sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	ca3d35a878	Some PEP8 related style cleaning	2013-01-10 13:18:44 +01:00
Miroslav Stampar	5b77b20e2e	Removing trailing whitespaces (PEP8)	2013-01-03 23:57:07 +01:00
Miroslav Stampar	e4a3c015e5	Replacing old and deprecated raise Exception style (PEP8)	2013-01-03 23:20:55 +01:00
Miroslav Stampar	127b880577	Minor update	2012-12-27 15:14:40 +01:00
Bernardo Damele	9149d77cc8	removed duplicate code - fixes issue #310	2012-12-19 12:17:56 +00:00
Bernardo Damele	dee56b17c3	handle "LIMIT num" as well as "LIMIT num, num" across all techniques - fixes issue #308	2012-12-19 10:50:15 +00:00
Miroslav Stampar	155c1eddae	Debug message with declared page charset	2012-12-19 11:16:42 +01:00
Miroslav Stampar	2b64c10710	Patch for an Issue #304	2012-12-18 09:36:26 +01:00
Miroslav Stampar	4ea0c9e922	Another implementation for an Issue #302	2012-12-17 15:08:54 +01:00
Miroslav Stampar	60baf5071e	Patch for an Issue #302	2012-12-17 00:40:01 +01:00
Miroslav Stampar	c41618416c	Removing trailing blanks	2012-12-14 12:00:45 +01:00
Miroslav Stampar	013dc8bc98	Another minor update for an Issue #267	2012-12-10 13:07:36 +01:00
Miroslav Stampar	8bd0080bf4	Minor update for an Issue #267	2012-12-10 13:05:41 +01:00
Miroslav Stampar	96df0ba061	Implemented support for plain , chars too (Issue #267 )	2012-12-10 12:58:17 +01:00
Miroslav Stampar	d0ea4c65c5	Minor styl eupdate for an Issue #267	2012-12-10 12:54:01 +01:00
Miroslav Stampar	5606a860ce	Oracle supports inline comments too (Issue #267 )	2012-12-10 12:00:15 +01:00
Miroslav Stampar	a024884ca7	Support for a HTTP parameter pollution (Issue #267 )	2012-12-10 11:55:31 +01:00
Miroslav Stampar	73968a448c	Minor update	2012-12-07 15:29:54 +01:00
Miroslav Stampar	e129a30e6b	Removing redundant code in redirect handler (related to an Issue #288 )	2012-12-07 12:40:19 +01:00
Miroslav Stampar	fccad15cfa	Minor update for an Issue #288	2012-12-07 12:14:33 +01:00
Miroslav Stampar	75e6d77fbc	Minor refactoring	2012-12-07 11:54:34 +01:00
Miroslav Stampar	fbaeecdaf9	Patch for an Issue #288	2012-12-07 11:52:21 +01:00
Miroslav Stampar	c0fc12beb2	Minor update for an Issue #288	2012-12-07 11:23:18 +01:00
Miroslav Stampar	974407396e	Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)	2012-12-06 14:14:19 +01:00
Miroslav Stampar	ab67344448	Removed unused imports and variables (pyflake-ing)	2012-12-06 11:15:05 +01:00
Miroslav Stampar	b6650add46	Introducing 'new style classes' (idea from Pull request #284 )	2012-12-06 10:42:53 +01:00
Miroslav Stampar	0f191f624c	Taking some goodies from Pull request #284	2012-12-06 10:21:53 +01:00
Miroslav Stampar	775e0df04b	Update for an Issue #278	2012-12-05 10:45:17 +01:00
Miroslav Stampar	79fca8e9d5	Fix for an Issue #268	2012-12-03 12:13:59 +01:00
Miroslav Stampar	605d73cc3d	Minor refactoring	2012-11-29 12:21:12 +01:00
Miroslav Stampar	c40dded28c	Fix for an Issue #250	2012-11-20 12:10:29 +01:00
Miroslav Stampar	5b3fe25211	Improving comparison engine (removing shared prelude part to further sharpen if pages are identical - especially noticable in small test pages)	2012-11-13 15:22:59 +01:00
