Bernardo Damele
|
71cb982039
|
Another bug fix to --union-test
|
2010-11-15 21:42:56 +00:00 |
|
Miroslav Stampar
|
b3ad63b71e
|
major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page)
|
2010-11-15 14:59:37 +00:00 |
|
Miroslav Stampar
|
ff310475c8
|
some reporting update for --forms
|
2010-11-15 14:17:51 +00:00 |
|
Miroslav Stampar
|
20d6b9a5c1
|
minor fix
|
2010-11-15 12:24:32 +00:00 |
|
Miroslav Stampar
|
39c6c9f386
|
minor update
|
2010-11-15 12:19:22 +00:00 |
|
Miroslav Stampar
|
819085155e
|
minor update/fix
|
2010-11-15 12:07:13 +00:00 |
|
Miroslav Stampar
|
c25c017c08
|
cosmetics regarding --forms
|
2010-11-15 11:50:33 +00:00 |
|
Miroslav Stampar
|
36c544f440
|
update (--forms acts now more like -g switch)
|
2010-11-15 11:34:57 +00:00 |
|
Miroslav Stampar
|
42d09d604e
|
minor fix
|
2010-11-15 09:48:58 +00:00 |
|
Bernardo Damele
|
a9152c6723
|
Updated doc
|
2010-11-14 22:36:54 +00:00 |
|
Bernardo Damele
|
5f46a549ba
|
Cosmetics for --forms
|
2010-11-14 21:59:35 +00:00 |
|
Bernardo Damele
|
0bfc1b411a
|
Another bug fix for --union-test
|
2010-11-14 15:39:57 +00:00 |
|
Miroslav Stampar
|
a0fb96816f
|
fix for a bug reported by ToR (value += actVer)
|
2010-11-14 08:31:29 +00:00 |
|
Bernardo Damele
|
5e41cd07a3
|
Updated doc
|
2010-11-13 23:31:18 +00:00 |
|
Bernardo Damele
|
7da079fa32
|
More verbose comment for direct connection
|
2010-11-13 23:30:38 +00:00 |
|
Bernardo Damele
|
8d07272c82
|
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.
Now stores/resumes also the exact UNION payload to session file.
|
2010-11-13 23:24:41 +00:00 |
|
Bernardo Damele
|
df5dc10111
|
Major enhancement to --union-test check
|
2010-11-13 22:47:37 +00:00 |
|
Miroslav Stampar
|
84849316b3
|
improvement of heuristic check (now original value is included too)
|
2010-11-12 23:06:01 +00:00 |
|
Miroslav Stampar
|
06a872fc99
|
update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))
|
2010-11-12 22:57:33 +00:00 |
|
Miroslav Stampar
|
27735b14df
|
update (--string and --regex should be done regardless of wasLastRequestError)
|
2010-11-12 22:44:15 +00:00 |
|
Miroslav Stampar
|
0d66f101da
|
fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)
|
2010-11-12 22:29:33 +00:00 |
|
Bernardo Damele
|
a777d59870
|
Minor bug fix
|
2010-11-12 15:17:12 +00:00 |
|
Bernardo Damele
|
0a83a830d9
|
Properly handle both HTTPS and HTTP requests through proxy
|
2010-11-12 14:21:46 +00:00 |
|
Bernardo Damele
|
e1ef27f592
|
work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https
|
2010-11-12 12:25:02 +00:00 |
|
Bernardo Damele
|
9f53048ff4
|
Put a space always between the user's provided prefix and sqlmap payload
|
2010-11-12 11:48:26 +00:00 |
|
Miroslav Stampar
|
697b32554c
|
fix for a bug "ordinal not in range(128)" reported by bugtrace
|
2010-11-12 11:48:25 +00:00 |
|
Bernardo Damele
|
f83dd2251b
|
Properly save error-based enumerated data in session file, able to be resumed like with other techniques
|
2010-11-12 11:40:37 +00:00 |
|
Bernardo Damele
|
a34c1b287c
|
Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)
|
2010-11-12 11:33:11 +00:00 |
|
Bernardo Damele
|
8cec75656c
|
Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp)
|
2010-11-12 10:31:42 +00:00 |
|
Bernardo Damele
|
a14e4d9668
|
Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.
|
2010-11-12 10:16:39 +00:00 |
|
Bernardo Damele
|
64b5de44a0
|
Converted to new XML object format
|
2010-11-12 10:11:13 +00:00 |
|
Bernardo Damele
|
66c82d72e4
|
Typo fix
|
2010-11-12 10:02:02 +00:00 |
|
Bernardo Damele
|
306e96331d
|
Updated doc
|
2010-11-12 10:00:49 +00:00 |
|
Miroslav Stampar
|
42272ca78c
|
minor update
|
2010-11-11 22:26:36 +00:00 |
|
Miroslav Stampar
|
8aefd0bbf7
|
improvement of --common-tables and --common-columns
|
2010-11-11 20:37:25 +00:00 |
|
Miroslav Stampar
|
2d872f850a
|
quick fix
|
2010-11-11 19:54:54 +00:00 |
|
Miroslav Stampar
|
be992b4471
|
update regarding common columns existance check
|
2010-11-11 17:09:31 +00:00 |
|
Miroslav Stampar
|
3b996c3ed8
|
adding JSP stager
|
2010-11-11 16:42:01 +00:00 |
|
Miroslav Stampar
|
2d361cb359
|
some minor updates of stager.asp and backdoor.asp, and completely rewritten stager.aspx
|
2010-11-11 10:33:29 +00:00 |
|
Miroslav Stampar
|
24238ccd0b
|
re-renaming of brute force switches. this way is better.
|
2010-11-11 07:57:44 +00:00 |
|
Miroslav Stampar
|
ca06db8f28
|
now, this is the real deal
|
2010-11-11 00:20:47 +00:00 |
|
Miroslav Stampar
|
5034868b36
|
cleaning up of common tables and new common columns
|
2010-11-10 23:31:23 +00:00 |
|
Miroslav Stampar
|
96d88877ba
|
bug fix (reported by ToR)
|
2010-11-10 19:44:51 +00:00 |
|
Miroslav Stampar
|
f3fe19c4e5
|
backdoor for ASP revisited
|
2010-11-10 15:40:17 +00:00 |
|
Miroslav Stampar
|
09836dc568
|
backdoor for ASPX revisited
|
2010-11-10 15:35:22 +00:00 |
|
Miroslav Stampar
|
61b6ad64e3
|
JSP backdoor revisited, and in PHP removed trailing spaces from a blank line
|
2010-11-10 15:13:36 +00:00 |
|
Miroslav Stampar
|
19c1bfa368
|
just a precaution (now i really need to go for a sleep)
|
2010-11-09 23:38:29 +00:00 |
|
Miroslav Stampar
|
88c00e61d3
|
another update
|
2010-11-09 23:35:37 +00:00 |
|
Miroslav Stampar
|
47720a43dd
|
minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)
|
2010-11-09 23:21:21 +00:00 |
|
Miroslav Stampar
|
5ebd5d935c
|
another name change
|
2010-11-09 22:49:31 +00:00 |
|