Commit Graph

2060 Commits

Author SHA1 Message Date
Miroslav Stampar
ff7707579f minor improvement 2011-01-23 11:35:24 +00:00
Miroslav Stampar
f5ff78d40c revert 2011-01-23 11:21:27 +00:00
Miroslav Stampar
97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message 2011-01-23 10:51:57 +00:00
Miroslav Stampar
3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) 2011-01-23 10:12:01 +00:00
Miroslav Stampar
30cd877c4a fix for URI based injections 2011-01-22 16:23:33 +00:00
Miroslav Stampar
7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) 2011-01-21 18:32:10 +00:00
Bernardo Damele
03a880c6f1 Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors 2011-01-20 22:02:20 +00:00
Bernardo Damele
0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) 2011-01-20 22:01:21 +00:00
Bernardo Damele
97573693be Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT 2011-01-20 21:59:47 +00:00
Bernardo Damele
f1b402b103 Proper handling of CASE in Oracle, finally 2011-01-20 21:58:50 +00:00
Bernardo Damele
4128b2c87f Enforce that when --prefix is provided, --suffix is too and viceversa. 2011-01-20 21:57:54 +00:00
Bernardo Damele
7d1c704575 Moved little precaution from checks.py to common.py.
Initial refactoring of kb.os* get/set.
2011-01-20 21:56:10 +00:00
Bernardo Damele
9770db597e Centralization of unescape() 2011-01-20 21:55:13 +00:00
Bernardo Damele
e734efcda7 Removed deprecated code 2011-01-20 21:50:58 +00:00
Miroslav Stampar
496a84c356 minor update 2011-01-20 18:32:04 +00:00
Miroslav Stampar
dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode 2011-01-20 17:53:49 +00:00
Miroslav Stampar
ad12242151 LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) 2011-01-20 16:27:59 +00:00
Miroslav Stampar
e8c037de1a minor update 2011-01-20 16:17:38 +00:00
Miroslav Stampar
4e5f0da1ae minor update 2011-01-20 16:07:08 +00:00
Miroslav Stampar
2fa066f892 added support for WebScarab logs 2011-01-20 15:55:50 +00:00
Miroslav Stampar
345e2288e1 important fix regarding encoding stuff 2011-01-20 13:54:18 +00:00
Miroslav Stampar
f6f4b5e9dd bug fix for charset used in inference for pages retrieved with --null-connection 2011-01-20 11:01:01 +00:00
Miroslav Stampar
a4a0f10950 minor minor minor 2011-01-20 09:25:34 +00:00
Bernardo Damele
701947490b Two major bug fixes related to UNION technique query forging 2011-01-19 23:46:39 +00:00
Miroslav Stampar
7a060e756d dummy fix for SQLite schema retrieval (lots of spaces inside) 2011-01-19 23:16:22 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Miroslav Stampar
4bdc19d879 minor cosmetics 2011-01-19 22:48:06 +00:00
Miroslav Stampar
c106dc829a more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run) 2011-01-19 22:08:56 +00:00
Miroslav Stampar
7ad41f9b19 bug fix (UnboundLocalError: local variable 'colType' referenced before assignment) 2011-01-19 21:46:43 +00:00
Miroslav Stampar
aea43a1e43 minor refactoring 2011-01-19 15:26:57 +00:00
Miroslav Stampar
eadaf680de fuck yea 2011-01-19 15:25:48 +00:00
Miroslav Stampar
89e0fd0709 back to roots 2011-01-19 14:06:26 +00:00
Bernardo Damele
33485198e1 Code cleanup 2011-01-18 23:05:32 +00:00
Bernardo Damele
eda0b41859 Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
2011-01-18 23:03:50 +00:00
Bernardo Damele
cffa17f5a6 Major bug fix - before it raised a traceback, now works. 2011-01-18 23:02:47 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Miroslav Stampar
38d0958781 minor fix (for numeric columns with all 0) 2011-01-18 11:42:36 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
c2a358561f Proper support for --union-cols 2011-01-17 22:57:33 +00:00
Bernardo Damele
35fb50a6ee Major bug fix 2011-01-17 22:56:04 +00:00
Bernardo Damele
47565f9459 Minor code refactoring 2011-01-17 21:13:59 +00:00
Miroslav Stampar
041abb56e2 you can't believe how much man can learn when having good testing points 2011-01-17 13:59:22 +00:00
Miroslav Stampar
d225c5c9aa was wrong about this one (just now tested on a real site) 2011-01-17 11:00:09 +00:00
Miroslav Stampar
ac0b5e6dbc proper way to handle this (console output has totally different encoding than the page one) 2011-01-17 10:27:36 +00:00
Miroslav Stampar
34d13be0d3 minor update regarding default page encoding 2011-01-17 10:23:37 +00:00
Miroslav Stampar
5c857779c1 important fix for unicode based character inference 2011-01-17 10:15:19 +00:00
Miroslav Stampar
99a3a3b89c minor fix (break if all found) 2011-01-17 09:41:25 +00:00
Miroslav Stampar
0fcca671bd information update regarding common password suffixes 2011-01-17 09:28:25 +00:00
Miroslav Stampar
a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') 2011-01-17 00:17:31 +00:00
Miroslav Stampar
2041361695 minor cosmetics 2011-01-16 23:20:52 +00:00
Miroslav Stampar
e2c821eb81 minor cosmetics 2011-01-16 22:35:54 +00:00
Miroslav Stampar
e881465a9f minor improvement 2011-01-16 20:55:07 +00:00
Miroslav Stampar
f5e36876e7 removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency 2011-01-16 19:29:06 +00:00
Miroslav Stampar
a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) 2011-01-16 19:25:10 +00:00
Miroslav Stampar
5476a8a27e russian sites are great for testing :) 2011-01-16 19:00:19 +00:00
Miroslav Stampar
19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) 2011-01-16 18:25:18 +00:00
Miroslav Stampar
718eef8753 minor fix 2011-01-16 18:11:35 +00:00
Miroslav Stampar
30d6791968 update regarding time based data retrieval 2011-01-16 17:52:42 +00:00
Miroslav Stampar
ec1ab3cd2a removing timeSec from injection configuration attributes as it highly depends on current connection "variables" 2011-01-16 12:12:01 +00:00
Miroslav Stampar
2001bad7e1 automatic adjustment of timeSec for delayed queries 2011-01-16 12:04:32 +00:00
Miroslav Stampar
71391874eb slightly faster and thread safer inference 2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix.
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99 More refactoring and cleanup 2011-01-16 00:15:30 +00:00
Miroslav Stampar
29ea0950b6 now False is also affected (along with None and "") 2011-01-15 23:43:26 +00:00
Bernardo Damele
6e4b65a822 Minor refactoring 2011-01-15 23:28:31 +00:00
Bernardo Damele
558f3894f4 Minor improvement 2011-01-15 23:20:52 +00:00
Bernardo Damele
d3a28124b1 More code cleanup 2011-01-15 23:11:36 +00:00
Bernardo Damele
4a35f598b8 Minor refactoring 2011-01-15 22:09:53 +00:00
Miroslav Stampar
0f565c941e bug fix and proper warning message 2011-01-15 16:59:53 +00:00
Miroslav Stampar
e105e1ea32 bug fix (some sites raise 404 during union tests) 2011-01-15 16:42:33 +00:00
Miroslav Stampar
3873d204bb important update for dictionary attack 2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c code review of modules in lib/core directory 2011-01-15 12:13:45 +00:00
Miroslav Stampar
05b2a338fe cosmetics 2011-01-14 16:12:44 +00:00
Miroslav Stampar
bff989d348 minor update 2011-01-14 15:43:53 +00:00
Miroslav Stampar
daf5662eab update 2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d Code cleanup 2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51 minor code refactoring 2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc Minor bug fix 2011-01-14 14:20:28 +00:00
Bernardo Damele
e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7 Minor bug fix 2011-01-14 09:49:14 +00:00
Miroslav Stampar
b2c7ae77d4 minor update 2011-01-14 09:45:47 +00:00
Miroslav Stampar
676b95b30a minor code refactoring 2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020 Minor bug fix 2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
a1d1f69c3f revert 2011-01-13 15:28:08 +00:00
Miroslav Stampar
d937e27b19 minor fix 2011-01-13 15:19:37 +00:00
Miroslav Stampar
b0fdbdb13b minor update 2011-01-13 15:15:56 +00:00
Bernardo Damele
877ea31521 Verbose docstring 2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555 update 2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62 Cosmetics 2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca minor update 2011-01-13 11:08:29 +00:00
Bernardo Damele
ee4727850c Minor bug fix 2011-01-13 10:29:47 +00:00
Bernardo Damele
ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() 2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix.
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f Minor code refactoring and added internal debug prints 2011-01-12 12:03:23 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
3cff42986f Code cleanup 2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
b5c6f7556f Minor update 2011-01-12 00:53:48 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
873951ab92 Proper fix to avoid UNION test false positives 2011-01-11 23:59:02 +00:00
Bernardo Damele
c2e994e806 Minor adjustment 2011-01-11 23:56:04 +00:00
Bernardo Damele
5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
aa49aa579f Major bug fix 2011-01-11 23:09:06 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns.
