Miroslav Stampar
c948bced61
should solve the problem with timeout problems in time-based payloads
2010-12-20 16:45:41 +00:00
Miroslav Stampar
eaf8929085
more minor updates
2010-12-20 10:48:53 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
108a96c6b4
some fixes
2010-12-17 21:45:20 +00:00
Miroslav Stampar
b4450c6ddd
added one more level of MSSQL version check (if first fails for some reason)
2010-12-17 21:01:14 +00:00
Miroslav Stampar
95b2c0803b
minor fix
2010-12-15 20:51:29 +00:00
Miroslav Stampar
cda00c7501
code refactoring
2010-12-15 12:43:56 +00:00
Miroslav Stampar
3f34b06a24
minor cosmetics
2010-12-15 12:34:14 +00:00
Miroslav Stampar
445cc3bf3c
minor cosmetics
2010-12-15 12:15:43 +00:00
Miroslav Stampar
c1c525aaea
quick fix of a fix
2010-12-15 12:10:33 +00:00
Miroslav Stampar
270ae0f080
just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False
2010-12-14 09:05:00 +00:00
Bernardo Damele
a02dd6b55b
Minor enhancement to speedup active dbms fingerprint (-f).
...
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
6a3c4485e6
minor update (removing extra ())
2010-12-12 14:44:39 +00:00
Miroslav Stampar
f7344a5fc3
update
2010-12-11 21:28:11 +00:00
Miroslav Stampar
e6c66fa37c
update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
2010-12-11 17:55:28 +00:00
Miroslav Stampar
e32fa9df43
further update regarding bugtrace's report
2010-12-11 17:32:15 +00:00
Miroslav Stampar
5d18c98ec2
quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment)
2010-12-11 17:20:39 +00:00
Miroslav Stampar
03447acc1d
avoiding some trashy match ratios
2010-12-11 17:12:19 +00:00
Miroslav Stampar
3dc0a51d34
major bug fix with boolean expressions
2010-12-11 08:46:19 +00:00
Miroslav Stampar
ac9080c07b
update
2010-12-11 08:24:29 +00:00
Miroslav Stampar
66db80804d
fix
2010-12-10 16:03:32 +00:00
Miroslav Stampar
435f48b8cc
polite cosmetics
2010-12-10 15:28:56 +00:00
Miroslav Stampar
977988c0ab
cosmetics
2010-12-10 15:24:25 +00:00
Miroslav Stampar
fa8d378e80
another update
2010-12-10 15:18:15 +00:00
Miroslav Stampar
1ef44cfe60
fix
2010-12-10 15:06:53 +00:00
Miroslav Stampar
fe186cde55
proper fix
2010-12-10 13:26:31 +00:00
Miroslav Stampar
9957881040
you won't believe commit
2010-12-10 13:20:59 +00:00
Miroslav Stampar
1fc9ed10a8
minor refactoring
2010-12-10 12:30:36 +00:00
Miroslav Stampar
4d8628e8fb
fix for booleans
2010-12-10 12:26:01 +00:00
Miroslav Stampar
471d9ccd65
another fix of my lala
2010-12-10 10:11:25 +00:00
Miroslav Stampar
029a6abba2
quick fix
2010-12-10 09:54:25 +00:00
Miroslav Stampar
441fc8dbd9
update regarding boolean based expressions
2010-12-09 21:15:18 +00:00
Miroslav Stampar
1492823de0
it wasn't pretty, now it's pretty
2010-12-09 20:06:20 +00:00
Bernardo Damele
9230877d98
cosmetics
2010-12-09 13:57:38 +00:00
Miroslav Stampar
196131bbca
minor cosmetics
2010-12-09 10:42:00 +00:00
Miroslav Stampar
3fd1c37d53
update
2010-12-09 07:49:18 +00:00
Bernardo Damele
b5c6527c72
Minor fix
2010-12-09 00:25:48 +00:00
Bernardo Damele
f5ce739bdf
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
2010-12-08 23:52:31 +00:00
Miroslav Stampar
54f6673609
update
2010-12-08 22:38:26 +00:00
Miroslav Stampar
d6077273e0
update
2010-12-08 22:14:42 +00:00
Miroslav Stampar
40fadf2f35
minor update
2010-12-08 14:33:10 +00:00
Miroslav Stampar
01cf1394a4
code refactoring
2010-12-08 14:26:40 +00:00
Miroslav Stampar
6223f25dd9
code beautification
2010-12-08 13:04:48 +00:00
Miroslav Stampar
64cc2588f1
now resume is available for time-based blinds too
2010-12-08 12:49:26 +00:00
Miroslav Stampar
537b619165
removing junk
2010-12-08 12:30:25 +00:00
Miroslav Stampar
b5e45939e3
