroslav Stampar
|
d0861a00e2
|
minor improvement
|
2011-03-29 15:37:57 +00:00 |
|
Miroslav Stampar
|
d28ca5809b
|
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
|
2011-03-29 14:16:28 +00:00 |
|
Miroslav Stampar
|
7cf4ba83dc
|
minor refactoring and comment update
|
2011-03-29 12:08:07 +00:00 |
|
Miroslav Stampar
|
1821a008af
|
Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once
|
2011-03-29 12:00:29 +00:00 |
|
Miroslav Stampar
|
5560196648
|
minor fix
|
2011-03-29 11:50:12 +00:00 |
|
Miroslav Stampar
|
e20d460809
|
Bernardo will kill me (added --wizard for total beginners)
|
2011-03-29 11:42:55 +00:00 |
|
Miroslav Stampar
|
4d78eac938
|
revert of that thingy as requested by Bernardo
|
2011-03-29 10:06:35 +00:00 |
|
Miroslav Stampar
|
a9f5d828c6
|
minor fix avoiding problems with hashing strange characters in usernames
|
2011-03-29 07:50:07 +00:00 |
|
Miroslav Stampar
|
b7813f9e68
|
incrementing level for MySQL stacked payloads
|
2011-03-29 07:31:56 +00:00 |
|
Miroslav Stampar
|
e8debbe724
|
minor cosmetics and one minor fix (|= is a nono with None)
|
2011-03-29 06:38:19 +00:00 |
|
Miroslav Stampar
|
86f93713d3
|
fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update
|
2011-03-29 06:25:17 +00:00 |
|
Miroslav Stampar
|
a2d5358b08
|
minor fix
|
2011-03-28 23:40:46 +00:00 |
|
Miroslav Stampar
|
9e900ccbac
|
minor comment update
|
2011-03-28 23:12:04 +00:00 |
|
Miroslav Stampar
|
a61e287d23
|
making updates for dummy Windows users
|
2011-03-28 23:09:19 +00:00 |
|
Miroslav Stampar
|
bf0e3c4662
|
improvement for --forms with empty fields
|
2011-03-28 22:48:00 +00:00 |
|
Miroslav Stampar
|
1823c116bb
|
minor update for special cases of union testing results
|
2011-03-28 21:45:38 +00:00 |
|
Miroslav Stampar
|
ae53ad4c30
|
making an update for special case of timed out response
|
2011-03-28 21:05:04 +00:00 |
|
Miroslav Stampar
|
1e22ff45de
|
minor update regarding testing of GET parameters if --data and/or --forms is used
|
2011-03-28 16:14:08 +00:00 |
|
Miroslav Stampar
|
625f124263
|
little info message
|
2011-03-28 12:13:17 +00:00 |
|
Miroslav Stampar
|
4312a42b5d
|
another minor fix
|
2011-03-28 12:04:39 +00:00 |
|
Miroslav Stampar
|
3173adbf6b
|
minor update
|
2011-03-28 12:02:31 +00:00 |
|
Miroslav Stampar
|
73e5d20ade
|
bulk commit for safe/unsafe identificator naming (done and tested for all 4 major DBMSes) and one bug fix for --search-column on MSSQL (inside queries)
|
2011-03-28 11:01:55 +00:00 |
|
Bernardo Damele
|
19a6f86954
|
Minor update
|
2011-03-27 16:37:57 +00:00 |
|
Miroslav Stampar
|
08d052d9b8
|
minor update of THANKS file
|
2011-03-27 13:45:19 +00:00 |
|
Miroslav Stampar
|
47924fb92e
|
fix for a bug reported by malice.anon@gmail.com (AttributeError: 'unicode' object has no attribute 'geturl')
|
2011-03-27 13:41:54 +00:00 |
|
Miroslav Stampar
|
76b7e3517d
|
minor update
|
2011-03-27 07:58:15 +00:00 |
|
Miroslav Stampar
|
dba32306b0
|
minor update
|
2011-03-26 22:03:46 +00:00 |
|
Miroslav Stampar
|
d2eb4c6a39
|
update of THANKS file
|
2011-03-26 21:48:36 +00:00 |
|
Miroslav Stampar
|
d8f7c4bc4c
|
minor update regarding support for crypt(3)
|
2011-03-26 21:41:37 +00:00 |
|
Miroslav Stampar
|
4f00b9fa4b
|
minor fix
|
2011-03-26 21:10:31 +00:00 |
|
Miroslav Stampar
|
afe2be6a9f
|
implementation of Standard DES hashing (crypt)
|
2011-03-26 20:46:25 +00:00 |
|
Miroslav Stampar
|
04c4578df7
|
minor fix
|
2011-03-26 05:55:49 +00:00 |
|
Miroslav Stampar
|
58f8703ecd
|
minor update before bedtime
|
2011-03-25 22:59:18 +00:00 |
|
Miroslav Stampar
|
ae12dee990
|
minor update
|
2011-03-25 22:08:54 +00:00 |
|
Miroslav Stampar
|
c9baa0094b
|
going global for protection of non-standard identificator naming
|
2011-03-25 22:02:28 +00:00 |
|
Miroslav Stampar
|
5a1f733a43
|
minor update (_ is part of normal identificator naming)
|
2011-03-25 21:49:20 +00:00 |
|
Miroslav Stampar
|
1a98095a93
|
minor improvement for that MySQL identification naming
|
2011-03-25 21:46:49 +00:00 |
|
Miroslav Stampar
|
1119a85f39
|
it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)
|
2011-03-25 21:31:26 +00:00 |
|
Miroslav Stampar
|
48c4460e2c
|
bug fixed (there was a huge problem with space containing identifiers - fixed and tested for MySQL)
|
2011-03-25 21:22:06 +00:00 |
|
Miroslav Stampar
|
6c6133e8aa
|
revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)
|
2011-03-25 20:46:37 +00:00 |
|
Miroslav Stampar
|
737b4abf13
|
this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)
|
2011-03-25 20:30:15 +00:00 |
|
Miroslav Stampar
|
af39a441fa
|
minor improvement when --dbs returns no database names (like in many cases with MySQL 4)
|
2011-03-25 19:50:06 +00:00 |
|
Miroslav Stampar
|
5eb7787fc9
|
adding partial union cases to the live tests
|
2011-03-25 15:56:15 +00:00 |
|
Miroslav Stampar
|
670aa7f99b
|
update for live tests (added dumping of columns and table values)
|
2011-03-25 15:37:11 +00:00 |
|
Miroslav Stampar
|
422967fbcd
|
just an minor update related to the last commit
|
2011-03-25 12:21:53 +00:00 |
|
Miroslav Stampar
|
c5b6d377fb
|
fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)
|
2011-03-25 12:14:19 +00:00 |
|
Miroslav Stampar
|
af5342c495
|
fix for partial inband queries on MSSQL
|
2011-03-25 11:19:15 +00:00 |
|
Miroslav Stampar
|
e80c9e08d8
|
minor update regarding --live-test
|
2011-03-25 09:03:08 +00:00 |
|