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Miroslav Stampar
e3146464da minor fix for a bug reported by nightman 2011-01-11 12:27:22 +00:00
Miroslav Stampar
643c464268 minor fix 2011-01-11 12:16:20 +00:00
Miroslav Stampar
394b6bc029 reverting some changes 2011-01-11 12:11:33 +00:00
Miroslav Stampar
54e0ba935a minor update 2011-01-11 12:08:36 +00:00
Miroslav Stampar
690281dce1 didn't know this to be honest 2011-01-11 10:17:22 +00:00
Miroslav Stampar
0676b38063 revert of one thing for Bernardo and minor update 2011-01-10 10:30:17 +00:00
Miroslav Stampar
77b51dae57 adding openFile method with an exception block around file opening part 2011-01-08 09:30:10 +00:00
Miroslav Stampar
e3899f7467 fix of a fix 2011-01-07 18:07:18 +00:00
Miroslav Stampar
8e83a26acf minor fix 2011-01-07 17:53:17 +00:00
Miroslav Stampar
ed2aed972f minor fix 2011-01-07 17:38:28 +00:00
Bernardo Damele
27628dca42 cosmetics 2011-01-07 17:25:22 +00:00
Bernardo Damele
97ae7e330f cosmetics 2011-01-07 17:10:58 +00:00
Bernardo Damele
e373dac1f2 Cosmetics 2011-01-07 16:50:39 +00:00
Miroslav Stampar
c17714c423 suppress session in case of brute methods 2011-01-07 16:47:46 +00:00
Miroslav Stampar
b313a20a3f some fixes 2011-01-07 16:39:47 +00:00
Bernardo Damele
16a06117f7 Mere cosmetics 2011-01-07 16:36:32 +00:00
Miroslav Stampar
1a079c62cb minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones) 2011-01-07 16:08:01 +00:00
Bernardo Damele
1c86ec374e Code refactoring and cosmetics 2011-01-07 15:41:09 +00:00
Miroslav Stampar
a8d660db54 fixes for bugs reported by pragmatk@gmail.com 2011-01-06 16:59:58 +00:00
Miroslav Stampar
c968b438f2 Ctrl+C added to union dump 2011-01-06 09:48:04 +00:00
Miroslav Stampar
0616edcc44 adding progress to --union-test 2011-01-06 09:26:01 +00:00
Miroslav Stampar
8b9a624546 added progress into union based entry retrieval 2011-01-06 09:10:20 +00:00
Miroslav Stampar
cc9ca802bf minor update 2011-01-06 08:54:50 +00:00
Miroslav Stampar
1297df66da fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed) 2011-01-06 08:04:59 +00:00
Miroslav Stampar
694a65f6f1 minor fix/update 2011-01-05 13:32:40 +00:00
Miroslav Stampar
7411052456 minor update regarding last commit 2011-01-05 12:09:57 +00:00
Miroslav Stampar
042e3f76ba bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded) 2011-01-05 11:36:40 +00:00
Miroslav Stampar
7ae5192070 adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data) 2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5 foundation for filtering binary string values (for example, replacement of non readable chars with #) 2011-01-04 21:56:37 +00:00
Miroslav Stampar
aa81ed4033 implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers) 2011-01-04 15:49:20 +00:00
Miroslav Stampar
eb11f5b2e0 minor update 2011-01-04 13:07:12 +00:00
Miroslav Stampar
c1dc73d0a1 minor, just in case update related to the previous commit 2011-01-04 12:56:55 +00:00
Miroslav Stampar
709a7d156b fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...) 2011-01-04 12:51:51 +00:00
Miroslav Stampar
d288c6d6e3 minor update 2011-01-04 08:40:41 +00:00
Miroslav Stampar
fdc463d08b fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range) 2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
572f403069 update of one thing that was missing 2011-01-03 21:28:22 +00:00
Miroslav Stampar
ce48ea75d0 noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links 2011-01-03 14:39:23 +00:00
Miroslav Stampar
6aa616bd0d minor minor fix 2011-01-03 14:28:20 +00:00
Miroslav Stampar
92e4cdb241 raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic 2011-01-03 14:21:41 +00:00
Miroslav Stampar
07129371bf bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests) 2011-01-03 13:04:20 +00:00
Miroslav Stampar
3629c2737b automatically turn on --text-only in case of heavily-dynamicity instead of critical exit 2011-01-03 11:06:49 +00:00
Miroslav Stampar
adc41181e6 some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one 2011-01-03 10:37:20 +00:00
Miroslav Stampar
5860b8942f minor update 2011-01-03 09:16:42 +00:00
Miroslav Stampar
d19a8d53e4 minor update 2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2 added one new quick check for multiple target(s) mode 2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254 code refactoring 2011-01-02 16:51:21 +00:00
Miroslav Stampar
f762f32de8 bug fix for proper --parse-errors on .aspx pages 2011-01-02 13:00:04 +00:00
Miroslav Stampar
dce9a762f1 important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode 2011-01-02 10:37:32 +00:00
Miroslav Stampar
96341f8f78 minor fix 2011-01-02 09:16:17 +00:00
Miroslav Stampar
5c6c870db4 removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode 2011-01-02 08:43:38 +00:00
Miroslav Stampar
6651ba05eb another fix (OS was set to None at all previous sessions if there was no explicit OS testing done) 2011-01-02 08:08:38 +00:00
Miroslav Stampar
da138c46c1 added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly) 2011-01-02 07:37:47 +00:00
Miroslav Stampar
ec4440108b minor cosmetics 2011-01-02 07:09:04 +00:00
Miroslav Stampar
428e817a32 some refactoring 2011-01-01 23:57:27 +00:00
Miroslav Stampar
212035e64d user can now choose if he wants to skip non-heuristic based DBMS tests 2011-01-01 23:38:11 +00:00
Miroslav Stampar
8a93cfd975 minor update 2011-01-01 22:43:15 +00:00
Miroslav Stampar
52e44df86c minor update 2011-01-01 21:11:29 +00:00
Miroslav Stampar
942cbafba6 minor update 2011-01-01 20:19:55 +00:00
Miroslav Stampar
e4fd8b3f0c (e) finally works as it should 2011-01-01 19:22:44 +00:00
Miroslav Stampar
0e815177c8 minor update 2011-01-01 19:07:40 +00:00
Miroslav Stampar
ef27fd5ea1 there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) (http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html, http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html) 2011-01-01 15:20:29 +00:00
Miroslav Stampar
15e6911fd8 fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write') 2011-01-01 12:23:02 +00:00
Miroslav Stampar
91f665aaaa bug fix for Ctrl+C 2010-12-31 15:00:19 +00:00
Miroslav Stampar
5db8ebbfa9 update of mysql comment versions 2010-12-31 12:42:12 +00:00
Miroslav Stampar
281d124fa6 minor bug fix 2010-12-31 12:04:39 +00:00
Miroslav Stampar
613242e298 bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved) 2010-12-29 19:48:19 +00:00
Miroslav Stampar
8f32c740ff code refactoring 2010-12-29 19:39:32 +00:00
Miroslav Stampar
6700cabc36 minor optimization 2010-12-29 19:01:29 +00:00
Miroslav Stampar
d1f5c1d7b7 now when we "decode page" based on a charset, sanitizeAsciiString only brings unneeded filtering 2010-12-29 15:10:42 +00:00
Miroslav Stampar
79e97824ef adding user names to the attack dictionary 2010-12-29 00:37:53 +00:00
Miroslav Stampar
93838fb155 "patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError) 2010-12-28 14:40:34 +00:00
Miroslav Stampar
c0423761e8 minor update 2010-12-27 18:27:42 +00:00
Miroslav Stampar
c8f8dbf0a7 minor update 2010-12-27 15:39:27 +00:00
Miroslav Stampar
9fb0e0fc85 resume of brute forced data is now available 2010-12-27 14:17:20 +00:00
Miroslav Stampar
c7a160bf72 minor update (users want this to see) 2010-12-27 12:00:54 +00:00
Miroslav Stampar
51a492e17d pretty important commit (now dumped tables are prone to dictionary attack) 2010-12-27 10:56:28 +00:00
Miroslav Stampar
269d6bde24 this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion) 2010-12-27 00:14:29 +00:00
Miroslav Stampar
89c2640d23 basic --search now works with MS Access 2010-12-26 23:50:16 +00:00
Miroslav Stampar
f2373121d0 noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more) 2010-12-26 14:36:51 +00:00
Miroslav Stampar
ceeb6374e8 bug fix (TypeError: object of type 'NoneType' has no len()) 2010-12-26 13:27:24 +00:00
Miroslav Stampar
569e060aab important improvement 2010-12-26 13:20:52 +00:00
Miroslav Stampar
a555d1ad68 minor improvement 2010-12-26 11:15:02 +00:00
Miroslav Stampar
320a6f9efb minor minor update 2010-12-26 09:55:33 +00:00
Miroslav Stampar
17d74fc83c cosmeticado 2010-12-26 09:53:40 +00:00
Miroslav Stampar
cd337d9f39 minor fix 2010-12-26 09:46:09 +00:00
Miroslav Stampar
eaf4b93856 minor update 2010-12-26 09:40:40 +00:00
Miroslav Stampar
562a6440d1 fix for a bug reported by nightman (same as http://bugs.python.org/issue8797) 2010-12-26 09:33:04 +00:00
Miroslav Stampar
6c72e41972 minor fix/update 2010-12-26 02:19:10 +00:00