sqlmap premiere of blind time based query/bisection
2010-12-08 12:28:54 +00:00
Miroslav Stampar
47bb31fb47
code refactoring
2010-12-08 11:30:25 +00:00
Miroslav Stampar
1ae2fa7f1a
update regarding time based payloads
2010-12-08 11:26:54 +00:00
Miroslav Stampar
bdff4aba6a
switching to quick_ratio
2010-12-07 23:57:43 +00:00
Miroslav Stampar
c1b82cf09c
ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results
2010-12-07 23:53:44 +00:00
Miroslav Stampar
a4a63f5b1e
minor update
2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
2010-12-07 23:32:33 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Bernardo Damele
81e7465ed2
Cosmetics
2010-12-07 17:16:21 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
e53fef546e
update regarding session page templates
2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f
code refactoring
2010-12-07 13:34:06 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe
Got rid of UNION false cond
2010-12-05 16:16:15 +00:00
Miroslav Stampar
9e5f933ace
some updates
2010-12-04 15:47:02 +00:00
Miroslav Stampar
eeb199375b
usage of compiled regexes in case of dynamic markings and other refactoring
2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8
code refactoring
2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
2010-12-04 10:05:18 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Bernardo Damele
5d37df6104
Ugly code to set the cookies when got them from a 302 redirect too
2010-12-03 17:41:10 +00:00
Bernardo Damele
11058667e4
Better naming
2010-12-03 14:45:13 +00:00
Bernardo Damele
22de82634a
Important update to parse correctly the <where> tag during exploitation phase.
...
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Bernardo Damele
283a04e29a
On my way to properly parse test's <where> tag in exploitation phase
2010-12-01 23:32:58 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
025361c970
Higher precedence to union query sql inj than error-based
2010-12-01 10:57:17 +00:00
Miroslav Stampar
e735f2960a
minor update
2010-11-29 15:25:45 +00:00
Bernardo Damele
472f4465a6
Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
...
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
253eafb643
paranoid cosmetics
2010-11-24 12:03:01 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Miroslav Stampar
3d25071d06
another minor improvement regarding logging of http traffic
2010-11-17 12:16:48 +00:00
Miroslav Stampar
3e569a1693
minor update
2010-11-17 12:04:33 +00:00
Miroslav Stampar
5abbea4a9f
fix for a bug reported by nightman (unknown charset 'null')
2010-11-17 09:57:32 +00:00
Miroslav Stampar
3487429eac
minor cosmetics
2010-11-16 14:41:46 +00:00
Miroslav Stampar
3640dbf745
fix for --parse-errors (on IIS HTTP error is raised which need to be processed)
2010-11-16 14:33:30 +00:00
Miroslav Stampar
6232397129
minor update
2010-11-16 10:52:49 +00:00
Miroslav Stampar
6ef3846400
update regarding error parsing (and reporting)
2010-11-16 10:42:42 +00:00
Bernardo Damele
71cb982039
Another bug fix to --union-test
2010-11-15 21:42:56 +00:00
Miroslav Stampar
06a872fc99
update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))
2010-11-12 22:57:33 +00:00
Miroslav Stampar
27735b14df
update (--string and --regex should be done regardless of wasLastRequestError)
2010-11-12 22:44:15 +00:00
Miroslav Stampar
697b32554c
fix for a bug "ordinal not in range(128)" reported by bugtrace
2010-11-12 11:48:25 +00:00
Bernardo Damele
f83dd2251b
Properly save error-based enumerated data in session file, able to be resumed like with other techniques
2010-11-12 11:40:37 +00:00
Bernardo Damele
a14e4d9668
Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.
