358 Commits

Author	SHA1	Message	Date
Miroslav Stampar	228cc68747	fix for those ugly DEBUG messages in brute mode	2011-04-08 11:02:21 +00:00
Bernardo Damele	5b21352656	cosmeticados ;)	2011-04-08 10:39:07 +00:00
Miroslav Stampar	e33a48d40f	minor refactoring	2011-04-07 12:54:30 +00:00
Bernardo Damele	c6b9d89d31	Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly	2011-04-07 11:10:35 +00:00
Bernardo Damele	8b14a9eaa7	Minor code adjustments	2011-04-06 14:40:45 +00:00
Miroslav Stampar	b327bbcd9b	minor fix (it was quite ... to have this check at the later stage)	2011-04-06 08:39:24 +00:00
Miroslav Stampar	557ed7d665	minor fix for a invalid charset reported by Kirill	2011-03-31 14:39:01 +00:00
Bernardo Damele	fed57282fc	Added one more warning message to show what's going on with ctrl+c	2011-03-31 14:26:14 +00:00
Bernardo Damele	3948cd9e77	Minor layout adjustments	2011-03-31 14:13:53 +00:00
Miroslav Stampar	c5de903eab	minor improvement ("quick defense against substr fields")	2011-03-31 09:35:09 +00:00
Miroslav Stampar	ce51326bff	quick fix	2011-03-31 08:43:17 +00:00
Miroslav Stampar	0916117447	improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names	2011-03-30 18:32:10 +00:00
Miroslav Stampar	b6af80bab3	refactoring, cleanup and improvement	2011-03-29 21:54:15 +00:00
Miroslav Stampar	12f3024c8a	removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)	2011-03-29 20:45:21 +00:00
Miroslav Stampar	d0861a00e2	minor improvement	2011-03-29 15:37:57 +00:00
Miroslav Stampar	1823c116bb	minor update for special cases of union testing results	2011-03-28 21:45:38 +00:00
Miroslav Stampar	1119a85f39	it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)	2011-03-25 21:31:26 +00:00
Miroslav Stampar	6c6133e8aa	revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)	2011-03-25 20:46:37 +00:00
Miroslav Stampar	737b4abf13	this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)	2011-03-25 20:30:15 +00:00
Miroslav Stampar	422967fbcd	just an minor update related to the last commit	2011-03-25 12:21:53 +00:00
Miroslav Stampar	ea52d7acad	minor revisit of inference	2011-03-24 20:10:40 +00:00
Miroslav Stampar	0f7bce5c66	fixing a huge mess going on because of counting on error and union techniques	2011-03-23 11:36:40 +00:00
Miroslav Stampar	7613134515	it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)	2011-03-22 12:37:05 +00:00
Miroslav Stampar	9479a68eb5	minor fix regarding last commit	2011-03-22 12:21:56 +00:00
Miroslav Stampar	c24ed6e622	minor fix related to a bug reported by warninggp@gmail.com	2011-03-22 09:22:48 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	9b1f2d82d0	minor update (that .strip() was a leftover)	2011-03-20 23:20:47 +00:00
Miroslav Stampar	db992a0a86	mssql likes to htmlescape error reports	2011-03-20 23:16:34 +00:00
Bernardo Damele	03fac62592	Minor code restyle	2011-03-17 12:34:29 +00:00
Miroslav Stampar	beba69faa9	implementation of request from Santiago (look for error based responses in redirects)	2011-03-17 09:12:28 +00:00
Miroslav Stampar	847ce863e3	refactoring	2011-03-17 08:54:20 +00:00
Bernardo Damele	d8a76ebe34	Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs	2011-03-11 16:03:19 +00:00
Bernardo Damele	3cb0ca4b63	Minor bug fix for --privileges on PgSQL with error-based SQL inj technique	2011-03-11 15:24:25 +00:00
Bernardo Damele	60605b6e7c	Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)	2011-02-27 12:14:13 +00:00
Miroslav Stampar	aa88361ab1	incorporation of method for neutralization of reflective values	2011-02-25 09:22:44 +00:00
Miroslav Stampar	708ddf5608	added protection mechanism against reflected values	2011-02-24 16:52:46 +00:00
Miroslav Stampar	83d7803ce7	other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)	2011-02-12 20:03:28 +00:00
Bernardo Damele	864eade744	Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase	2011-02-10 11:14:05 +00:00
Bernardo Damele	aa0fb276ba	More fixes for --common-columns to work against MSSQL too	2011-02-09 17:22:07 +00:00
Miroslav Stampar	917b2b0d6b	one more commit related to the previous one	2011-02-09 17:07:02 +00:00
Miroslav Stampar	6c582343fe	.. fix	2011-02-09 17:05:06 +00:00
Miroslav Stampar	3de6117253	revert of the r3247 (output always has to be appended to the outputs - no matter of it's value)	2011-02-09 09:53:59 +00:00
Miroslav Stampar	98ca1702ae	los cosmeticado	2011-02-08 16:30:32 +00:00
Miroslav Stampar	87e36796c6	just to not cause confusion	2011-02-08 16:29:42 +00:00
Miroslav Stampar	dcb9c93328	minor cleanup	2011-02-08 16:27:58 +00:00
Miroslav Stampar	37f7001143	first commit with mysql/error/substringing	2011-02-08 16:23:33 +00:00
Bernardo Damele	0a81415f2f	Minor code cleanup	2011-02-08 00:02:54 +00:00
Miroslav Stampar	66adf23532	Unbiased approach for searching appropriate usable column	2011-02-07 21:00:59 +00:00
Miroslav Stampar	f958b21613	there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)	2011-02-07 16:55:02 +00:00
Miroslav Stampar	265e7ca272	fix for that MSSQL limit/top problem	2011-02-07 16:24:23 +00:00