Miroslav Stampar
c5c4aae3d5 minor update (to prevent adding too much items) 2010-12-25 10:42:36 +00:00
Miroslav Stampar
b472b96f92 bug fix, refactoring and improved extractErrorMessage capabilities 2010-12-25 10:16:20 +00:00
Miroslav Stampar
ea7ba19f6b minor update 2010-12-25 09:43:14 +00:00
Miroslav Stampar
272476773f getPageTextWordsSet on tableExists is pretty powerful stuff 2010-12-25 09:37:33 +00:00
Miroslav Stampar
6845d402fa well, here and there, merry Christmas to all :) 2010-12-24 20:17:53 +00:00
Miroslav Stampar
2d115e0350 one more fix 2010-12-24 18:44:13 +00:00
Miroslav Stampar
edcf1a0872 few bug fixes 2010-12-24 18:40:48 +00:00
Miroslav Stampar
96a06351a1 minor fix (in testing phase raise404 should be set to False) 2010-12-24 12:36:00 +00:00
Miroslav Stampar
2c23a59ba5 fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 12:13:48 +00:00
Miroslav Stampar
aab14fa2d3 minor refactoring/cosmetics 2010-12-24 11:06:57 +00:00
Miroslav Stampar
23dc408901 prioritization of tests based on DBMS error messages and some comments in common.py 2010-12-24 10:55:41 +00:00
Miroslav Stampar
a09716a701 minor update 2010-12-24 10:07:56 +00:00
Miroslav Stampar
d9f08e4aa3 randomization of user agents 2010-12-24 10:04:27 +00:00
Miroslav Stampar
d5eebb1cbf fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6 2010-12-24 09:49:19 +00:00
Miroslav Stampar
cb17e61f35 bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959) 2010-12-24 02:54:26 +00:00
Miroslav Stampar
8470de7b76 bug fix for boolean proxy when using time based payloads 2010-12-23 23:46:08 +00:00
Miroslav Stampar
7f7fb93155 cosmetics 2010-12-23 18:44:18 +00:00
Miroslav Stampar
017ea9e686 update 2010-12-23 14:06:22 +00:00
Miroslav Stampar
73f33c1999 bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped) 2010-12-23 11:28:13 +00:00
Miroslav Stampar
8fc60215ed lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called. 2010-12-22 19:12:46 +00:00
Miroslav Stampar
7c06dbffc3 bug fix (AttributeError: 'unicode' object has no attribute 'sort') 2010-12-22 18:55:50 +00:00
Bernardo Damele
c1f2534e9a More bug fixes to properly distinguish between full inband and single-entry inband sql injections 2010-12-22 15:47:52 +00:00
Bernardo Damele
250608660d Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not) 2010-12-22 13:41:36 +00:00
Bernardo Damele
5228f336da Minor fix for ctrl+c during detection phase 2010-12-22 13:15:44 +00:00
Miroslav Stampar
08c88495d0 removed that ugly hack 2010-12-22 13:09:04 +00:00
Miroslav Stampar
8212b7b745 bug fix 2010-12-22 12:16:04 +00:00
Miroslav Stampar
5be9c04e44 update regarding Sybase syntax 2010-12-22 10:39:56 +00:00
Miroslav Stampar
d974a966b8 minor fix for end phase (Ctrl+C) 2010-12-21 23:55:55 +00:00
Miroslav Stampar
fb75d0636b minor update 2010-12-21 23:42:59 +00:00
Miroslav Stampar
39a13077c4 minor bug fix 2010-12-21 23:09:41 +00:00
Miroslav Stampar
09479c85dc minor bug fix 2010-12-21 22:35:44 +00:00
Miroslav Stampar
7a525f28d4 cosmetics 2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d minor tuning (2 techniques MAX per value used) 2010-12-21 15:24:14 +00:00
Miroslav Stampar
6c1133c4d4 some code refactoring 2010-12-21 15:13:13 +00:00
Miroslav Stampar
466d61ee85 minor fix 2010-12-21 14:29:47 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Miroslav Stampar
0e68248f60 minor update of heuristic check 2010-12-21 12:56:18 +00:00
Miroslav Stampar
16f1f4e13e when doing dynamic checks there are cases when 404 can be raised (perfectly normal) 2010-12-21 11:04:49 +00:00
Bernardo Damele
aca074b769 Removed unused outdated code 2010-12-21 10:49:52 +00:00
Bernardo Damele
ad6b528b33 Bit more verbose comment 2010-12-21 10:47:39 +00:00
Miroslav Stampar
6b37ddada4 removed some blank trailing spaces (with extra/shutils/blanks.sh) 2010-12-21 10:31:56 +00:00
Bernardo Damele
1a3f57e5fe Cosmetics 2010-12-21 09:23:00 +00:00
Miroslav Stampar
d554460aec minor fix 2010-12-21 01:09:39 +00:00
Miroslav Stampar
116c141dfa another fix 2010-12-21 00:47:07 +00:00
Miroslav Stampar
416755c0b7 minor adjustments 2010-12-21 00:25:03 +00:00
Miroslav Stampar
8067365b93 fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident') 2010-12-20 23:47:53 +00:00
Miroslav Stampar
e10670d9ac added end detection phase choice into Ctrl+C list 2010-12-20 23:34:00 +00:00
Miroslav Stampar
29001a4fce minor update 2010-12-20 23:21:01 +00:00
Miroslav Stampar
b34fe5c334 no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout) 2010-12-20 22:49:48 +00:00
Miroslav Stampar
8fd3e7ba1f thread based data added 2010-12-20 22:45:01 +00:00
Miroslav Stampar
c9e8aae8a2 we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads) 2010-12-20 19:34:41 +00:00
Miroslav Stampar
e09bc2406c minor refactoring 2010-12-20 19:24:20 +00:00
Miroslav Stampar
5852bad963 some refactoring 2010-12-20 18:56:06 +00:00
Miroslav Stampar
19d8733e9a this is strictly for educational purposes 2010-12-20 17:30:47 +00:00
Miroslav Stampar
c948bced61 should solve the problem with timeout problems in time-based payloads 2010-12-20 16:45:41 +00:00
Miroslav Stampar
eaf8929085 more minor updates 2010-12-20 10:48:53 +00:00
Miroslav Stampar
fd00ff7a82 minor bug fix 2010-12-20 10:37:03 +00:00
Miroslav Stampar
e9f1ecb9e7 minor update 2010-12-20 10:32:58 +00:00
Miroslav Stampar
10a7a2dfb2 kids, don't use this at home 2010-12-20 10:13:14 +00:00
Miroslav Stampar
13d5b2c0ff code refactoring 2010-12-20 09:44:21 +00:00
Miroslav Stampar
4cb83654dc minor update 2010-12-18 16:28:21 +00:00
Miroslav Stampar
36862e2efa update 2010-12-18 15:57:47 +00:00
Miroslav Stampar
21d083272e minor minor fix 2010-12-18 14:31:41 +00:00
Miroslav Stampar
4f73feec2f now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database) 2010-12-18 14:11:49 +00:00
Miroslav Stampar
05c6d661e8 cosmetics 2010-12-18 10:49:49 +00:00
Miroslav Stampar
03220d34ba added Ctrl+C check in detection phase 2010-12-18 10:42:09 +00:00
Miroslav Stampar
e355f92f22 bug fix 2010-12-18 10:02:01 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
108a96c6b4 some fixes 2010-12-17 21:45:20 +00:00
Miroslav Stampar
a19cb2c13a code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") 2010-12-17 21:29:09 +00:00
Miroslav Stampar
b4450c6ddd added one more level of MSSQL version check (if first fails for some reason) 2010-12-17 21:01:14 +00:00
Miroslav Stampar
07609bfb53 minor fix 2010-12-17 19:33:20 +00:00
Miroslav Stampar
323af45ce4 added one more time request payload to confirm test results 2010-12-17 07:53:58 +00:00
Miroslav Stampar
e3fa3b0e8e fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint') 2010-12-17 07:48:32 +00:00
Miroslav Stampar
95b2c0803b minor fix 2010-12-15 20:51:29 +00:00
Miroslav Stampar
de54219571 code refactoring 2010-12-15 12:50:56 +00:00
Miroslav Stampar
cda00c7501 code refactoring 2010-12-15 12:43:56 +00:00
Miroslav Stampar
3f34b06a24 minor cosmetics 2010-12-15 12:34:14 +00:00
Miroslav Stampar
445cc3bf3c minor cosmetics 2010-12-15 12:15:43 +00:00
Miroslav Stampar
c1c525aaea quick fix of a fix 2010-12-15 12:10:33 +00:00
Miroslav Stampar
7cfeb5447b minor update 2010-12-15 11:46:28 +00:00
Miroslav Stampar
4dec24d056 quick fix for a bug reported by Andreas Constantinides (KeyError: 5) 2010-12-15 11:30:29 +00:00
Miroslav Stampar
f8a01ddaf8 minor update 2010-12-15 11:21:47 +00:00
Miroslav Stampar
63f5c35c23 bug fix 2010-12-15 10:02:58 +00:00
Miroslav Stampar
c3d0295d21 minor update (checking for --time-sec value) 2010-12-14 12:37:21 +00:00
Miroslav Stampar
b75d7fa348 minor cache based optimization 2010-12-14 12:22:17 +00:00
Miroslav Stampar
270ae0f080 just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False 2010-12-14 09:05:00 +00:00
Bernardo Damele
04caef6de0 Tuning 2010-12-13 23:04:26 +00:00
Bernardo Damele
cfcee6439e Cosmetics 2010-12-13 21:55:30 +00:00
Bernardo Damele
86690682c7 Minor bug fix to respect -v value in --common-tables and --common-columns 2010-12-13 21:37:12 +00:00
Bernardo Damele
4b79227b5a Minor bug fix to properly merge options from .conf file (-c) with command line switches 2010-12-13 21:36:23 +00:00
Bernardo Damele
db844c1785 No point in showing the error-based inject payload, it's same as the one showed in -v3 2010-12-13 21:35:20 +00:00
Bernardo Damele
698f30e65e Cosmetics 2010-12-13 21:34:35 +00:00
Bernardo Damele
a02dd6b55b Minor enhancement to speedup active dbms fingerprint (-f).