2010-11-12 10:16:39 +00:00
Miroslav Stampar
19c1bfa368
just a precaution (now i really need to go for a sleep)
2010-11-09 23:38:29 +00:00
Miroslav Stampar
88c00e61d3
another update
2010-11-09 23:35:37 +00:00
Miroslav Stampar
47720a43dd
minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)
2010-11-09 23:21:21 +00:00
Miroslav Stampar
5ebd5d935c
another name change
2010-11-09 22:49:31 +00:00
Miroslav Stampar
06f00cf8c1
name change
2010-11-09 22:48:22 +00:00
Miroslav Stampar
fef60d5cb7
some fixes :)
2010-11-09 22:32:05 +00:00
Bernardo Damele
1cc99e2247
Possible quick fix for missing of True/False comparison of stable-but-not-really pages
2010-11-09 21:39:58 +00:00
Bernardo Damele
45ec8c169a
Consistency between --*-test switches/output
2010-11-08 16:46:25 +00:00
Miroslav Stampar
fda8752dca
revert of some HTTP headers handling
2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483
More replacements for refactoring.
...
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
eb999de0f1
added Range handler (dealing with 206 HTTP messages)
2010-11-08 12:26:13 +00:00
Miroslav Stampar
875781bf97
another minor fix
2010-11-08 11:55:56 +00:00
Miroslav Stampar
4a4a3051e5
fix
2010-11-08 11:39:07 +00:00
Miroslav Stampar
a3de10e3a2
new option -t
2010-11-08 11:22:47 +00:00
Miroslav Stampar
0d0e2a2228
minor update
2010-11-08 09:49:57 +00:00
Miroslav Stampar
d551423379
further enum refactoring
2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a
refactoring regarding injection place (more left)
2010-11-08 08:02:36 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Bernardo Damele
a96467b3e2
Refactoring
2010-11-07 21:55:24 +00:00
Miroslav Stampar
7a6c086a27
setting direct query info output to same level as payload info (logger.DEBUG)
2010-11-07 21:42:36 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
620fa1c8fb
trust me, i know what i am doing :)
2010-11-07 20:33:33 +00:00
Bernardo Damele
4d81da6bc8
Cosmetics
2010-11-07 16:23:03 +00:00
Miroslav Stampar
00dfd55830
added powerful switch --longest-common for dealing with heavy dynamicity
2010-11-07 08:52:09 +00:00
Miroslav Stampar
508b9cc763
dynamicity engine update
2010-11-07 00:12:00 +00:00
Miroslav Stampar
3619fc5127
minor update
2010-11-06 08:31:11 +00:00
Miroslav Stampar
0e895fa512
update of dynamicity testing and few misc fixes
2010-11-05 13:14:12 +00:00
Miroslav Stampar
ef1809464d
bug fix for that BadStatusLine ( http://bugs.python.org/issue8450 )
2010-11-05 11:58:20 +00:00
Miroslav Stampar
6295a59a30
minor update/fix
2010-11-05 11:39:35 +00:00
Miroslav Stampar
5f7f4bf15b
minor debug update (probably temporary)
2010-11-05 11:04:00 +00:00
Miroslav Stampar
29b7c5366c
cosmetics
2010-11-04 17:22:33 +00:00
Miroslav Stampar
e1cec8c02b
fix for all that stable, dynamic mambo jambo :)
2010-11-04 16:44:34 +00:00
Miroslav Stampar
f1f7e0bfe0
fix for "unknown charset 'en_us'" (reported by ToR)
2010-11-04 13:56:01 +00:00
Bernardo Damele
b152b1a04d
Cosmetics
2010-11-03 22:07:13 +00:00
Miroslav Stampar
71d0b1bcd7
several bug fixes
2010-11-03 21:51:36 +00:00
Miroslav Stampar
44678fa320
fix for a bug reported by ToR (TypeError: unsupported operand type(s) for *: 'float' and 'NoneType')
2010-11-03 12:40:11 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00
Miroslav Stampar
861706fb31
fix for bug reported by ToR (unknown charset 'utf-8, text/html')
2010-11-02 18:01:10 +00:00
Miroslav Stampar
685a8e7d2c
refactoring of hard coded dbms names