Miroslav Stampar	a52dbc575b	Patch for an Issue #246	2012-11-13 10:21:11 +01:00
Miroslav Stampar	f305dde413	Patch for an Issue #235	2012-11-10 11:01:29 +01:00
Miroslav Stampar	359e734954	Minor refactoring	2012-10-29 10:48:49 +01:00
Miroslav Stampar	25a5073281	Bug fix for --hex/--technique=B (especially MsSQL)	2012-10-28 12:22:33 +01:00
Miroslav Stampar	c1b8226329	Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)	2012-10-28 00:36:09 +02:00
Miroslav Stampar	a435ba6863	Minor fix	2012-10-28 00:19:00 +02:00
Miroslav Stampar	0aeb9dbe8b	Bug fix (in --dump mode if error/inband failed with None other techniques were ignored)	2012-10-27 23:42:52 +02:00
Miroslav Stampar	12fc9442b9	Tamper function(s) refactoring (really no need for returning headers as they are passed by reference)	2012-10-25 10:10:23 +02:00
Miroslav Stampar	b82eb3a1ae	Fix for an Issue #210	2012-10-23 13:58:25 +02:00
Miroslav Stampar	3f596cda85	Minor fix for --dump --technique=B when empty strings are returned	2012-10-22 11:49:23 +02:00
Miroslav Stampar	21481df239	Minor update for Issue #209	2012-10-21 19:00:37 +02:00
Miroslav Stampar	fb1497aa89	Minor update for Issue #209	2012-10-21 18:53:31 +02:00
Miroslav Stampar	261b286021	Fix for an Issue #209	2012-10-20 13:17:45 +02:00
Miroslav Stampar	6a271fe800	Update for an Issue #2	2012-10-19 11:29:03 +02:00
Miroslav Stampar	998eb70288	Minor update	2012-10-19 11:05:10 +02:00
Miroslav Stampar	987f167e12	Minor update	2012-10-19 11:03:54 +02:00
Miroslav Stampar	d65d9e25cd	Implementation for an Issue #2	2012-10-19 11:02:14 +02:00
Miroslav Stampar	688a2db27a	Fix for an Issue #208	2012-10-19 10:04:09 +02:00
Miroslav Stampar	b5060c0010	Fix for an Issue #205	2012-10-16 14:28:46 +02:00
Miroslav Stampar	2cb1b054bb	Implementation for an Issue #79	2012-10-16 12:32:58 +02:00
Miroslav Stampar	42b2c85517	Minor cosmetics	2012-10-15 18:45:13 +02:00
Miroslav Stampar	c7cf8b2e80	Minor refactoring of direct()	2012-10-15 18:41:41 +02:00
Miroslav Stampar	e440b096c5	Fix for an Issue #202	2012-10-15 12:24:30 +02:00
Miroslav Stampar	e61c4c22c9	Implementation for an Issue #200	2012-10-09 15:19:47 +02:00
Miroslav Stampar	5a91b6e622	Minor cleanup	2012-10-09 10:21:52 +02:00
Miroslav Stampar	8e7449ccd5	Minor update	2012-10-07 20:28:24 +02:00
Miroslav Stampar	ff205f088b	Minor update	2012-10-07 20:12:55 +02:00
Miroslav Stampar	098e446ca4	Adding support for generic XML POST data	2012-10-04 18:44:12 +02:00
Miroslav Stampar	f71b937add	Minor language cleanup	2012-10-04 18:28:36 +02:00
Miroslav Stampar	8865fe69d7	Minor cleanup	2012-10-04 18:26:07 +02:00
Miroslav Stampar	d464678e10	Minor update for an Issue #49	2012-10-04 18:01:42 +02:00
Miroslav Stampar	84b05e2d18	Better treating of numeric values (Issue #49 )	2012-10-04 16:08:37 +02:00
Miroslav Stampar	461e5ebc5f	Work for Issue #197 and Issue #49	2012-10-04 11:25:44 +02:00
Miroslav Stampar	bcbf0571a5	Implementation for an Issue #49	2012-10-02 14:23:58 +02:00
Miroslav Stampar	763dc98311	Minor refactoring	2012-10-02 13:36:15 +02:00
Miroslav Stampar	a8aecaa036	Minor style update	2012-10-02 13:33:10 +02:00
Miroslav Stampar	687f3991de	Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.	2012-09-26 11:27:43 +02:00