Code cleanup and refactoring.
2010-12-13 21:33:42 +00:00
Miroslav Stampar
d56f47d530 fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20') 2010-12-12 23:59:55 +00:00
Miroslav Stampar
6a3c4485e6 minor update (removing extra ()) 2010-12-12 14:44:39 +00:00
Miroslav Stampar
e98d9c08e1 dumping table is now possible on Firebird too 2010-12-12 14:38:07 +00:00
Miroslav Stampar
c93634b6c7 blind dumping of tables in sqlite implemented 2010-12-11 22:13:19 +00:00
Miroslav Stampar
b1babeefe5 update regarding dumping of tables with blind on Sqlite 2010-12-11 22:00:16 +00:00
Miroslav Stampar
f7344a5fc3 update 2010-12-11 21:28:11 +00:00
Miroslav Stampar
6a24048aa6 urllib2 doesn't play well with '\n' when non unescaped chars used 2010-12-11 21:17:54 +00:00
Miroslav Stampar
e6c66fa37c update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available 2010-12-11 17:55:28 +00:00
Miroslav Stampar
e32fa9df43 further update regarding bugtrace's report 2010-12-11 17:32:15 +00:00
Miroslav Stampar
5d18c98ec2 quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment) 2010-12-11 17:20:39 +00:00
Miroslav Stampar
03447acc1d avoiding some trashy match ratios 2010-12-11 17:12:19 +00:00
Miroslav Stampar
d2a3e8f44f first time firebird error-based query success 2010-12-11 11:17:24 +00:00
Miroslav Stampar
f021548bd0 added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use) 2010-12-11 10:52:04 +00:00
Miroslav Stampar
c17f444aab minor fix 2010-12-11 10:22:18 +00:00
Miroslav Stampar
3dc0a51d34 major bug fix with boolean expressions 2010-12-11 08:46:19 +00:00
Miroslav Stampar
ac9080c07b update 2010-12-11 08:24:29 +00:00
Miroslav Stampar
66db80804d fix 2010-12-10 16:03:32 +00:00
Miroslav Stampar
435f48b8cc polite cosmetics 2010-12-10 15:28:56 +00:00
Miroslav Stampar
977988c0ab cosmetics 2010-12-10 15:24:25 +00:00
Miroslav Stampar
fa8d378e80 another update 2010-12-10 15:18:15 +00:00
Miroslav Stampar
1ef44cfe60 fix 2010-12-10 15:06:53 +00:00
Miroslav Stampar
fe186cde55 proper fix 2010-12-10 13:26:31 +00:00
Miroslav Stampar
9957881040 you won't believe commit 2010-12-10 13:20:59 +00:00
Miroslav Stampar
1fc9ed10a8 minor refactoring 2010-12-10 12:30:36 +00:00
Miroslav Stampar
4d8628e8fb fix for booleans 2010-12-10 12:26:01 +00:00
Miroslav Stampar
fe2039f5ba coollyy little commits 2010-12-10 11:32:46 +00:00
Miroslav Stampar
d5e7a8d305 update 2010-12-10 10:54:17 +00:00
Bernardo Damele
b6dcbcef5b Minor fix 2010-12-10 10:52:55 +00:00
Miroslav Stampar
471d9ccd65 another fix of my lala 2010-12-10 10:11:25 +00:00
Miroslav Stampar
029a6abba2 quick fix 2010-12-10 09:54:25 +00:00
Miroslav Stampar
441fc8dbd9 update regarding boolean based expressions 2010-12-09 21:15:18 +00:00
Miroslav Stampar
d5fb921154 removed debug print 2010-12-09 20:08:59 +00:00
Miroslav Stampar
1492823de0 it wasn't pretty, now it's pretty 2010-12-09 20:06:20 +00:00
Miroslav Stampar
bbffea2cbc bug fix 2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9 code refactoring 2010-12-09 16:49:02 +00:00
Bernardo Damele
df5f6bc1b7 Little precaution 2010-12-09 14:06:43 +00:00
Bernardo Damele
9230877d98 cosmetics 2010-12-09 13:57:38 +00:00
Bernardo Damele
5fb04515d3 Added hidden (for the moment) switch --technique 2010-12-09 13:47:17 +00:00
Miroslav Stampar
cdff29ada7 update 2010-12-09 11:23:44 +00:00
Miroslav Stampar
196131bbca minor cosmetics 2010-12-09 10:42:00 +00:00
Miroslav Stampar
ec5c08ca7a cosmetics 2010-12-09 09:24:20 +00:00
Miroslav Stampar
3fd1c37d53 update 2010-12-09 07:49:18 +00:00
Miroslav Stampar
db39dc32fc minor update 2010-12-09 00:59:39 +00:00
Bernardo Damele
0c01be0eeb Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work). 2010-12-09 00:34:02 +00:00
Bernardo Damele
9c61adb21d Cosmetics 2010-12-09 00:26:06 +00:00
Bernardo Damele
b5c6527c72 Minor fix 2010-12-09 00:25:48 +00:00
Bernardo Damele
f5ce739bdf Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet. 2010-12-08 23:52:31 +00:00
Bernardo Damele
10ef2b5de8 Minor bug fix 2010-12-08 23:09:42 +00:00
Miroslav Stampar
54f6673609 update 2010-12-08 22:38:26 +00:00
Miroslav Stampar
d6077273e0 update 2010-12-08 22:14:42 +00:00
Miroslav Stampar
258e9fb50e fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied) 2010-12-08 21:16:18 +00:00
Miroslav Stampar
81c16926c1 code refactoring some more 2010-12-08 14:46:07 +00:00
Miroslav Stampar
40fadf2f35 minor update 2010-12-08 14:33:10 +00:00
Miroslav Stampar
95b48746a6 cosmetics 2010-12-08 14:29:09 +00:00
Miroslav Stampar
ed09c53ee4 minor minor update 2010-12-08 14:27:37 +00:00
Miroslav Stampar
01cf1394a4 code refactoring 2010-12-08 14:26:40 +00:00
Miroslav Stampar
af22679605 minor update 2010-12-08 13:09:27 +00:00
Miroslav Stampar
6223f25dd9 code beautification 2010-12-08 13:04:48 +00:00
Miroslav Stampar
64cc2588f1 now resume is available for time-based blinds too 2010-12-08 12:49:26 +00:00
Miroslav Stampar
537b619165 removing junk 2010-12-08 12:30:25 +00:00
Miroslav Stampar
b5e45939e3 sqlmap premiere of blind time based query/bisection 2010-12-08 12:28:54 +00:00
Miroslav Stampar
47bb31fb47 code refactoring 2010-12-08 11:30:25 +00:00
Miroslav Stampar
1ae2fa7f1a update regarding time based payloads 2010-12-08 11:26:54 +00:00
Miroslav Stampar
bdff4aba6a switching to quick_ratio 2010-12-07 23:57:43 +00:00
Miroslav Stampar
c1b82cf09c ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results 2010-12-07 23:53:44 +00:00
Miroslav Stampar
a4a63f5b1e minor update 2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) 2010-12-07 23:32:33 +00:00
Miroslav Stampar
b21eb88905 minor update 2010-12-07 22:45:38 +00:00
Miroslav Stampar
575e50673b minor update 2010-12-07 19:27:01 +00:00
Miroslav Stampar
398b82644a little explanation 2010-12-07 19:25:26 +00:00
Miroslav Stampar
dc651d59ec little mathematics here and there (used "Rules for normally distributed data") 2010-12-07 19:19:12 +00:00
Bernardo Damele
ee72838231 Removed debug print 2010-12-07 17:19:29 +00:00
Bernardo Damele
5f97312f29 Minor fix 2010-12-07 17:17:38 +00:00
Bernardo Damele
81e7465ed2 Cosmetics 2010-12-07 17:16:21 +00:00
Miroslav Stampar
ecd4a5a532 added standard deviation check in time based tests 2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec more advanced time technique(s) 2010-12-07 16:04:53 +00:00
Miroslav Stampar
4959da3ce6 it's a must to double check time based payloads 2010-12-07 14:59:11 +00:00
Miroslav Stampar
e53fef546e update regarding session page templates 2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16 removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session 2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f code refactoring 2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8 Added counter of total HTTP(s) requests done during detection phase 2010-12-07 12:33:47 +00:00