2010-11-02 11:59:24 +00:00
Miroslav Stampar
5269cb8c08
some code refactoring and beautification
2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a
one bug fix in dynamic content engine and some code refactoring
2010-11-02 07:32:08 +00:00
Bernardo Damele
486a113560
Consolidate logger messages for --*-test switches
2010-10-31 16:58:38 +00:00
Bernardo Damele
3eda4510e2
Properly encode the cookie
2010-10-31 11:26:33 +00:00
Bernardo Damele
3a48bee9b0
Minor code refactoring
2010-10-31 11:03:59 +00:00
Bernardo Damele
8cf0ebde1e
Cosmetics
2010-10-29 23:00:48 +00:00
Miroslav Stampar
cbf38436f2
minor update
2010-10-29 16:15:23 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Miroslav Stampar
895efd28a6
one more update regarding Bug #205
2010-10-28 23:22:13 +00:00
Miroslav Stampar
788eb8fb50
update regarding Bug #205
2010-10-28 22:59:51 +00:00
Bernardo Damele
f5904d0bc0
Major bug fix to --union-test
2010-10-25 23:39:55 +00:00
Miroslav Stampar
228ac0cde5
refactoring regarding --check-payload
2010-10-25 18:38:54 +00:00
Miroslav Stampar
378653a1ec
added IDS payload testing
2010-10-25 15:37:43 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
24c5d7b313
code refactoring
2010-10-25 14:06:56 +00:00
Miroslav Stampar
9c94a233a1
conf.md5hash thrown out
2010-10-25 13:52:21 +00:00
Miroslav Stampar
32728d14b7
fix for --union-use with --error-test
2010-10-25 12:25:29 +00:00
Miroslav Stampar
71543092b7
update regarding comparison engine
2010-10-25 12:00:59 +00:00
Miroslav Stampar
8df7c88174
implementation of a new dynamic content removal engine
2010-10-25 10:41:37 +00:00
Miroslav Stampar
db260c44d3
minor update
2010-10-24 22:25:05 +00:00
Miroslav Stampar
dec4d858b3
fix for Bug #207
2010-10-22 14:01:48 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947
refactoring regarding __START__,...
2010-10-21 09:51:07 +00:00
Miroslav Stampar
2668c95ef4
added default HTTP version used by httplib and urllib2
2010-10-21 09:10:07 +00:00
Bernardo Damele
7f1aa3b94f
Removed unused imports
2010-10-20 22:48:51 +00:00
Miroslav Stampar
934adb5e8d
code refactoring
2010-10-20 09:09:04 +00:00
Miroslav Stampar
b032fdbf74
added randInt to error injection vectors
2010-10-20 08:56:58 +00:00
Miroslav Stampar
dabbcf9e23
fix for that 'Subquery returns more than 1 row'
2010-10-20 08:50:05 +00:00
Miroslav Stampar
82f44989ce
update of error based injection and bug fix for --roles on MSSQL server
2010-10-20 06:40:33 +00:00
Miroslav Stampar
8776db872c
minor refactoring
2010-10-19 23:05:24 +00:00
Miroslav Stampar
1b376c99a6
removed temp dictionary and replaced with kb.misc
2010-10-19 23:00:19 +00:00
Miroslav Stampar
7927e97007
update
2010-10-19 18:34:57 +00:00
Miroslav Stampar
415524bd5a
remove --error, now it's only --error-test (it needs to return True to be able to use it)
2010-10-19 18:34:14 +00:00
Miroslav Stampar
4009ef385e
more update regarding error based injection support
2010-10-19 18:17:34 +00:00
Miroslav Stampar
b2e0b615f8
fix for that MySQL checking
2010-10-19 17:38:39 +00:00
Miroslav Stampar
34d7de1d46
cosmetics
2010-10-19 15:28:54 +00:00
Miroslav Stampar
d7622bb9cf
major fix for MySQL error based injections
2010-10-19 15:17:16 +00:00
Miroslav Stampar
80505de15b
now --users work on Oracle and Postgre (tested)
2010-10-19 14:56:57 +00:00
Miroslav Stampar
4bc541ec3c
error based update
2010-10-19 14:47:13 +00:00
Miroslav Stampar
d0ebe428da
i've left error flag
2010-10-19 14:12:34 +00:00
Miroslav Stampar
bf850af2d8
