Miroslav Stampar
|
38ee95e2c9
|
Minor language update
|
2013-08-13 18:58:24 +02:00 |
|
Miroslav Stampar
|
52a71546d0
|
Implementation for an Issue #507
|
2013-08-13 18:55:23 +02:00 |
|
Miroslav Stampar
|
941b2387c0
|
Minor fix
|
2013-07-31 09:22:45 +02:00 |
|
Miroslav Stampar
|
b921ff0729
|
Fix for an Issue #495
|
2013-07-27 11:20:43 +02:00 |
|
stamparm
|
e6f71c2130
|
Making 10% less requests in futile higher level/risk runs (using static template payloads for where==NEGATIVE)
|
2013-07-15 16:24:49 +02:00 |
|
stamparm
|
c9d3974205
|
Minor fix (templatePayload had duplicate string patterns for where==NEGATIVE)
|
2013-07-15 13:54:02 +02:00 |
|
stamparm
|
ac2d40e259
|
Revert of last commit (there is a chance that that big integer value is really valid :)
|
2013-07-15 13:34:38 +02:00 |
|
stamparm
|
a097ee1505
|
Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant)
|
2013-07-15 13:31:56 +02:00 |
|
stamparm
|
d7c0805e7c
|
Removing leftover
|
2013-07-08 12:45:02 +02:00 |
|
stamparm
|
a548eb5c70
|
Minor text update
|
2013-07-08 12:44:14 +02:00 |
|
stamparm
|
d0e79a4d15
|
Minor text update
|
2013-07-08 12:38:36 +02:00 |
|
stamparm
|
a530817727
|
Minor typo fix
|
2013-07-08 11:52:46 +02:00 |
|
stamparm
|
8d3435ab0b
|
Removing reflective warning for parsing heuristic test
|
2013-07-08 11:48:33 +02:00 |
|
stamparm
|
04046f38eb
|
Minor update (Issue #475)
|
2013-07-01 12:26:57 +02:00 |
|
stamparm
|
f7d15cb465
|
Official naming is HSQLDB (and/or HyperSQL)
|
2013-07-01 11:57:47 +02:00 |
|
Miroslav Stampar
|
aeb83ba651
|
Merge pull request #475 from Meatballs1/hsql_clean
HSQL Payloads and Query Support
|
2013-07-01 02:38:04 -07:00 |
|
stamparm
|
fd5b665f7d
|
Removing arithmetic operations from false positive checking to minimize affect of character filtering ('>' and '=' have to stay because those are minimal requirements)
|
2013-06-26 10:55:34 +02:00 |
|
Meatballs
|
62000c6406
|
Remaining files
|
2013-06-24 14:42:58 +01:00 |
|
stamparm
|
690645f6c7
|
Cosmetic fix
|
2013-06-19 10:50:00 +02:00 |
|
stamparm
|
f4ca4cd6c5
|
Minor update
|
2013-05-29 15:49:09 +02:00 |
|
Miroslav Stampar
|
d3ad408a21
|
Minor cosmetics
|
2013-05-19 22:17:53 +02:00 |
|
Miroslav Stampar
|
980a0e3adb
|
Trivial update
|
2013-05-18 21:00:53 +02:00 |
|
Miroslav Stampar
|
1ff98c2ff9
|
Another minor text update
|
2013-05-18 21:00:11 +02:00 |
|
Miroslav Stampar
|
967513e1bb
|
Minor message update
|
2013-05-18 20:59:23 +02:00 |
|
Miroslav Stampar
|
caa4ee96cd
|
Minor cosmetic update
|
2013-05-18 18:28:44 +02:00 |
|
Miroslav Stampar
|
6608410320
|
Adding a question after WAF has been identified
|
2013-05-18 18:26:40 +02:00 |
|
stamparm
|
03732d2592
|
Minor fix
|
2013-05-17 16:04:05 +02:00 |
|
stamparm
|
76b4e1ccb9
|
Implementation for an Issue #450
|
2013-05-17 15:04:25 +02:00 |
|
stamparm
|
f1f34a65a2
|
Minor update
|
2013-05-15 13:38:26 +02:00 |
|
Miroslav Stampar
|
034e123b0c
|
Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent)
|
2013-05-12 16:24:13 +02:00 |
|
Miroslav Stampar
|
840ee26a14
|
If SQLAlchemy is available and it has problems while connecting then it should be smarter to not force the other (standard) method - if available