Miroslav Stampar	ec43ceec40	Some more cleanup related to the last commit (unneeded manual crafting/unneeded closing with ;)	2012-09-25 14:29:22 +02:00
Miroslav Stampar	c9e7e71ea2	Implementation for an Issue #195	2012-09-25 10:17:25 +02:00
Miroslav Stampar	d175decdfc	Fix for an Issue #190	2012-09-22 20:59:40 +02:00
Miroslav Stampar	e570858db9	Implementation for an Issue #183	2012-09-12 11:50:38 +02:00
Miroslav Stampar	511c3b8dcc	Update and fix for an Issue #182	2012-09-11 14:58:52 +02:00
Miroslav Stampar	10b671d625	Update for an Issue #182	2012-09-11 12:08:34 +02:00
Miroslav Stampar	5d23d72ff5	Fix for an Issue #176	2012-09-08 17:58:03 +02:00
Miroslav Stampar	dbce417cdd	Potential fix for an Issue #171	2012-09-02 22:48:41 +02:00
Miroslav Stampar	b916db34a4	Another update for an Issue #79	2012-08-31 12:38:02 +02:00
Miroslav Stampar	47d162f391	Minor update (same but cleaner)	2012-08-31 12:27:40 +02:00
Miroslav Stampar	7286d89cb6	Few fixes for an Issue #79 (problem with case sensitivity of request get_header)	2012-08-31 12:15:09 +02:00
Miroslav Stampar	cdd3ed6abc	Minor bug fix	2012-08-30 14:22:18 +02:00
Miroslav Stampar	32a36f1ff3	El Cosmeticado	2012-08-22 09:58:39 +02:00
Miroslav Stampar	d421f9a618	Fix for an Issue #157	2012-08-21 14:34:19 +02:00
Miroslav Stampar	01f481c332	Minor refactoring of dictionaries	2012-08-21 11:19:15 +02:00
Miroslav Stampar	b9c63eb908	Fix for an Issue #156	2012-08-21 10:46:29 +02:00
Miroslav Stampar	7a8ace78f9	Removing redundant newline char as logger already adds it's own	2012-08-21 09:58:40 +02:00
Miroslav Stampar	233b9a3815	Fix for Issue #150 and Issue #151 (urllib2 is automatically adding those)	2012-08-20 22:17:39 +02:00
Miroslav Stampar	823dde73ab	Minor cleanup	2012-08-20 11:40:49 +02:00
Miroslav Stampar	76338add17	Fix for an Issue #152	2012-08-20 10:41:43 +02:00
Miroslav Stampar	fec8a5cc9d	Fix for an Issue #139	2012-08-07 00:50:58 +02:00
Miroslav Stampar	142fc887f1	Fix for an Issue #129	2012-07-31 11:03:44 +02:00
Miroslav Stampar	47073f4afd	Implementation of an Issue #131	2012-07-30 21:50:46 +02:00
Miroslav Stampar	a86f9798b2	Minor refactoring together with a wider support for html entities	2012-07-30 11:21:32 +02:00
Miroslav Stampar	07738004cc	Fix for an Issue #123	2012-07-27 10:02:47 +02:00
Miroslav Stampar	a5062c1e4f	Adding a warn message when --dns-domain is ignored (because of faster techniques)	2012-07-27 09:48:48 +02:00
Bernardo Damele	92c2b3bd4c	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-26 23:11:11 +01:00
Bernardo Damele	d492291744	working on issue #12	2012-07-26 23:11:07 +01:00
Miroslav Stampar	efa99c4519	Implementation for an Issue #4	2012-07-26 14:07:05 +02:00
Miroslav Stampar	b3552494c4	Minor preparation for an Issue #48	2012-07-26 12:26:57 +02:00
Miroslav Stampar	30f8d09651	Implementation for an Issue #70	2012-07-26 12:06:02 +02:00
Miroslav Stampar	f8c9868cb6	Implementation for an Issue #118	2012-07-24 15:34:50 +02:00
Miroslav Stampar	1153b4563c	Minor update for an Issue #111	2012-07-23 18:44:50 +02:00
Miroslav Stampar	fccd69721e	Update for an Issue #111	2012-07-23 18:38:46 +02:00
