Miroslav Stampar
|
b032fdbf74
|
added randInt to error injection vectors
|
2010-10-20 08:56:58 +00:00 |
|
Miroslav Stampar
|
dabbcf9e23
|
fix for that 'Subquery returns more than 1 row'
|
2010-10-20 08:50:05 +00:00 |
|
Miroslav Stampar
|
82f44989ce
|
update of error based injection and bug fix for --roles on MSSQL server
|
2010-10-20 06:40:33 +00:00 |
|
Bernardo Damele
|
0817d1b78d
|
Cosmetics
|
2010-10-19 23:09:30 +00:00 |
|
Miroslav Stampar
|
8776db872c
|
minor refactoring
|
2010-10-19 23:05:24 +00:00 |
|
Miroslav Stampar
|
1b376c99a6
|
removed temp dictionary and replaced with kb.misc
|
2010-10-19 23:00:19 +00:00 |
|
Bernardo Damele
|
813f44da16
|
Minor bug fix for MSSQL connector --tables option
|
2010-10-19 22:11:17 +00:00 |
|
Miroslav Stampar
|
7927e97007
|
update
|
2010-10-19 18:34:57 +00:00 |
|
Miroslav Stampar
|
415524bd5a
|
remove --error, now it's only --error-test (it needs to return True to be able to use it)
|
2010-10-19 18:34:14 +00:00 |
|
Miroslav Stampar
|
8d9201a3dc
|
minor update
|
2010-10-19 18:23:21 +00:00 |
|
Miroslav Stampar
|
4009ef385e
|
more update regarding error based injection support
|
2010-10-19 18:17:34 +00:00 |
|
Miroslav Stampar
|
b2e0b615f8
|
fix for that MySQL checking
|
2010-10-19 17:38:39 +00:00 |
|
Miroslav Stampar
|
34d7de1d46
|
cosmetics
|
2010-10-19 15:28:54 +00:00 |
|
Miroslav Stampar
|
d7622bb9cf
|
major fix for MySQL error based injections
|
2010-10-19 15:17:16 +00:00 |
|
Miroslav Stampar
|
80505de15b
|
now --users work on Oracle and Postgre (tested)
|
2010-10-19 14:56:57 +00:00 |
|
Miroslav Stampar
|
4bc541ec3c
|
error based update
|
2010-10-19 14:47:13 +00:00 |
|
Miroslav Stampar
|
d0ebe428da
|
i've left error flag
|
2010-10-19 14:12:34 +00:00 |
|
Miroslav Stampar
|
bf850af2d8
|
fix for Oracle error based query "space" problem
|
2010-10-19 14:10:09 +00:00 |
|
Miroslav Stampar
|
6a8b1046d4
|
first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)
|
2010-10-19 12:02:04 +00:00 |
|
Miroslav Stampar
|
ccda92536f
|
added header
|
2010-10-19 09:13:30 +00:00 |
|
Miroslav Stampar
|
264e0a6fda
|
added support for displaying revision number at unhandled exception message
|
2010-10-19 08:55:14 +00:00 |
|
Miroslav Stampar
|
9a7fd29d4f
|
using pushValue and popValue
|
2010-10-18 22:22:41 +00:00 |
|
Miroslav Stampar
|
a97319656c
|
optimization - now if DBMS was detected by error based HTML parser, then it's moved at the first place for testing
|
2010-10-18 21:47:11 +00:00 |
|
Miroslav Stampar
|
729156e91c
|
proper fix
|
2010-10-18 21:39:46 +00:00 |
|
Miroslav Stampar
|
3d5494845c
|
minor bug fix
|
2010-10-18 21:32:50 +00:00 |
|
Miroslav Stampar
|
8b8fff41fe
|
cosmetics (adding html parsed DBMS) regarding heuristic check
|
2010-10-18 12:11:16 +00:00 |
|
Bernardo Damele
|
1d74036ee3
|
Minor cosmetic fixes
|
2010-10-18 11:34:53 +00:00 |
|
Bernardo Damele
|
36bc410333
|
Minor bug fix
|
2010-10-18 09:50:23 +00:00 |
|
Miroslav Stampar
|
6b70dadfb2
|
minor cosmetics
|
2010-10-18 09:09:22 +00:00 |
|
Miroslav Stampar
|
149837ebf5
|
added the same for proxy authorization header
|
2010-10-18 09:02:56 +00:00 |
|
Miroslav Stampar
|
aaebb4336e
|
fix for Bug #202
|
2010-10-18 08:54:08 +00:00 |