|
2013-04-15 18:42:26 +02:00 |
|
stamparm
|
1c2197e8de
|
Minor bug fix for an Issue #361 (removal of that ugly garbage clean warning message after sqlmap ends)
|
2013-04-15 16:18:40 +02:00 |
|
stamparm
|
a3d36fcb73
|
Minor update
|
2013-04-15 16:07:27 +02:00 |
|
stamparm
|
aed738d6e6
|
Update for an Issue #361
|
2013-04-15 14:20:21 +02:00 |
|
stamparm
|
3e65037a05
|
Introducing lib/utils/sqlalchemy.py (Issue #361)
|
2013-04-15 10:33:25 +02:00 |
|
stamparm
|
661b44135d
|
Minor bug fix
|
2013-04-10 11:59:07 +02:00 |
|
stamparm
|
8c9da95343
|
Style and consistency update (url -> URL)
|
2013-04-09 11:48:42 +02:00 |
|
Miroslav Stampar
|
153aa10b77
|
Minor cosmetic update
|
2013-04-03 19:00:54 +02:00 |
|
stamparm
|
5dd2529b02
|
Minor language update
|
2013-03-26 14:18:37 +01:00 |
|
stamparm
|
4d2b77dde3
|
Minor language update
|
2013-03-26 14:15:40 +01:00 |
|
stamparm
|
3f8dafedae
|
Minor text update
|
2013-03-26 14:08:35 +01:00 |
|
stamparm
|
7447773237
|
Update for consistency (all other enums are using _ in between words)
|
2013-03-20 11:10:24 +01:00 |
|
Miroslav Stampar
|
8acf033715
|
Code refactoring
|
2013-03-19 19:24:14 +01:00 |
|
Miroslav Stampar
|
a3d9a7b1ff
|
Minor fix
|
2013-03-19 19:06:51 +01:00 |
|
Martin Bjerregaard Jepsen
|
d7a77c79ad
|
Fixed incorrect call to checkBooleanExpression when testing for false positives
|
2013-03-01 22:51:34 +01:00 |
|
stamparm
|
3a3f9c5ea1
|
Trivial commit related to the last one
|
2013-03-01 12:09:03 +01:00 |
|
stamparm
|
440b484bf6
|
Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries)
|
2013-03-01 10:59:04 +01:00 |
|
Miroslav Stampar
|
e42350ddce
|
Minor style update
|
2013-02-28 20:28:34 +01:00 |
|
Miroslav Stampar
|
0e89cc62a2
|
Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections
|
2013-02-28 20:20:08 +01:00 |
|
stamparm
|
af4762ace2
|
Minor style update
|
2013-02-26 11:16:09 +01:00 |
|
stamparm
|
f6b43b4b13
|
Minor update for an Issue #290
|
2013-02-26 11:08:06 +01:00 |
|
stamparm
|
68ce51bfd4
|
Changing from warn to info for no WAF found
|
2013-02-22 12:15:38 +01:00 |
|
stamparm
|
0bbbfc2eac
|
Adding a small warning message (related to the Issue #407)
|
2013-02-22 11:12:41 +01:00 |
|
Miroslav Stampar
|
229e4e167b
|
Minor cosmetics
|
2013-02-21 21:06:31 +01:00 |
|
stamparm
|
3a8c0cd3a2
|
Minor style update
|
2013-02-21 14:52:56 +01:00 |
|
stamparm
|
29ba43ee6c
|
Unhidding switch '--identify-waf' (Issue #290)
|
2013-02-21 14:48:19 +01:00 |
|
stamparm
|
08f0670aca
|
Minor refactoring for an Issue #290
|
2013-02-21 14:39:22 +01:00 |
|
stamparm
|
8e49872d7c
|
Finalizing implementation for an Issue #290
|
2013-02-21 14:33:12 +01:00 |
|
stamparm
|
6b2981ef4e
|
Update for an Issue #290 (adding tamper-like scripts into (new) directory waf)
|
2013-02-21 11:14:57 +01:00 |
|
Miroslav Stampar
|
5c099efccc
|
Fix for an Issue #401
|
2013-02-18 11:38:18 +01:00 |
|
Bernardo Damele
|
4b9d8ed673
|
reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter
|
2013-02-14 11:32:17 +00:00 |
|
Bernardo Damele
|
a67ef4117f
|
