Miroslav Stampar
4bb5885413
some changes regarding --common-outputs feature
2010-05-31 09:41:41 +00:00
Miroslav Stampar
0450df8a77
added kb.cache for storing cached results (e.g. kb.cache.regex for storing compiled regular expressions and kb.cache.md5 for storing precalculated MD5 values during '--users --common-prediction' session)
2010-05-31 08:13:08 +00:00
Bernardo Damele
b798222dd7
Minor fixes
2010-05-30 14:53:13 +00:00
Bernardo Damele
89c721a451
More replacements from open() to codecs.open(). conf.dataEncoding has to be used only for non-binary files.
2010-05-29 10:10:28 +00:00
Bernardo Damele
e811101dce
Minor bug fix
2010-05-28 23:39:52 +00:00
Bernardo Damele
10521b68eb
Major bug fix in multipartpost and minor adjustments elsewhere
2010-05-28 23:12:20 +00:00
Bernardo Damele
a138dbe5f6
Minor bug fixes and code refactoring
2010-05-28 15:57:43 +00:00
Miroslav Stampar
a3db3c03c1
str() -> unicode()
2010-05-28 13:05:02 +00:00
Miroslav Stampar
f24187f251
few fixes here and there
2010-05-28 12:47:03 +00:00
Miroslav Stampar
f36e093fa7
minor update
2010-05-28 09:13:50 +00:00
Bernardo Damele
9de1671b8f
Code refactoring and minor bug fixes.
2010-05-27 16:45:09 +00:00
Miroslav Stampar
c431a74d9e
minor fix/adjustment regarding getCompiledRegex
2010-05-27 11:52:18 +00:00
Miroslav Stampar
ce29c841cf
some comments added
2010-05-26 11:14:22 +00:00
Miroslav Stampar
1a3dfd8ced
some more changes
2010-05-26 11:01:26 +00:00
Miroslav Stampar
bbdbe44e3f
fuck yea, first tests (MySQL/--tables & --common-prediction) are great :)
2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99
more code updates regarding good samaritan (common output) feature
2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024
minor update regarding good samaritan
2010-05-25 14:51:02 +00:00
Miroslav Stampar
065d5b02ec
added singleValue parameter for good samaritan (same thing Bernardo wanted :)
2010-05-25 13:51:03 +00:00
Miroslav Stampar
056d1ad76e
new commit regarding good samaritan feature
2010-05-25 13:06:23 +00:00
Miroslav Stampar
dc83f794ea
fix regarding proper string isinstance checking (including unicode)
2010-05-25 10:09:35 +00:00
Bernardo Damele
a43eb64c5d
Minor refactoring
2010-05-24 15:46:12 +00:00
Miroslav Stampar
0197f8db5c
code refactoring regarding issue #184
2010-05-24 11:12:40 +00:00
Miroslav Stampar
e9be60e1ac
added support for proper unicode session(s) storage/retrieval
2010-05-24 11:00:49 +00:00
Bernardo Damele
03fb84e29f
Minor enhancement to internal --profile function
2010-05-21 15:06:05 +00:00
Miroslav Stampar
5d5ebd49b6
introducing regex caching mechanism
2010-05-21 14:42:59 +00:00
Bernardo Damele
7ee20480a4
Added a TODO note
2010-05-21 13:24:23 +00:00
Bernardo Damele
319adef8c4
Minor adjustment
2010-05-21 13:19:50 +00:00
Miroslav Stampar
050015d2bb
minor adjustments
2010-05-21 13:15:21 +00:00
Miroslav Stampar
5a5b31ad53
minor code adjustment
2010-05-21 13:03:57 +00:00
Miroslav Stampar
64f2afe585
in a mood for more changes
2010-05-21 12:44:09 +00:00
Miroslav Stampar
78547bb79e
quick fix
2010-05-21 12:19:20 +00:00
Bernardo Damele
a21a7fc56d
Minor code refactoring
2010-05-21 12:09:31 +00:00
Miroslav Stampar
9b91b30b69
minor refactoring
2010-05-21 10:41:30 +00:00
Miroslav Stampar
5f44696530
changes regarding putting of gprof2dot script inside extras and its usage
2010-05-21 10:30:11 +00:00
Miroslav Stampar
68e13c3872
periodical commit
2010-05-21 09:35:36 +00:00
Miroslav Stampar
19a82e151c
minor cleanup
2010-05-14 14:03:33 +00:00
Miroslav Stampar
7107e8fd6a
optimization of CPU intensive sanitizeAsciiString
2010-05-14 13:55:25 +00:00
Miroslav Stampar
5396f13bab
added CPU throttling for lowering sqlmap's CPU intensivity
2010-05-13 15:19:28 +00:00
Miroslav Stampar
ca3e12ae73
added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)
2010-05-13 11:05:35 +00:00
Bernardo Damele
65a05452f7
Added option --search to work in conjunction with -D (done), -T (soon) or -C (replaces --dump -C) - See #190 :
...