fix for Oracle error based query "space" problem
2010-10-19 14:10:09 +00:00
Miroslav Stampar
6a8b1046d4
first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)
2010-10-19 12:02:04 +00:00
Miroslav Stampar
8b8fff41fe
cosmetics (adding html parsed DBMS) regarding heuristic check
2010-10-18 12:11:16 +00:00
Bernardo Damele
36bc410333
Minor bug fix
2010-10-18 09:50:23 +00:00
Miroslav Stampar
149837ebf5
added the same for proxy authorization header
2010-10-18 09:02:56 +00:00
Miroslav Stampar
aaebb4336e
fix for Bug #202
2010-10-18 08:54:08 +00:00
Miroslav Stampar
dcb9c2103a
just in case update
2010-10-15 11:20:19 +00:00
Bernardo Damele
5f6d88a418
Minor comment
2010-10-15 11:17:17 +00:00
Bernardo Damele
c5e385f77a
More layout adjustments
2010-10-15 10:28:34 +00:00
Miroslav Stampar
207bef7f19
fix for that SQLite3 vs SQLite2 issue
2010-10-15 09:39:41 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Bernardo Damele
1674142d82
Minor cosmetic fixes
2010-10-14 15:28:54 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
162d01abed
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
2010-10-14 11:06:28 +00:00
Miroslav Stampar
dc50543ea4
major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)
2010-10-13 23:01:23 +00:00
Miroslav Stampar
36ef8ca575
bug fix
2010-10-13 22:42:48 +00:00
Miroslav Stampar
02a14d4c45
added Referer (part of Feature #37 )
2010-10-13 22:08:09 +00:00
Miroslav Stampar
34580f56fc
added --tamper option
2010-10-12 22:45:25 +00:00
Miroslav Stampar
d2ec132469
added --text-only switch
2010-10-12 19:41:29 +00:00
Miroslav Stampar
1369529103
minor cosmetic update
2010-10-11 13:52:32 +00:00
Miroslav Stampar
43892cddbb
some updates
2010-10-11 12:26:35 +00:00
Miroslav Stampar
8fcad29bbf
new feature --forms (still unfinished)
2010-10-10 18:56:43 +00:00
Miroslav Stampar
adf2231edb
minor update
2010-10-06 13:38:03 +00:00
Miroslav Stampar
cf17debf79
changed connection message priority to critical (when verbose=0 it's displayed too)
2010-09-27 13:34:52 +00:00
Miroslav Stampar
13bb3a6212
minor update
2010-09-23 14:07:23 +00:00
Miroslav Stampar
da8ae5578b
first commit regarding Feature #144
2010-09-22 11:56:35 +00:00
Miroslav Stampar
975b96ae28
minor refactoring
2010-09-16 09:47:33 +00:00
Miroslav Stampar
1741801ade
implementation of HEAD/Range methods
2010-09-16 09:32:09 +00:00
Miroslav Stampar
b745331974
added null connection check
2010-09-16 08:43:10 +00:00
Miroslav Stampar
ecd6b573f7
added method parameter to the queryPage function
2010-09-15 14:17:17 +00:00
Miroslav Stampar
34a8cd75e3
added support for setting HTTP method manualy
2010-09-15 12:45:41 +00:00
Miroslav Stampar
798ab4989b
fix for a Bug #200
2010-09-14 10:35:01 +00:00
Miroslav Stampar
19fb2e3dcf
fix for Bug #165
2010-09-13 13:31:01 +00:00
Miroslav Stampar
53289c6a42
fix for bug reported by Marek Sarvas (unicode)
2010-09-09 14:03:45 +00:00
Miroslav Stampar
27d76847fe
fix for bug reported by Truong Duc Luong
2010-09-01 08:46:21 +00:00
Miroslav Stampar
436b7d82fb
fixed a bug reported by Marek Sarvas
2010-08-22 08:52:15 +00:00
Miroslav Stampar
057ec8a6b2
added --ratio option for direct manipulation of conf.matchRatio parameter
2010-08-10 19:53:29 +00:00
Miroslav Stampar
6a6ff09c9a
fix for a bug reported by Marek Sarvas
2010-07-26 08:11:28 +00:00
Miroslav Stampar
d2f88b6ebe
detecting infinite redirect loops (Feature #192 )
2010-07-19 12:38:30 +00:00
Miroslav Stampar
48a67d6d51
fix for "unknown charset 'windows-874'" reported by Phat R.