Bernardo Damele
effd2ca0e3 Cosmetics 2010-12-07 12:32:58 +00:00
Miroslav Stampar
2af8835a94 fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter) 2010-12-07 10:57:32 +00:00
Miroslav Stampar
3d87489de5 minor update 2010-12-07 08:05:03 +00:00
Miroslav Stampar
0da1ebde7d introducing PostgreSQL time based blind 2010-12-07 00:51:14 +00:00
Miroslav Stampar
61f82fd274 introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic 2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6 removed ERROR_SPACE 2010-12-06 22:40:07 +00:00
Miroslav Stampar
9ccc8f90a3 minor cosmetic update ("heuristics shows" is not grammatically correct) 2010-12-06 18:47:22 +00:00
Miroslav Stampar
d336f1df23 minor update 2010-12-06 18:44:42 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Miroslav Stampar
27ee9a5ccf minor refactoring 2010-12-06 15:50:19 +00:00
Miroslav Stampar
e8be14e00a minor refactoring 2010-12-06 07:48:14 +00:00
Miroslav Stampar
a43d252ae9 minor update 2010-12-06 00:14:08 +00:00
Miroslav Stampar
5189f138d7 increasing socket timeout in case of time based checks 2010-12-05 23:18:16 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Bernardo Damele
da3fd17fc3 Adjustment to make it work also in OR based injection 2010-12-05 12:24:23 +00:00
Bernardo Damele
41e1b95c6c Minor code refactoring and finally make exploitation work also on OR boolean-based injections 2010-12-05 11:25:44 +00:00
Miroslav Stampar
7a5cd3b35f minor comment update 2010-12-05 11:15:09 +00:00
Bernardo Damele
618b3b0211 Cosmetics 2010-12-05 11:05:57 +00:00
Miroslav Stampar
9e5f933ace some updates 2010-12-04 15:47:02 +00:00
Miroslav Stampar
3f9450b9dc minor fix 2010-12-04 14:43:35 +00:00
Miroslav Stampar
1f795622b3 some fine tuning of dynamicity removing engine 2010-12-04 13:39:35 +00:00
Miroslav Stampar
eeb199375b usage of compiled regexes in case of dynamic markings and other refactoring 2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8 code refactoring 2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9 now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s)) 2010-12-04 10:05:18 +00:00
Miroslav Stampar
b3a094b9d6 fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql') 2010-12-03 22:44:29 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
5d37df6104 Ugly code to set the cookies when got them from a 302 redirect too 2010-12-03 17:41:10 +00:00
Bernardo Damele
9d55c4da87 Done with support for injection in ORDER BY and GROUP BY (hopefully) 2010-12-03 16:12:47 +00:00
Bernardo Damele
91c3cf8fd0 Minor improvement 2010-12-03 16:11:57 +00:00
Bernardo Damele
0e6359ab6e Minor layout adjustment 2010-12-03 16:11:35 +00:00
Bernardo Damele
6e73adec47 Get rid of one useless attribute 2010-12-03 16:11:13 +00:00
Bernardo Damele
126a1479d8 Bug fix for --union-test 2010-12-03 14:57:30 +00:00
Bernardo Damele
11058667e4 Better naming 2010-12-03 14:45:13 +00:00
Bernardo Damele
b824826a89 Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses 2010-12-03 14:39:51 +00:00
Bernardo Damele
bb40ab9fb0 Major bug fix for default boolean-based vector still work and minor adjustments 2010-12-03 14:31:11 +00:00
Miroslav Stampar
612ee08a0b added response time kb attribute 2010-12-03 13:19:34 +00:00
Bernardo Damele
4dec049c22 Major bug fix for test on ORDER BY and GROUP BY clauses.
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
2010-12-03 12:00:03 +00:00
Bernardo Damele
827a0aea05 Minor bug fix 2010-12-03 11:15:11 +00:00
Bernardo Damele
7690aa85ce Added a comment needed to understand this hack when looking at the code in a month or so ;) 2010-12-03 11:00:41 +00:00
Bernardo Damele
a9d4b37987 Code cleanup and minor refactoring 2010-12-03 10:51:27 +00:00
Bernardo Damele
22de82634a Important update to parse correctly the <where> tag during exploitation phase.
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Bernardo Damele
7d6f51f758 Avoid blank space between prefix and test's payload if it's a stacked queries test 2010-12-03 10:42:46 +00:00
Bernardo Damele
b0928e02c6 Proper comment 2010-12-03 10:39:36 +00:00
Miroslav Stampar
2cc167a42e fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'" 2010-12-02 18:57:43 +00:00
Bernardo Damele
283a04e29a On my way to properly parse test's <where> tag in exploitation phase 2010-12-01 23:32:58 +00:00
Bernardo Damele
09b265a1ea Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check 2010-12-01 23:32:02 +00:00
Bernardo Damele
47f2d22181 Minor bug fix 2010-12-01 17:18:31 +00:00
Bernardo Damele
089c16a1b8 Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
c00ea7f5e5 Store and resume also UNION char to session file (--union-char) 2010-12-01 10:59:58 +00:00
Bernardo Damele
025361c970 Higher precedence to union query sql inj than error-based 2010-12-01 10:57:17 +00:00
Bernardo Damele
56d2b2f322 Avoid storing to session file also payload delimiters 2010-12-01 10:55:59 +00:00
Bernardo Damele
2708aad504 Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests. 2010-12-01 10:31:50 +00:00
Bernardo Damele
8d84dcc5dc More sense 2010-12-01 09:17:17 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Miroslav Stampar
fcdebbd55f cosmeticados 2010-11-30 14:48:13 +00:00
Miroslav Stampar
47a7708950 minor improvement of dynamic content detection/removal part 2010-11-30 12:45:42 +00:00
Bernardo Damele
8b9706656e Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.
Minor code refactoring too.
2010-11-29 17:18:38 +00:00
Bernardo Damele
e9291932e5 Apply --level also to User-Agent (level >= 4) and Cookie (level >= 3).
GET and POST parameters are always tested.
2010-11-29 16:33:20 +00:00
Miroslav Stampar
e735f2960a minor update 2010-11-29 15:25:45 +00:00
Bernardo Damele
c76d740a25 just a precaution 2010-11-29 15:21:56 +00:00
Miroslav Stampar
70e87d959e update of dynamicity engine 2010-11-29 15:14:49 +00:00
Bernardo Damele
ee4e04ebca Minor adjustment 2010-11-29 15:09:40 +00:00
Bernardo Damele
2efb3b78ea Consider also --dbms value during the detection phase 2010-11-29 14:48:07 +00:00
Miroslav Stampar
be6df7abd9 improvement of dynamicity engine 2010-11-29 14:30:57 +00:00
Bernardo Damele
76ce9cc888 Minor bug fix for --forms 2010-11-29 12:46:18 +00:00
Bernardo Damele
6525e08d6b Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values 2010-11-29 12:13:42 +00:00
Bernardo Damele
c22338ce90 Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more). 2010-11-29 11:47:58 +00:00
Bernardo Damele
e8c6c01e27 precaution 2010-11-29 09:54:30 +00:00
Bernardo Damele
9d7087e2ff Proper saving and resuming when more than a parameter are injectable.