make sure to use Python 2 interpreter when default system Python is version 3
|
2013-02-14 11:25:04 +00:00 |
|
Miroslav Stampar
|
1618086027
|
Minor fix
|
2013-02-05 10:58:02 +01:00 |
|
Miroslav Stampar
|
44579120b5
|
Cosmetics
|
2013-02-05 10:02:11 +01:00 |
|
Miroslav Stampar
|
e7b93b5b66
|
Implementation for an Issue #363
|
2013-02-01 17:24:04 +01:00 |
|
Miroslav Stampar
|
993372aae4
|
Bug fix (causing search problems)
|
2013-02-01 11:24:17 +01:00 |
|
Bernardo Damele
|
103045d284
|
variable renamed
|
2013-01-30 15:30:34 +00:00 |
|
Miroslav Stampar
|
f41460f8d8
|
Better naming
|
2013-01-29 20:53:11 +01:00 |
|
Bernardo Damele
|
a56f4ec15c
|
techniques has to go too to the API (issue #297)
|
2013-01-29 15:34:53 +00:00 |
|
Bernardo Damele
|
bfce7210e6
|
improvements to the dump library to output to the API data fetched properly formatted (issue #297)
|
2013-01-29 15:34:20 +00:00 |
|
Miroslav Stampar
|
8c84a16cb7
|
Minor style update for an Issue #377
|
2013-01-25 12:52:31 +01:00 |
|
Miroslav Stampar
|
194a9e7b88
|
Implementation for an Issue #377
|
2013-01-25 12:34:57 +01:00 |
|
Miroslav Stampar
|
b4a55a809e
|
Refactoring DBMS string escaping functions
|
2013-01-20 13:45:58 +01:00 |
|
Miroslav Stampar
|
ac7709204a
|
Better fix for that page/headers/comparison --string candidate problem
|
2013-01-18 17:00:11 +01:00 |
|
Miroslav Stampar
|
8141d17985
|
Revert of previous commit (more care has to be done regarding headers dynamicity)
|
2013-01-18 16:49:35 +01:00 |
|
Miroslav Stampar
|
33094a118c
|
Fix for an Issue where '--string' is being automatically picked not looking properly in headers too
|
2013-01-18 16:35:09 +01:00 |
|
Bernardo Damele
|
a43202f3c0
|
updated copyright
|
2013-01-18 14:07:51 +00:00 |
|
Bernardo Damele
|
542f6de72e
|
typo fix
|
2013-01-16 01:31:03 +00:00 |
|
Bernardo Damele
|
8125fe90a7
|
code refactoring
|
2013-01-14 10:22:38 +00:00 |
|
Miroslav Stampar
|
03dd958d96
|
Implementation for an Issue #48
|
2013-01-13 16:22:43 +01:00 |
|
Miroslav Stampar
|
934d41dac2
|
Minor style update (PEP8)
|
2013-01-10 15:02:28 +01:00 |
|
Miroslav Stampar
|
ca3d35a878
|
Some PEP8 related style cleaning
|
2013-01-10 13:18:44 +01:00 |
|
Miroslav Stampar
|
25f01a419f
|
Minor style update (for the sake of consistency over the code and our PEP8 adaptation)
|
2013-01-09 15:38:41 +01:00 |
|
Miroslav Stampar
|
87e923613f
|
Minor adjustment (URI (marked with custom injection char) has precedence over GET/POST)
|
2013-01-05 21:16:47 +01:00 |
|
Miroslav Stampar
|
5b77b20e2e
|
Removing trailing whitespaces (PEP8)
|
2013-01-03 23:57:07 +01:00 |
|
Miroslav Stampar
|
e4a3c015e5
|
Replacing old and deprecated raise Exception style (PEP8)
|
2013-01-03 23:20:55 +01:00 |
|
Bernardo Damele
|
3a11d36c66
|
minor bug fix
|
2013-01-02 21:49:15 +00:00 |
|
Miroslav Stampar
|
3d01890147
|
Patch for an Issue #56 (full target url is now being written to a output .CSV file in multi target mode)
|
2012-12-27 21:15:44 +01:00 |
|
Miroslav Stampar
|
0d5d84edc7
|
Minor cleanup
|
2012-12-20 21:03:41 +01:00 |
|
Bernardo Damele
|
3be90c97aa
|
forgot these
|
2012-12-19 14:12:45 +00:00 |