|
Bernardo Damele
|
683184cc8f
|
Minor refactoring
|
2010-10-17 21:06:52 +00:00 |
|
Bernardo Damele
|
cd0fe8dde0
|
Updated sample configuration file and cmdline help
|
2010-10-17 00:07:53 +00:00 |
|
Bernardo Damele
|
64b9f94fcf
|
Renamed --common-prediction switch to --predict-output
|
2010-10-16 23:50:13 +00:00 |
|
Bernardo Damele
|
f54c134d22
|
Minor adjustment
|
2010-10-16 22:43:05 +00:00 |
|
Bernardo Damele
|
6211915da5
|
Cosmetic fix
|
2010-10-16 22:31:16 +00:00 |
|
Bernardo Damele
|
7b71262de6
|
Cosmetic fix
|
2010-10-16 22:07:29 +00:00 |
|
Bernardo Damele
|
a2997a6dce
|
Minor bug fix to --tamper
|
2010-10-16 21:55:34 +00:00 |
|
Bernardo Damele
|
2129935e06
|
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
|
2010-10-16 21:52:16 +00:00 |
|
Bernardo Damele
|
2dae934a2b
|
Minor bug fixes, code refactoring and enhanced --tamper functionality
|
2010-10-16 21:33:15 +00:00 |
|
Bernardo Damele
|
84ed7f192a
|
Cosmetic fixes
|
2010-10-16 15:10:48 +00:00 |
|
Miroslav Stampar
|
1336b97c2c
|
removed --useBetween switch and added new tampering module ./tamper/between.py
|
2010-10-15 23:48:07 +00:00 |
|
Miroslav Stampar
|
1ae4d0fc2a
|
added optimization group
|
2010-10-15 23:26:48 +00:00 |
|
Bernardo Damele
|
e7c8be1d45
|
Minor layout adjustments
|
2010-10-15 15:37:15 +00:00 |
|
Miroslav Stampar
|
c9f0c75030
|
removed --space (usage of tampering modules is now a prefered way to do it)
|
2010-10-15 12:52:33 +00:00 |
|
Miroslav Stampar
|
d0514d18ec
|
removed that spaces from URI payloads
|
2010-10-15 12:49:03 +00:00 |
|
Bernardo Damele
|
bf56f8c63c
|
Cosmetic fix
|
2010-10-15 12:46:41 +00:00 |
|
Miroslav Stampar
|
dcb9c2103a
|
just in case update
|
2010-10-15 11:20:19 +00:00 |
|
Bernardo Damele
|
5f6d88a418
|
Minor comment
|
2010-10-15 11:17:17 +00:00 |
|
Miroslav Stampar
|
2fa8836c01
|
bug fix
|
2010-10-15 11:14:59 +00:00 |
|
Miroslav Stampar
|
d50684a057
|
added one more check
|
2010-10-15 11:05:50 +00:00 |
|
Miroslav Stampar
|
2b476e078c
|
minor cosmetics
|
2010-10-15 10:36:29 +00:00 |
|
Bernardo Damele
|
a80f6110cd
|
don't call variables 'file', it's a reserved word :)
|
2010-10-15 10:29:24 +00:00 |
|
Bernardo Damele
|
c5e385f77a
|
More layout adjustments
|
2010-10-15 10:28:34 +00:00 |
|
Bernardo Damele
|
9fcab68700
|
Minor adjustments
|
2010-10-15 10:28:06 +00:00 |
|
Bernardo Damele
|
48cc8a308d
|
More verbose messages on successful --null-connection
|
2010-10-15 10:24:54 +00:00 |
|
Miroslav Stampar
|
0f48dd6f73
|
fix for skipping non-GET urls
|
2010-10-15 09:54:29 +00:00 |
|
Miroslav Stampar
|
207bef7f19
|
fix for that SQLite3 vs SQLite2 issue
|
2010-10-15 09:39:41 +00:00 |
|
Miroslav Stampar
|
d0df8cdac9
|
fix for that duplicates
|
2010-10-15 00:34:16 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Bernardo Damele
|
1674142d82
|
Minor cosmetic fixes
|
2010-10-14 15:28:54 +00:00 |
|
Miroslav Stampar
|
2bbe0c9ba6
|
bug fix for Ctrl+C
|
2010-10-14 15:23:42 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
f07608ef4d
|
show static words in a sorted manner
|
2010-10-14 12:38:06 +00:00 |
|
Miroslav Stampar
|
162d01abed
|
commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)
|
2010-10-14 11:06:28 +00:00 |