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Bernardo Damele
75f7df75b6 Minor fix 2010-11-28 23:33:51 +00:00
Bernardo Damele
472f4465a6 Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
6712f4da55 some refactoring and one less request for aspx maintanance during --os-shell 2010-11-24 14:20:43 +00:00
Bernardo Damele
253eafb643 paranoid cosmetics 2010-11-24 12:03:01 +00:00
Miroslav Stampar
b2b521fc8a gready regex bastard :) 2010-11-24 12:01:36 +00:00
Miroslav Stampar
9579a97039 now ASPX works too for --os-shell 2010-11-24 11:38:27 +00:00
Miroslav Stampar
c54c9ee5d1 minor update 2010-11-23 22:33:00 +00:00
Miroslav Stampar
57ad59206b cosmetics as it's best 2010-11-23 22:09:10 +00:00
Miroslav Stampar
7a147041c4 cosmetics 2010-11-23 21:44:58 +00:00
Miroslav Stampar
f4f0bc9db3 minor fix 2010-11-23 21:17:01 +00:00
Miroslav Stampar
f9f076ba97 code refactoring 2010-11-23 21:00:42 +00:00
Miroslav Stampar
7877a931d5 more cosmetics regarding dictionary attack 2010-11-23 20:54:40 +00:00
Miroslav Stampar
e3b3e05748 minor update 2010-11-23 19:21:30 +00:00
Miroslav Stampar
0d24a15182 more cosmetics 2010-11-23 19:10:34 +00:00
Miroslav Stampar
836a1c214a los cosmeticados (of hash dictionary attack) 2010-11-23 18:57:00 +00:00
Miroslav Stampar
c4414df594 minor update 2010-11-23 15:33:13 +00:00
Miroslav Stampar
78024eafe0 little precaution 2010-11-23 15:31:23 +00:00
Miroslav Stampar
4af000e699 minor language update (in testing phase "used" is more preferable than "provided") 2010-11-23 15:11:15 +00:00
Miroslav Stampar
b41ee8d0d0 minor refactoring 2010-11-23 14:57:36 +00:00
Miroslav Stampar
aa5d038f18 more code refactoring 2010-11-23 14:50:47 +00:00
Miroslav Stampar
3cae76627c code refactoring regarding dictionary attack 2010-11-23 13:58:01 +00:00
Miroslav Stampar
ba4ea32603 first working version of dictionary attack 2010-11-23 13:24:02 +00:00
Miroslav Stampar
c471b815cc fix for a bug reported by BugTrace (IndexError: list index out of range) 2010-11-22 10:58:08 +00:00
Miroslav Stampar
bfc9378542 sorry, even more proper naming should be like this (passwd is a standard naming for this kind of function(s)) 2010-11-20 13:22:59 +00:00
Miroslav Stampar
db59faedb9 more proper naming 2010-11-20 13:20:28 +00:00
Miroslav Stampar
1f8a9fe033 foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch) 2010-11-20 13:14:13 +00:00
Miroslav Stampar
71107e4e9e quick fix for google searches 2010-11-19 21:38:20 +00:00
Bernardo Damele
99a23e23cf Extra check on --union-cols value 2010-11-19 16:39:26 +00:00
Bernardo Damele
c23126547e Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20. 2010-11-19 15:48:24 +00:00
Bernardo Damele
ad17e9ed2a Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any) 2010-11-19 14:56:20 +00:00
Miroslav Stampar
df88280681 minor update of google regex (that * was a junky one) 2010-11-19 10:04:29 +00:00
Miroslav Stampar
e8bef28337 updating google parsing regex (for the better, of course) 2010-11-19 10:00:29 +00:00
Miroslav Stampar
d97e97d884 minor update :) 2010-11-19 09:02:44 +00:00
Bernardo Damele
4a9bd3a240 Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well! 2010-11-18 17:55:43 +00:00
Bernardo Damele
544327379f Little precaution 2010-11-18 14:32:52 +00:00
Bernardo Damele
f6a17cb1a8 Revert wrong fix 2010-11-18 10:41:06 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Miroslav Stampar
ca5125bbe0 minor update related to r2401 2010-11-17 20:50:31 +00:00
Bernardo Damele
360aff7a4d sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle 2010-11-17 17:20:32 +00:00
Miroslav Stampar
a0df36beda when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared) 2010-11-17 15:33:07 +00:00
Miroslav Stampar
17f0609263 minor bug fix 2010-11-17 13:29:57 +00:00
Miroslav Stampar
3d25071d06 another minor improvement regarding logging of http traffic 2010-11-17 12:16:48 +00:00
Miroslav Stampar
3e569a1693 minor update 2010-11-17 12:04:33 +00:00
Miroslav Stampar
2802923dbe some improvements regarding --os-shell web server application choice 2010-11-17 11:45:52 +00:00
Miroslav Stampar
5abbea4a9f fix for a bug reported by nightman (unknown charset 'null') 2010-11-17 09:57:32 +00:00
Miroslav Stampar
d757e4ae1c bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs) 2010-11-17 09:46:04 +00:00
Miroslav Stampar
bec152609a minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \) 2010-11-17 09:33:05 +00:00
Miroslav Stampar
76c3f5768b cosmetics 2010-11-17 09:12:48 +00:00
Miroslav Stampar
2a8e270bef proper handling of carriage return character from Windows target machines 2010-11-16 15:11:03 +00:00
Miroslav Stampar
ab33651f96 minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior) 2010-11-16 15:02:22 +00:00
Miroslav Stampar
3487429eac minor cosmetics 2010-11-16 14:41:46 +00:00
Miroslav Stampar
3640dbf745 fix for --parse-errors (on IIS HTTP error is raised which need to be processed) 2010-11-16 14:33:30 +00:00
Miroslav Stampar
cccb565859 cosmetics 2010-11-16 14:11:32 +00:00
Miroslav Stampar
b9d9f18939 added General cmdline group 2010-11-16 14:09:09 +00:00
Miroslav Stampar
e7a66371f8 update regarding os shell-ing regarding JSP and ASPX 2010-11-16 13:46:46 +00:00
Miroslav Stampar
6232397129 minor update 2010-11-16 10:52:49 +00:00
Miroslav Stampar
6ef3846400 update regarding error parsing (and reporting) 2010-11-16 10:42:42 +00:00
Bernardo Damele
71cb982039 Another bug fix to --union-test 2010-11-15 21:42:56 +00:00
Miroslav Stampar
b3ad63b71e major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page) 2010-11-15 14:59:37 +00:00
Miroslav Stampar
ff310475c8 some reporting update for --forms 2010-11-15 14:17:51 +00:00
Miroslav Stampar
20d6b9a5c1 minor fix 2010-11-15 12:24:32 +00:00
Miroslav Stampar
39c6c9f386 minor update 2010-11-15 12:19:22 +00:00
Miroslav Stampar
819085155e minor update/fix 2010-11-15 12:07:13 +00:00
Miroslav Stampar
c25c017c08 cosmetics regarding --forms 2010-11-15 11:50:33 +00:00
Miroslav Stampar
36c544f440 update (--forms acts now more like -g switch) 2010-11-15 11:34:57 +00:00
Bernardo Damele
5f46a549ba Cosmetics for --forms 2010-11-14 21:59:35 +00:00
Bernardo Damele
0bfc1b411a Another bug fix for --union-test 2010-11-14 15:39:57 +00:00
Miroslav Stampar
a0fb96816f fix for a bug reported by ToR (value += actVer) 2010-11-14 08:31:29 +00:00
Bernardo Damele
8d07272c82 Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.
Now stores/resumes also the exact UNION payload to session file.
2010-11-13 23:24:41 +00:00
Bernardo Damele
df5dc10111 Major enhancement to --union-test check 2010-11-13 22:47:37 +00:00
Miroslav Stampar
84849316b3 improvement of heuristic check (now original value is included too) 2010-11-12 23:06:01 +00:00
Miroslav Stampar
06a872fc99 update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read)) 2010-11-12 22:57:33 +00:00
Miroslav Stampar
27735b14df update (--string and --regex should be done regardless of wasLastRequestError) 2010-11-12 22:44:15 +00:00
Miroslav Stampar
0d66f101da fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages) 2010-11-12 22:29:33 +00:00
Bernardo Damele
a777d59870 Minor bug fix 2010-11-12 15:17:12 +00:00
Bernardo Damele
0a83a830d9 Properly handle both HTTPS and HTTP requests through proxy 2010-11-12 14:21:46 +00:00
Bernardo Damele
e1ef27f592 work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https 2010-11-12 12:25:02 +00:00
Bernardo Damele
9f53048ff4 Put a space always between the user's provided prefix and sqlmap payload 2010-11-12 11:48:26 +00:00
Miroslav Stampar
697b32554c fix for a bug "ordinal not in range(128)" reported by bugtrace 2010-11-12 11:48:25 +00:00
Bernardo Damele
f83dd2251b Properly save error-based enumerated data in session file, able to be resumed like with other techniques 2010-11-12 11:40:37 +00:00
Bernardo Damele
a34c1b287c Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL) 2010-11-12 11:33:11 +00:00
Bernardo Damele
8cec75656c Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp) 2010-11-12 10:31:42 +00:00
Bernardo Damele
a14e4d9668 Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually. 2010-11-12 10:16:39 +00:00
Bernardo Damele
66c82d72e4 Typo fix 2010-11-12 10:02:02 +00:00
Miroslav Stampar
42272ca78c minor update 2010-11-11 22:26:36 +00:00
Miroslav Stampar
8aefd0bbf7 improvement of --common-tables and --common-columns 2010-11-11 20:37:25 +00:00
Miroslav Stampar
2d872f850a quick fix 2010-11-11 19:54:54 +00:00
Miroslav Stampar
24238ccd0b re-renaming of brute force switches. this way is better. 2010-11-11 07:57:44 +00:00
Miroslav Stampar
96d88877ba bug fix (reported by ToR) 2010-11-10 19:44:51 +00:00
Miroslav Stampar
19c1bfa368 just a precaution (now i really need to go for a sleep) 2010-11-09 23:38:29 +00:00
Miroslav Stampar
88c00e61d3 another update 2010-11-09 23:35:37 +00:00
Miroslav Stampar
47720a43dd minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result) 2010-11-09 23:21:21 +00:00
Miroslav Stampar
5ebd5d935c another name change 2010-11-09 22:49:31 +00:00
Miroslav Stampar
06f00cf8c1 name change 2010-11-09 22:48:22 +00:00
Miroslav Stampar
6807fb04cc minor update 2010-11-09 22:44:23 +00:00
Miroslav Stampar
fef60d5cb7 some fixes :) 2010-11-09 22:32:05 +00:00
Bernardo Damele
1cc99e2247 Possible quick fix for missing of True/False comparison of stable-but-not-really pages 2010-11-09 21:39:58 +00:00
Bernardo Damele
2205099a5e Python stylish 2010-11-09 21:39:05 +00:00
Miroslav Stampar
cee888b613 tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected) 2010-11-09 19:14:55 +00:00
Miroslav Stampar
726825ca70 minor update 2010-11-09 16:59:36 +00:00
Miroslav Stampar
b43334165d update regarding brute forcing 2010-11-09 16:53:33 +00:00
Miroslav Stampar
a7fa8d4975 update regarding brute force retrieval of table names and table column names 2010-11-09 16:15:55 +00:00
Miroslav Stampar
7752b5efe9 minor update 2010-11-09 09:51:54 +00:00
Miroslav Stampar
4be0631161 refactoring of brute force techniques 2010-11-09 09:42:43 +00:00
Miroslav Stampar
221f976fbd minor update 2010-11-09 01:23:54 +00:00
Bernardo Damele
45ec8c169a Consistency between --*-test switches/output 2010-11-08 16:46:25 +00:00
Miroslav Stampar
fda8752dca revert of some HTTP headers handling 2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483 More replacements for refactoring.