|
Bernardo Damele
|
ac44cf3ec0
|
minor fix: add also back-end DBMS and web app fingerprint output to log file
|
2012-12-17 13:02:09 +00:00 |
|
Bernardo Damele
|
2442a58884
|
minor leftover of deprecated XMLRPC service
|
2012-12-17 11:26:31 +00:00 |
|
Miroslav Stampar
|
df0f08bc6a
|
Cleaning some (web upload based) garbage
|
2012-12-13 13:19:47 +01:00 |
|
Miroslav Stampar
|
c3f20a136f
|
Minor update for an Issue #287
|
2012-12-12 14:03:03 +01:00 |
|
Miroslav Stampar
|
760519dbe9
|
Removing redundant piece of code
|
2012-12-11 15:21:27 +01:00 |
|
Miroslav Stampar
|
a54c261496
|
Minor update for Issues #292 & #293 (only single alert per target)
|
2012-12-11 14:44:43 +01:00 |
|
Miroslav Stampar
|
5c2451d83c
|
Implementation for an Issue #293
|
2012-12-11 12:48:58 +01:00 |
|
Miroslav Stampar
|
562044577b
|
Implementation for an Issue #292
|
2012-12-11 12:02:06 +01:00 |
|
Miroslav Stampar
|
5677db02b7
|
Minor update
|
2012-12-10 12:40:28 +01:00 |
|
Miroslav Stampar
|
42f4c2bac9
|
Minor fix when --dbms is enforced
|
2012-12-10 11:42:10 +01:00 |
|
Miroslav Stampar
|
974407396e
|
Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)
|
2012-12-06 14:14:19 +01:00 |
|
Miroslav Stampar
|
ab67344448
|
Removed unused imports and variables (pyflake-ing)
|
2012-12-06 11:15:05 +01:00 |
|
Miroslav Stampar
|
775e0df04b
|
Update for an Issue #278
|
2012-12-05 10:45:17 +01:00 |
|
Miroslav Stampar
|
949fcb77cf
|
Minor style update
|
2012-12-05 10:22:16 +01:00 |
|
Miroslav Stampar
|
a52dbc575b
|
Patch for an Issue #246
|
2012-11-13 10:21:11 +01:00 |
|
Miroslav Stampar
|
2de52927f3
|
Code refactoring (epecially Google search code)
|
2012-10-30 18:38:10 +01:00 |
|
Miroslav Stampar
|
ca427af8b3
|
Minor refactoring/improvement
|
2012-10-28 01:42:08 +02:00 |
|
Miroslav Stampar
|
bcdba7b7bb
|
Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details
|
2012-10-28 01:11:50 +02:00 |
|
Miroslav Stampar
|
c1b8226329
|
Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)
|
2012-10-28 00:36:09 +02:00 |
|
Miroslav Stampar
|
235cc656b9
|
Fix for an Issue #224
|
2012-10-25 15:25:31 +02:00 |
|
Miroslav Stampar
|
bcf708f4b1
|
Minor update
|
2012-10-25 13:37:33 +02:00 |
|
Miroslav Stampar
|
fdcdd11cb9
|
Minor update for an Issue #222
|
2012-10-25 13:35:44 +02:00 |
|
Miroslav Stampar
|
8a5844a364
|
Implementation for an Issue #222
|
2012-10-25 13:21:32 +02:00 |
|
Miroslav Stampar
|
d65d9e25cd
|
Implementation for an Issue #2
|
2012-10-19 11:02:14 +02:00 |
|
Miroslav Stampar
|
9ad58cb531
|
Implementation for an Issue #204
|
2012-10-16 10:24:05 +02:00 |
|
Miroslav Stampar
|
cc3f387551
|
Patch for an Issue #127
|
2012-10-05 10:49:31 +02:00 |
|
Miroslav Stampar
|
f71b937add
|
Minor language cleanup
|
2012-10-04 18:28:36 +02:00 |
|
Miroslav Stampar
|
2fbd05c98f
|
Minor language update
|
2012-10-04 18:04:55 +02:00 |
|
Miroslav Stampar
|
dee6d2f9ff
|
Minor language update
|
2012-10-04 11:34:14 +02:00 |
|
Miroslav Stampar
|
6eae7013b6
|
Minor cosmetics
|
2012-09-26 15:03:12 +02:00 |
|
Miroslav Stampar
|
687f3991de
|
Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.