* --search -D foobar: searches all database names like the ones provided
* --search -T foobar: searches all databases' table names like the ones provided (soon)
* --search -C foobar: replaces --dump -C
2010-05-07 13:40:57 +00:00
Miroslav Stampar
789dd6c66f
more quick fixes
2010-05-04 08:43:14 +00:00
Bernardo Damele
4d46f997a7
Minor bug fix
2010-04-29 13:34:03 +00:00
Bernardo Damele
a1b1f960cc
Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function
2010-04-23 16:34:20 +00:00
Bernardo Damele
0f80768e66
Reverted
2010-04-22 16:35:22 +00:00
Bernardo Damele
7b070acd17
Reimported needed imports!
2010-04-22 16:13:22 +00:00
Miroslav Stampar
1bcec80e95
fix for that takeover bug Ethan Robish posted (Windows/PHP)
2010-04-22 10:31:33 +00:00
Bernardo Damele
2840f20605
Minor bug fix
2010-04-17 15:43:08 +00:00
Miroslav Stampar
915d3441e9
some code refactoring
2010-04-16 19:57:00 +00:00
Miroslav Stampar
938a3ab0b9
fix for Bug #183 (--threads dot output)
2010-04-16 13:40:02 +00:00
Bernardo Damele
1ab78ce60e
Added support to directly connect also to SQLite 2 db file
2010-04-13 22:43:38 +00:00
Bernardo Damele
fee062781f
Minor adjustment
2010-04-13 11:13:01 +00:00
Miroslav Stampar
da1ea48947
added some nagging for connection details
2010-04-13 11:00:15 +00:00
Miroslav Stampar
fcceceed45
fix for bug reported by shiftzwei@gmail.com regarding formatDBMSfp with unknown DBMS version
2010-04-09 10:40:08 +00:00
Bernardo Damele
cad8f61d55
Force pymssql to version >= 1.0.2
2010-03-31 15:31:11 +00:00
Bernardo Damele
5fdebb5d5b
Added support to directly connect also to Microsoft SQL Server database.
...
Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods.
2010-03-31 10:50:47 +00:00
Miroslav Stampar
ae3455a0c2
more update
2010-03-30 11:28:14 +00:00
Miroslav Stampar
738c210075
update
2010-03-30 11:21:26 +00:00
Miroslav Stampar
87d8c6719e
updates, fixes and stuff
2010-03-30 11:06:30 +00:00
Bernardo Damele
a0290a257b
Added support to connect directly also to Oracle - see #158
2010-03-27 21:50:19 +00:00
Bernardo Damele
1416cd0d86
Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).
...
Minor layout adjustments.
2010-03-26 23:23:25 +00:00
Miroslav Stampar
8bab94de64
added two new functions: isBase64EncodedString and isHexEncodedString for Feature #71
2010-03-26 17:18:02 +00:00
Bernardo Damele
f9a135e232
Minor bug fix and layout adjustment regarding --threading and standard output
2010-03-22 17:38:19 +00:00
Bernardo Damele
d00e4a458a
Code cleanup
2010-03-21 00:39:44 +00:00
Bernardo Damele
0d559d14df
Initial support for SQLite (90% approx).
...
Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments.