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
eb999de0f1 added Range handler (dealing with 206 HTTP messages) 2010-11-08 12:26:13 +00:00
Miroslav Stampar
875781bf97 another minor fix 2010-11-08 11:55:56 +00:00
Miroslav Stampar
4a4a3051e5 fix 2010-11-08 11:39:07 +00:00
Miroslav Stampar
a3de10e3a2 new option -t 2010-11-08 11:22:47 +00:00
Miroslav Stampar
4e6d1b5118 added "Detection" part in help listing 2010-11-08 10:11:43 +00:00
Miroslav Stampar
0d0e2a2228 minor update 2010-11-08 09:49:57 +00:00
Miroslav Stampar
d551423379 further enum refactoring 2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a refactoring regarding injection place (more left) 2010-11-08 08:02:36 +00:00
Miroslav Stampar
0482e02c37 minor optimization 2010-11-07 23:37:15 +00:00
Miroslav Stampar
4f346eab33 fix for resume from session 2010-11-07 23:25:53 +00:00
Bernardo Damele
ea1b0d31be Avoid displaying single retrieved character when --verbose > 2 2010-11-07 22:42:56 +00:00
Bernardo Damele
b6da946883 Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Bernardo Damele
a96467b3e2 Refactoring 2010-11-07 21:55:24 +00:00
Miroslav Stampar
7a6c086a27 setting direct query info output to same level as payload info (logger.DEBUG) 2010-11-07 21:42:36 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
620fa1c8fb trust me, i know what i am doing :) 2010-11-07 20:33:33 +00:00
Bernardo Damele
73e85bfc75 Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now 2010-11-07 16:24:44 +00:00
Bernardo Damele
4d81da6bc8 Cosmetics 2010-11-07 16:23:03 +00:00
Bernardo Damele
6716315a76 Minor bug fix to properly set the ratio just before the check for injection, not before the check for dynamicity 2010-11-07 15:45:26 +00:00
Bernardo Damele
9669dbdae1 Minor cosmetics and adjustments 2010-11-07 15:34:52 +00:00
Miroslav Stampar
afba26a53f tiny winy update 2010-11-07 09:00:45 +00:00
Miroslav Stampar
2b8c942b4a more update 2010-11-07 08:58:24 +00:00
Miroslav Stampar
00dfd55830 added powerful switch --longest-common for dealing with heavy dynamicity 2010-11-07 08:52:09 +00:00
Miroslav Stampar
16f52ab7ba cosmetic fix 2010-11-07 08:13:20 +00:00
Miroslav Stampar
8d93bdfa4b minor update (optimization) regarding -a switch 2010-11-07 08:11:56 +00:00
Miroslav Stampar
508b9cc763 dynamicity engine update 2010-11-07 00:12:00 +00:00
Miroslav Stampar
3619fc5127 minor update 2010-11-06 08:31:11 +00:00
Miroslav Stampar
06760182f1 cosmetics 2010-11-05 16:08:42 +00:00
Miroslav Stampar
9bc9302e58 minor fix 2010-11-05 16:03:12 +00:00
Miroslav Stampar
44435adc4a added some fancy Ctrl+C when having multiple targets 2010-11-05 15:59:25 +00:00
Miroslav Stampar
0e895fa512 update of dynamicity testing and few misc fixes 2010-11-05 13:14:12 +00:00
Miroslav Stampar
ef1809464d bug fix for that BadStatusLine (http://bugs.python.org/issue8450) 2010-11-05 11:58:20 +00:00
Miroslav Stampar
6295a59a30 minor update/fix 2010-11-05 11:39:35 +00:00
Miroslav Stampar
f3e3420677 fix for a bug reported by Marcos Mateos Garcia (ValueError) 2010-11-05 11:34:09 +00:00
Miroslav Stampar
5f7f4bf15b minor debug update (probably temporary) 2010-11-05 11:04:00 +00:00
Miroslav Stampar
3f0a443b83 some updates 2010-11-04 23:08:59 +00:00
Miroslav Stampar
29b7c5366c cosmetics 2010-11-04 17:22:33 +00:00
Miroslav Stampar
ad6b2e9c21 minor fix 2010-11-04 16:47:18 +00:00
Miroslav Stampar
e1cec8c02b fix for all that stable, dynamic mambo jambo :) 2010-11-04 16:44:34 +00:00
Miroslav Stampar
f1f7e0bfe0 fix for "unknown charset 'en_us'" (reported by ToR) 2010-11-04 13:56:01 +00:00
Miroslav Stampar
3aba0b1bec minor update 2010-11-04 12:51:04 +00:00
Miroslav Stampar
63af5444fd fix (NameError: global name 'DBMS' is not defined) 2010-11-04 12:47:34 +00:00
Bernardo Damele
91a3a582e8 Minor bug fix to avoid crash when running sqlmap behind a proxy server 2010-11-04 12:22:04 +00:00
Bernardo Damele
0e9515c540 Cosmetics 2010-11-04 12:21:06 +00:00
Miroslav Stampar
18aea251b3 added concept of tamper script priority 2010-11-04 10:29:40 +00:00
Miroslav Stampar
303359e8b1 refix 2010-11-04 09:34:04 +00:00
Miroslav Stampar
efe75aa8a3 added some debug messages 2010-11-04 09:18:32 +00:00
Bernardo Damele
b152b1a04d Cosmetics 2010-11-03 22:07:13 +00:00
Miroslav Stampar
71d0b1bcd7 several bug fixes 2010-11-03 21:51:36 +00:00
Miroslav Stampar
44678fa320 fix for a bug reported by ToR (TypeError: unsupported operand type(s) for *: 'float' and 'NoneType') 2010-11-03 12:40:11 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
cd0d4135ac implemented --banner for MaxDB and some minor fixes 2010-11-02 20:51:55 +00:00
Miroslav Stampar
861706fb31 fix for bug reported by ToR (unknown charset 'utf-8, text/html') 2010-11-02 18:01:10 +00:00
Bernardo Damele
c7c84c3089 Closes #111 (DECLARE/CHAR encode xp_cmdshell parameter in MSSQL). 2010-11-02 15:31:51 +00:00
Miroslav Stampar
70f6eab715 minor update 2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Miroslav Stampar
5269cb8c08 some code refactoring and beautification 2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a one bug fix in dynamic content engine and some code refactoring 2010-11-02 07:32:08 +00:00
Miroslav Stampar
73b33ed765 fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic 2010-11-01 20:56:13 +00:00
Bernardo Damele
486a113560 Consolidate logger messages for --*-test switches 2010-10-31 16:58:38 +00:00
Bernardo Damele
46be570463 Proper HTTP version display 2010-10-31 15:41:28 +00:00
Bernardo Damele
f3cc41601c Added check on --first and --last values 2010-10-31 14:42:13 +00:00
Bernardo Damele
0ffffef088 Implemented --tamper for direct connection too (-d) 2010-10-31 14:22:32 +00:00
Bernardo Damele
65a0a8d285 Delegate urlencoding to agent.py only 2010-10-31 13:28:05 +00:00
Bernardo Damele
c7b374534b Minor cosmetics 2010-10-31 12:29:00 +00:00
Bernardo Damele
617edf7fc2 Minor bug fix 2010-10-31 12:24:19 +00:00
Bernardo Damele
fcada4df0f Removed debug print 2010-10-31 12:21:22 +00:00
Bernardo Damele
2a2f949275 Minor bug fix 2010-10-31 12:20:38 +00:00
Bernardo Damele
264247d318 revert of a stupid commit 2010-10-31 12:09:55 +00:00
Bernardo Damele
2fb059a644 Bug fix 2010-10-31 12:02:20 +00:00
Bernardo Damele
9d08cb3a6f Revert r2209 and minor code refactoring 2010-10-31 11:51:45 +00:00
Bernardo Damele
3eda4510e2 Properly encode the cookie 2010-10-31 11:26:33 +00:00
Bernardo Damele
3869ccebe8 Minor code refactoring 2010-10-31 11:17:51 +00:00
Bernardo Damele
6afc9bffaa Minor bug fix: there will always be only one pair of delimiters as we add it for each place 2010-10-31 11:09:29 +00:00
Bernardo Damele
3a48bee9b0 Minor code refactoring 2010-10-31 11:03:59 +00:00
Bernardo Damele
8cf0ebde1e Cosmetics 2010-10-29 23:00:48 +00:00
Miroslav Stampar
0125198210 minor fix 2010-10-29 21:19:28 +00:00
Miroslav Stampar
cbf38436f2 minor update 2010-10-29 16:15:23 +00:00
Miroslav Stampar
5a38ac7ea9 important update regarding (Bug #209) - probably more will be needed 2010-10-29 16:11:50 +00:00
Bernardo Damele
a0df231aa4 Avoid waiting 30 seconds when cleaning up the dbms and file system from sqlmap data 2010-10-29 13:09:53 +00:00
Miroslav Stampar
f7d42af046 some fixes regarding --check-payload 2010-10-29 11:00:23 +00:00
Bernardo Damele
b3b2c3864a Minor code refactoring 2010-10-29 10:51:09 +00:00
Miroslav Stampar
d75578c81f some update regarding common tables 2010-10-29 09:00:51 +00:00
Miroslav Stampar
895efd28a6 one more update regarding Bug #205 2010-10-28 23:22:13 +00:00
Miroslav Stampar
788eb8fb50 update regarding Bug #205 2010-10-28 22:59:51 +00:00
Bernardo Damele
4f8e9da1b6 Minor bug fix to properly delete sqlmap temporary files on the database server file system at shutdown.