2010-07-15 08:44:42 +00:00
Miroslav Stampar
0d08903bc3
some charset fix up
2010-06-30 12:09:33 +00:00
Bernardo Damele
9ea72f9640
Minor bug fixes to -d
2010-06-25 13:24:43 +00:00
Bernardo Damele
9bce22683b
Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g)
2010-06-11 10:08:19 +00:00
Bernardo Damele
fea2414759
Display HTTP request in -v>=3 even if connection failed
2010-06-10 14:42:17 +00:00
Bernardo Damele
5bb8e154eb
Minor code improvements
2010-06-10 14:15:32 +00:00
Miroslav Stampar
36953221f8
few quick changes
2010-06-10 11:34:17 +00:00
Miroslav Stampar
eaef068c90
major bug fix (different HTTP content charsets are now properly handled)
2010-06-09 14:40:36 +00:00
Miroslav Stampar
12a5ec9f3d
more unicode refactoring
2010-06-02 12:45:40 +00:00
Bernardo Damele
e98b049e7f
Added unicode support also to PostgreSQL connector - see #184 .
2010-05-29 11:46:41 +00:00
Bernardo Damele
e811101dce
Minor bug fix
2010-05-28 23:39:52 +00:00
Miroslav Stampar
ac6ce478a0
just removing unneded and possible future source of confusion
2010-05-28 14:19:12 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
94354d0862
removing previous fix
2010-05-28 11:53:27 +00:00
Bernardo Damele
f26de89216
Minor bug fix to correctly deal with unicode queries with -d
2010-05-28 11:32:10 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Miroslav Stampar
5d5ebd49b6
introducing regex caching mechanism
2010-05-21 14:42:59 +00:00
Bernardo Damele
cda8da288c
Minor adjustment
2010-05-21 12:18:43 +00:00
Miroslav Stampar
f6bffb61d3
minor adjustment
2010-05-21 11:51:43 +00:00
Miroslav Stampar
460a1ba872
fix for my imperfect calculations :)
2010-05-21 11:41:49 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Miroslav Stampar
b8a5a54395
minor update
2010-05-15 20:44:08 +00:00
Miroslav Stampar
4984ceac49
some code refactoring and minor speed up (jump prediction rule)
2010-05-14 15:20:34 +00:00
Miroslav Stampar
ed20f1cf33
some more speed up (one time compilation of popular regexes)
2010-05-14 14:48:54 +00:00
Miroslav Stampar
3ead88c364
minor tweak
2010-05-14 14:36:54 +00:00
Miroslav Stampar
131789a6e4
some code refactoring
2010-05-14 14:21:13 +00:00
Miroslav Stampar
5396f13bab
added CPU throttling for lowering sqlmap's CPU intensivity
2010-05-13 15:19:28 +00:00
Miroslav Stampar
ca3e12ae73
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
2010-05-13 11:05:35 +00:00
Bernardo Damele
8b74c405f5
Minor output bug fix
2010-05-11 14:15:03 +00:00
Bernardo Damele
457d32c73e
Proper displaying of debug messages (-v >= 2)
2010-05-11 13:58:53 +00:00
Bernardo Damele
44ea8f1861
Minor adjustment
2010-05-06 11:00:58 +00:00
Bernardo Damele
147e14356d
Major bug fix (reported by Thierry Zoller)
2010-05-06 10:52:40 +00:00
Miroslav Stampar
4928c684b3
one more thing
2010-05-04 08:45:10 +00:00
Miroslav Stampar
789dd6c66f
more quick fixes
2010-05-04 08:43:14 +00:00
Miroslav Stampar
af701cdaa2
better way to handle that last commit problem
2010-05-04 08:36:35 +00:00
Miroslav Stampar
5bc07426e0
added exception handler around block reported by Thierry Zoller
2010-05-04 08:03:48 +00:00
Bernardo Damele
90d9900371
Minor bug fix to consider --start and --stop also in partial UNION query SQL injection
2010-04-30 15:48:40 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Miroslav Stampar
1aeaa5db47
implementation of Feature #176 (Safe URL: avoid being kicked out after N unsuccessful requests)
2010-04-16 12:44:47 +00:00
Bernardo Damele
5e86087cb1
Minor bug fix for -d to avoid resuming queries when they're SELECT on sqlmap own tables, aligned to same resume of -u now.
2010-04-15 10:06:38 +00:00
Bernardo Damele
eecee3b274
Added resume functionality to -d and fixed logging with -d
2010-04-12 09:35:20 +00:00
Bernardo Damele
b72ddb6f1e
Fixes non-deterministic unsorted results for most of the DBMSes - see #185
2010-04-09 15:48:53 +00:00