|
Miroslav Stampar
|
7e1f784eaa
|
cosmetic update
|
2010-10-14 06:00:10 +00:00 |
|
Miroslav Stampar
|
dc50543ea4
|
major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)
|
2010-10-13 23:01:23 +00:00 |
|
Miroslav Stampar
|
36ef8ca575
|
bug fix
|
2010-10-13 22:42:48 +00:00 |
|
Miroslav Stampar
|
02a14d4c45
|
added Referer (part of Feature #37)
|
2010-10-13 22:08:09 +00:00 |
|
Miroslav Stampar
|
43a3ac2c3a
|
some bug fixes
|
2010-10-13 20:54:18 +00:00 |
|
Miroslav Stampar
|
f700692c74
|
added missing files for Sybase
|
2010-10-13 18:55:17 +00:00 |
|
Miroslav Stampar
|
562df9c107
|
temporary fix (files left at home)
|
2010-10-13 07:39:48 +00:00 |
|
Miroslav Stampar
|
34580f56fc
|
added --tamper option
|
2010-10-12 22:45:25 +00:00 |
|
Miroslav Stampar
|
9a08f7feb8
|
minor update
|
2010-10-12 20:01:59 +00:00 |
|
Miroslav Stampar
|
d2ec132469
|
added --text-only switch
|
2010-10-12 19:41:29 +00:00 |
|
Miroslav Stampar
|
f9f79ffbaf
|
basic stuff for sybase
|
2010-10-12 19:05:12 +00:00 |
|
Miroslav Stampar
|
9ffa928783
|
added some user interaction when page is dynamic
|
2010-10-12 15:49:04 +00:00 |
|
Miroslav Stampar
|
b748e6ea44
|
minor update
|
2010-10-12 12:52:06 +00:00 |
|
Miroslav Stampar
|
73b77255e3
|
minor cosmetic update
|
2010-10-12 12:32:02 +00:00 |
|
Miroslav Stampar
|
6dcd05c39c
|
minor update
|
2010-10-11 14:38:04 +00:00 |
|
Miroslav Stampar
|
e2bbfbe650
|
bug fix
|
2010-10-11 14:32:02 +00:00 |
|
Miroslav Stampar
|
1369529103
|
minor cosmetic update
|
2010-10-11 13:52:32 +00:00 |
|
Miroslav Stampar
|
43892cddbb
|
some updates
|
2010-10-11 12:26:35 +00:00 |
|
Miroslav Stampar
|
8b0a132fa9
|
minor update
|
2010-10-11 11:47:07 +00:00 |
|
Miroslav Stampar
|
2198a60684
|
bug fix (reported by james@ev6.net)
|
2010-10-10 20:51:11 +00:00 |
|
Miroslav Stampar
|
7a5bb2b0d6
|
update
|
2010-10-10 19:50:10 +00:00 |
|
Miroslav Stampar
|
8fcad29bbf
|
new feature --forms (still unfinished)
|
2010-10-10 18:56:43 +00:00 |
|
Miroslav Stampar
|
18d27cabc5
|
more changes
|
2010-10-07 15:34:17 +00:00 |
|
Miroslav Stampar
|
440ff639bb
|
more refactoring
|
2010-10-07 14:05:34 +00:00 |
|
Miroslav Stampar
|
e80a66acc5
|
minor update
|
2010-10-07 12:21:59 +00:00 |
|
Miroslav Stampar
|
1e9ae40397
|
major refactoring
|
2010-10-07 12:12:26 +00:00 |
|
Miroslav Stampar
|
1bf8939e2f
|
further updates
|
2010-10-06 22:43:04 +00:00 |
|
Miroslav Stampar
|
de6fa1247b
|
moved injections to xml format
|
2010-10-06 22:29:52 +00:00 |
|
Miroslav Stampar
|
adf2231edb
|
minor update
|
2010-10-06 13:38:03 +00:00 |
|
Miroslav Stampar
|
56dbf0038f
|
minor update (for future implementation of more advanced error page logic)
|
2010-10-06 12:10:00 +00:00 |
|
Miroslav Stampar
|
cbe7c902c1
|
just a development start of an error based injection support
|
2010-10-04 13:05:51 +00:00 |
|
Miroslav Stampar
|
0ad8090ad8
|
fix for a google bug reported by Brandon E.
|
2010-10-01 08:03:39 +00:00 |
|
Miroslav Stampar
|
49915f3c33
|
minor update
|
2010-09-30 19:49:14 +00:00 |
|
Miroslav Stampar
|
8abcdae1b5
|
some update
|
2010-09-30 19:45:23 +00:00 |
|
Miroslav Stampar
|
87abec16bd
|
probable fix for a bug reported by Prashant Jadhav
|
2010-09-30 18:52:33 +00:00 |
|