Minor improvements at ICMPsh tunnel to cleanup properly the dbms at shutdown and avoid checking/writing sys_bineval() UDF as it's a PE and needs to be called by sys_exec() only.
Got rid of useless doubleslash param in delRemoteFile() method.
Major code refactoring to xp_cmdshell.py methods and parent calls.
2010-10-28 00:19:40 +00:00
Bernardo Damele
56c16cb471 Minor bug fixes and enhancements to ICMPsh tunnel 2010-10-27 23:01:17 +00:00
Bernardo Damele
a391be833b Implemented ICMP tunneling for out-of-band takeover (--os-pwn) as an alternative to TCP tunneling (Metasploit). It relies on icmpsh, the back-end dbms server has to be Windows as the icmpsh slave runs on Windows only for the moment. sqlmap needs to be executed as root to work. 2010-10-27 21:02:22 +00:00
Bernardo Damele
43de8247ac Code refactoring 2010-10-27 20:39:50 +00:00
Bernardo Damele
d554ffc0ae yes, I am quite paranoid with cosmetics 2010-10-27 10:37:54 +00:00
Miroslav Stampar
5cc1bd8a12 major fix for heuristic check 2010-10-27 08:27:31 +00:00
Miroslav Stampar
4d70f2c210 reverting back to 100 2010-10-26 15:42:54 +00:00
Miroslav Stampar
8211e6a2bd possible 2010-10-26 11:29:09 +00:00
Bernardo Damele
9b127e58d2 Adjusted for MySQL weirdness 2010-10-26 09:33:18 +00:00
Miroslav Stampar
8803096343 some update regarding beep() 2010-10-26 08:32:58 +00:00
Miroslav Stampar
b9ff91b6e9 update of beep 2010-10-26 06:30:27 +00:00
Miroslav Stampar
9ec9d223e1 minor 2010-10-26 06:08:40 +00:00
Bernardo Damele
f5904d0bc0 Major bug fix to --union-test 2010-10-25 23:39:55 +00:00
Bernardo Damele
7effd0c301 Cosmetics 2010-10-25 22:54:56 +00:00
Miroslav Stampar
73eea81b3a minor cosmetics 2010-10-25 19:45:53 +00:00
Miroslav Stampar
d7bf94d4d6 fix for --beep 2010-10-25 19:16:42 +00:00
Miroslav Stampar
228ac0cde5 refactoring regarding --check-payload 2010-10-25 18:38:54 +00:00
Bernardo Damele
7c343c2d67 Forgot 2010-10-25 16:34:43 +00:00
Bernardo Damele
debaf2215f Consistency between cmdline.py, optiondict.py and sqlmap.conf and got rid of --union-use switch 2010-10-25 15:54:45 +00:00
Miroslav Stampar
378653a1ec added IDS payload testing 2010-10-25 15:37:43 +00:00
Bernardo Damele
bdb9c37a7e Cosmetics 2010-10-25 15:17:59 +00:00
Bernardo Damele
215175e3b7 Minor code adjustments 2010-10-25 14:11:47 +00:00
Miroslav Stampar
24c5d7b313 code refactoring 2010-10-25 14:06:56 +00:00
Miroslav Stampar
9c94a233a1 conf.md5hash thrown out 2010-10-25 13:52:21 +00:00
Miroslav Stampar
9a3879feba keeping things neat and tidy 2010-10-25 12:33:49 +00:00
Miroslav Stampar
32728d14b7 fix for --union-use with --error-test 2010-10-25 12:25:29 +00:00
Miroslav Stampar
71543092b7 update regarding comparison engine 2010-10-25 12:00:59 +00:00
Miroslav Stampar
8df7c88174 implementation of a new dynamic content removal engine 2010-10-25 10:41:37 +00:00
Miroslav Stampar
db260c44d3 minor update 2010-10-24 22:25:05 +00:00
Miroslav Stampar
aa931efd4d several MySQL fixes/enhancements pointed out by Anton Mogilin 2010-10-24 22:05:14 +00:00
Miroslav Stampar
52f910f752 added --beep (tested on Windows and Linux; for now turned off) switch 2010-10-23 09:38:46 +00:00
Miroslav Stampar
98f5586b87 minor update 2010-10-23 08:05:24 +00:00
Miroslav Stampar
f1e2c1867f Cosmetics 2010-10-22 21:13:12 +00:00
Miroslav Stampar
2194d47782 setting conf.threads when -o switch is used 2010-10-22 19:10:45 +00:00
Miroslav Stampar
e6e48c5556 fix for Bug #204 2010-10-22 18:23:46 +00:00
Bernardo Damele
1288def3b7 Cosmetics 2010-10-22 14:23:14 +00:00
Miroslav Stampar
dec4d858b3 fix for Bug #207 2010-10-22 14:01:48 +00:00
Miroslav Stampar
1b2ec826bf misc fixes regarding new query retrieval format 2010-10-21 23:17:06 +00:00
Miroslav Stampar
a9b50a1e82 minor fix 2010-10-21 23:09:57 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947 refactoring regarding __START__,... 2010-10-21 09:51:07 +00:00
Miroslav Stampar
2668c95ef4 added default HTTP version used by httplib and urllib2 2010-10-21 09:10:07 +00:00
Bernardo Damele
7f1aa3b94f Removed unused imports 2010-10-20 22:48:51 +00:00
Bernardo Damele
c60edf7c17 Minor cosmetics 2010-10-20 22:43:02 +00:00
Bernardo Damele
d8bfa76dca Minor possible bug fix 2010-10-20 22:12:53 +00:00
Bernardo Damele
e73e06069b Minor code refactoring 2010-10-20 22:09:03 +00:00
Bernardo Damele
862cc9ac53 Minor cosmetic fixes 2010-10-20 21:58:33 +00:00
Bernardo Damele
3b5c5cc457 Minor possible bug fix 2010-10-20 21:49:05 +00:00
Bernardo Damele
f95098693f Removed unused functions 2010-10-20 21:16:28 +00:00
Bernardo Damele
430bb7478f Minor bug fix 2010-10-20 21:15:06 +00:00
Miroslav Stampar
34f70657ee fix for NULL values 2010-10-20 10:29:18 +00:00
Miroslav Stampar
00449f1402 fix/upgrade/chicken soup 2010-10-20 09:54:17 +00:00
Miroslav Stampar
e24bff0497 nice refactoring 2010-10-20 09:46:57 +00:00
Miroslav Stampar
5d3cbec457 no more regex. web server independent. 2010-10-20 09:35:46 +00:00
Miroslav Stampar
934adb5e8d code refactoring 2010-10-20 09:09:04 +00:00
Miroslav Stampar
b032fdbf74 added randInt to error injection vectors 2010-10-20 08:56:58 +00:00
Miroslav Stampar
dabbcf9e23 fix for that 'Subquery returns more than 1 row' 2010-10-20 08:50:05 +00:00
Miroslav Stampar
82f44989ce update of error based injection and bug fix for --roles on MSSQL server 2010-10-20 06:40:33 +00:00
Bernardo Damele
0817d1b78d Cosmetics 2010-10-19 23:09:30 +00:00