|
2012-09-26 11:27:43 +02:00 |
|
Miroslav Stampar
|
9ca7b3e20e
|
Implementation for an Issue #194
|
2012-09-25 09:25:35 +02:00 |
|
Miroslav Stampar
|
c3d191e626
|
Minor update for an Issue #2
|
2012-09-06 14:13:54 +02:00 |
|
Miroslav Stampar
|
c1c65a7167
|
Fix for an Issue #166
|
2012-08-29 20:21:45 +02:00 |
|
Miroslav Stampar
|
e9ae44c6fc
|
Implementation for an #162
|
2012-08-22 16:50:01 +02:00 |
|
Miroslav Stampar
|
0ad3846451
|
Minor language update
|
2012-08-22 16:10:56 +02:00 |
|
Miroslav Stampar
|
a62a874d59
|
Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets)
|
2012-08-22 16:06:09 +02:00 |
|
Miroslav Stampar
|
4ab4fd1cb4
|
Minor update
|
2012-08-22 15:53:40 +02:00 |
|
Miroslav Stampar
|
52351e5d81
|
Update for an Issue #161 (now detecting format error messages too)
|
2012-08-22 15:51:47 +02:00 |
|
Miroslav Stampar
|
7b93108e7d
|
Favoring non-string specific boundaries in case of digit-like parameter values
|
2012-08-22 13:58:52 +02:00 |
|
Miroslav Stampar
|
25ee333e66
|
Minor language update
|
2012-08-22 12:00:17 +02:00 |
|
Miroslav Stampar
|
8a5042b6a4
|
Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)
|
2012-08-22 11:56:30 +02:00 |
|
Miroslav Stampar
|
7d0662da23
|
Update for an #161
|
2012-08-22 11:42:06 +02:00 |
|
Miroslav Stampar
|
61151447fe
|
Implementation of an Issue #161
|
2012-08-22 11:27:58 +02:00 |
|
Miroslav Stampar
|
6210ddfbd6
|
Minor refactoring
|
2012-08-22 11:00:39 +02:00 |
|
Miroslav Stampar
|
a927d94d39
|
Update for an Issue #155
|
2012-08-22 10:57:31 +02:00 |
|
Miroslav Stampar
|
6f450ac8bf
|
Implementation for an Issue #155
|
2012-08-20 12:14:01 +02:00 |
|
Miroslav Stampar
|
823dde73ab
|
Minor cleanup
|
2012-08-20 11:40:49 +02:00 |
|
Miroslav Stampar
|
2b6123c4f8
|
Minor style update
|
2012-08-20 11:29:23 +02:00 |
|
Miroslav Stampar
|
e0d9fa8666
|
Minor style update
|
2012-08-20 11:28:41 +02:00 |
|
Miroslav Stampar
|
76338add17
|
Fix for an Issue #152
|
2012-08-20 10:41:43 +02:00 |
|
Miroslav Stampar
|
f358ab2e73
|
Implementation of an Issue #147
|
2012-08-15 16:37:18 +02:00 |
|
Miroslav Stampar
|
6f529542e3
|
Making those --string tips (containing escaped characters) decodable by sqlmap
|
2012-07-31 11:32:53 +02:00 |
|
Miroslav Stampar
|
142fc887f1
|
Fix for an Issue #129
|
2012-07-31 11:03:44 +02:00 |
|
Miroslav Stampar
|
b3552494c4
|
Minor preparation for an Issue #48
|
2012-07-26 12:26:57 +02:00 |
|
Miroslav Stampar
|
30f8d09651
|
Implementation for an Issue #70
|
2012-07-26 12:06:02 +02:00 |
|
Miroslav Stampar
|
2b60e61d54
|
Minor update for #119
|
2012-07-25 10:57:19 +02:00 |
|
Miroslav Stampar
|
922ea9d1f4
|
Update for Issue #118
|
2012-07-24 15:43:29 +02:00 |
|
Miroslav Stampar
|
3279ce53a8
|
Minor style update
|
2012-07-23 13:57:38 +02:00 |
|
Bernardo Damele
|
318a01b867
|
minor typo fixes
|
2012-07-17 00:25:02 +01:00 |
|