2010-03-18 17:20:54 +00:00
Bernardo Damele
3b3353e05b
Revert last commit
2010-03-16 13:56:36 +00:00
Miroslav Stampar
1dfe558d3d
Fix for Issue #177
2010-03-16 13:11:44 +00:00
Bernardo Damele
5063401130
Minor bug fix, fixes #170
2010-03-15 11:00:14 +00:00
Miroslav Stampar
b544405878
fixed some issue involving banner parsing
2010-03-04 09:15:26 +00:00
Bernardo Damele
a654a426ef
Minor adjustments
2010-03-03 16:19:17 +00:00
Bernardo Damele
156fdd96ef
Updated copyright
2010-03-03 15:26:27 +00:00
Bernardo Damele
694356821d
sqlmap does not save nor leave back in temporary folder any file named 'sqlmapRANDOM', only random names now, less suspicious
2010-02-26 13:13:50 +00:00
Bernardo Damele
8c68d25b39
Major bug fix, be careful when editing isWindowsPath() and normalizePath() in common.py, they can break all
2010-02-26 12:00:47 +00:00
Bernardo Damele
98496fd173
Show also site in the banner
2010-02-25 17:37:46 +00:00
Bernardo Damele
404927d04a
Adjusted banner, increased release candidate to rc7
2010-02-25 17:34:54 +00:00
Miroslav Stampar
d95a8850c8
fix
2010-02-25 16:38:39 +00:00
Miroslav Stampar
0913d700a8
important update regarding default directories
2010-02-25 15:22:41 +00:00
Bernardo Damele
a10adcfe08
Minor code cleanup
2010-02-25 15:16:41 +00:00
Miroslav Stampar
3721451cd6
default dirs update
2010-02-25 14:51:39 +00:00
Miroslav Stampar
9c014c0fd0
minor change
2010-02-20 23:11:05 +00:00
Miroslav Stampar
cef248a5ea
update for that invalid target url Otavio Augusto reported
2010-02-10 12:06:23 +00:00
Miroslav Stampar
00a23ace9a
some changes regarding web takeover
2010-02-09 14:27:41 +00:00
Miroslav Stampar
ec63fc4036
code refactoring - added functions posixToNtSlashes and ntToPosixSlashes
2010-02-04 14:37:00 +00:00
Miroslav Stampar
e4699f389d
some bug fixes regarding --os-shell usage against windows servers
2010-02-04 09:49:31 +00:00
Miroslav Stampar
ea045eaa2f
fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)
...
also, fixed some issues with Windows paths
2010-02-03 16:40:12 +00:00
Miroslav Stampar
494e014a4a
minor update
2010-02-03 16:04:44 +00:00
Miroslav Stampar
894b9f0f80
minor minor update
2010-02-03 15:15:30 +00:00
Miroslav Stampar
25f1a9c7d0
upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this)
2010-02-03 15:06:41 +00:00
Miroslav Stampar
c74b920f54
bug fix
2010-02-03 14:49:28 +00:00
Miroslav Stampar
92817159dc
cloaked upx for windows (used mkstemp because of execution and file access rights problem)
2010-01-29 10:12:09 +00:00
Bernardo Damele
6f5d2ed171
Minor cosmetic adjustments
2010-01-28 17:07:34 +00:00
Miroslav Stampar
732ed48e2b
some refactoring regarding decloaking
2010-01-28 16:50:34 +00:00
Miroslav Stampar
645afee359
some changes
2010-01-28 00:25:36 +00:00
Miroslav Stampar
a4d8234875
minor update
2010-01-24 14:23:19 +00:00
Miroslav Stampar
98205cc488
another fix for Bug #148
2010-01-23 23:29:34 +00:00
Bernardo Damele
4ce3abc56d
Minor adjustments
2010-01-15 17:42:46 +00:00
Miroslav Stampar
5f171340f5
introduced safe string formatting
2010-01-15 16:06:59 +00:00
Miroslav Stampar
dcf0b2a3c1
minor update
2010-01-15 11:45:48 +00:00
Miroslav Stampar
f5c422efb4
updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before
2010-01-15 11:44:05 +00:00
Bernardo Damele
6a62a78b0a
More generic
2010-01-08 23:50:06 +00:00
Bernardo Damele
80df1fdcf9
Minor bug fix with --sql-query/shell when providing a statement with DISTINCT
2010-01-05 16:15:31 +00:00