Commit Graph

224 Commits

Author SHA1 Message Date
Miroslav Stampar
8fd3e7ba1f thread based data added 2010-12-20 22:45:01 +00:00
Miroslav Stampar
5852bad963 some refactoring 2010-12-20 18:56:06 +00:00
Miroslav Stampar
19d8733e9a this is strictly for educational purposes 2010-12-20 17:30:47 +00:00
Miroslav Stampar
13d5b2c0ff code refactoring 2010-12-20 09:44:21 +00:00
Miroslav Stampar
36862e2efa update 2010-12-18 15:57:47 +00:00
Miroslav Stampar
e355f92f22 bug fix 2010-12-18 10:02:01 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
a19cb2c13a code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") 2010-12-17 21:29:09 +00:00
Miroslav Stampar
de54219571 code refactoring 2010-12-15 12:50:56 +00:00
Miroslav Stampar
c1c525aaea quick fix of a fix 2010-12-15 12:10:33 +00:00
Miroslav Stampar
7cfeb5447b minor update 2010-12-15 11:46:28 +00:00
Miroslav Stampar
4dec24d056 quick fix for a bug reported by Andreas Constantinides (KeyError: 5) 2010-12-15 11:30:29 +00:00
Miroslav Stampar
c3d0295d21 minor update (checking for --time-sec value) 2010-12-14 12:37:21 +00:00
Miroslav Stampar
b75d7fa348 minor cache based optimization 2010-12-14 12:22:17 +00:00
Bernardo Damele
4b79227b5a Minor bug fix to properly merge options from .conf file (-c) with command line switches 2010-12-13 21:36:23 +00:00
Bernardo Damele
5fb04515d3 Added hidden (for the moment) switch --technique 2010-12-09 13:47:17 +00:00
Miroslav Stampar
293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) 2010-12-07 23:32:33 +00:00
Miroslav Stampar
dc651d59ec little mathematics here and there (used "Rules for normally distributed data") 2010-12-07 19:19:12 +00:00
Miroslav Stampar
ecd4a5a532 added standard deviation check in time based tests 2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec more advanced time technique(s) 2010-12-07 16:04:53 +00:00
Miroslav Stampar
add6235b16 removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session 2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f code refactoring 2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8 Added counter of total HTTP(s) requests done during detection phase 2010-12-07 12:33:47 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Miroslav Stampar
9e5f933ace some updates 2010-12-04 15:47:02 +00:00
Miroslav Stampar
1f795622b3 some fine tuning of dynamicity removing engine 2010-12-04 13:39:35 +00:00
Miroslav Stampar
04714374f9 now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s)) 2010-12-04 10:05:18 +00:00
Bernardo Damele
5d37df6104 Ugly code to set the cookies when got them from a 302 redirect too 2010-12-03 17:41:10 +00:00
Miroslav Stampar
612ee08a0b added response time kb attribute 2010-12-03 13:19:34 +00:00
Bernardo Damele
22de82634a Important update to parse correctly the <where> tag during exploitation phase.
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Bernardo Damele
09b265a1ea Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check 2010-12-01 23:32:02 +00:00
Bernardo Damele
8b9706656e Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.
Minor code refactoring too.
2010-11-29 17:18:38 +00:00
Miroslav Stampar
e735f2960a minor update 2010-11-29 15:25:45 +00:00
Bernardo Damele
2efb3b78ea Consider also --dbms value during the detection phase 2010-11-29 14:48:07 +00:00
Bernardo Damele
76ce9cc888 Minor bug fix for --forms 2010-11-29 12:46:18 +00:00
Bernardo Damele
9d7087e2ff Proper saving and resuming when more than a parameter are injectable.
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Bernardo Damele
472f4465a6 Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
c471b815cc fix for a bug reported by BugTrace (IndexError: list index out of range) 2010-11-22 10:58:08 +00:00
Bernardo Damele
99a23e23cf Extra check on --union-cols value 2010-11-19 16:39:26 +00:00
Bernardo Damele
c23126547e Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20. 2010-11-19 15:48:24 +00:00
Bernardo Damele
ad17e9ed2a Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any) 2010-11-19 14:56:20 +00:00
Miroslav Stampar
ff310475c8 some reporting update for --forms 2010-11-15 14:17:51 +00:00
Miroslav Stampar
20d6b9a5c1 minor fix 2010-11-15 12:24:32 +00:00
Miroslav Stampar
819085155e minor update/fix 2010-11-15 12:07:13 +00:00
Miroslav Stampar
c25c017c08 cosmetics regarding --forms 2010-11-15 11:50:33 +00:00
Miroslav Stampar
36c544f440 update (--forms acts now more like -g switch) 2010-11-15 11:34:57 +00:00
Bernardo Damele
0a83a830d9 Properly handle both HTTPS and HTTP requests through proxy 2010-11-12 14:21:46 +00:00
Bernardo Damele
e1ef27f592 work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https 2010-11-12 12:25:02 +00:00