Miroslav Stampar	ab9cb80602	Implementing Issue #111	2012-07-23 15:14:52 +02:00
Miroslav Stampar	63bf99ce77	Minor just in case update for an Issue #117	2012-07-23 14:46:43 +02:00
Miroslav Stampar	c6b724489b	Minor style update	2012-07-23 14:26:42 +02:00
Miroslav Stampar	a7d1a0c250	Implementation for an Issue #117	2012-07-23 14:14:22 +02:00
Miroslav Stampar	534eccc9aa	Fix for an Issue #115	2012-07-23 10:16:47 +02:00
Miroslav Stampar	f336afa913	Implementation for Issue #108	2012-07-20 09:48:09 +02:00
Miroslav Stampar	81d15e5051	Fix for an Issue #101	2012-07-17 00:19:33 +02:00
Miroslav Stampar	0e21cb54de	Minor fix related to Issue #94	2012-07-16 16:06:39 +02:00
Miroslav Stampar	87ecf205cb	More work for Issue #66	2012-07-14 17:01:04 +02:00
Miroslav Stampar	805120ac52	Minor refactoring	2012-07-14 11:01:30 +02:00
Miroslav Stampar	ddb9caeef1	Revert of the previous commit	2012-07-13 15:05:19 +02:00
Miroslav Stampar	d165d5d5fe	To not be confused with heuristic method in SQLi	2012-07-13 15:03:43 +02:00
Miroslav Stampar	3c81f74823	Minor style update	2012-07-13 12:22:37 +02:00
Miroslav Stampar	d834e8debf	Minor update	2012-07-13 10:28:03 +02:00
Bernardo Damele	162da75a04	modified homepage address	2012-07-12 18:38:03 +01:00
Bernardo Damele	ea9c66108e	cleanup for issue #68	2012-07-12 15:38:43 +01:00
Miroslav Stampar	65639cdda6	First update for Issue #75 (error-based dumping)	2012-07-12 14:31:28 +02:00
Bernardo Damele	33cbbed4a8	I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided	2012-07-12 01:39:15 +01:00
Bernardo Damele	3a94953ae2	leftover from previous commit	2012-07-12 01:15:34 +01:00
Bernardo Damele	31571e6e2d	minor refactoring	2012-07-11 11:55:05 +01:00
Miroslav Stampar	9c4a62f725	Some work on Issue #68	2012-07-11 11:58:47 +02:00
Miroslav Stampar	2669528b24	Language typo	2012-07-07 11:16:33 +02:00
Miroslav Stampar	e948e4d45b	Some more refactoring	2012-07-06 17:18:22 +02:00
Bernardo Damele	6697927098	initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap	2012-07-02 02:04:19 +01:00
Bernardo Damele	7b4ecd9df0	added skeleton code for issue #34 , still not usable	2012-07-02 00:22:34 +01:00
jekil	c39e5a85ba	Removed $id$ tags	2012-06-27 20:56:43 +02:00
Miroslav Stampar	01be9381d5	minor update	2012-06-25 16:24:33 +00:00
Miroslav Stampar	ec44e88db8	lots of refactoring regarding removal of already obsolete session file mechanism	2012-06-21 10:09:10 +00:00
Miroslav Stampar	06be7bbb18	few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)	2012-06-15 20:41:53 +00:00
Miroslav Stampar	3a90105fbb	minor refactoring	2012-06-14 13:38:53 +00:00
Miroslav Stampar	4ac3794e80	minor update	2012-06-12 14:22:14 +00:00
Miroslav Stampar	738073105e	minor updates	2012-06-04 19:52:51 +00:00
Miroslav Stampar	7b282b1d6c	adding support for newer SSL protocols	2012-06-04 19:46:28 +00:00
Miroslav Stampar	76a4aa19ac	some more fine tunning	2012-05-28 19:50:12 +00:00
Miroslav Stampar	efb406fbfc	minor revert	2012-05-28 19:13:50 +00:00
Miroslav Stampar	f7cba8d2cb	minor update	2012-05-28 18:05:15 +00:00
Miroslav Stampar	a72cb29c1f	taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server	2012-05-28 16:57:10 +00:00
Miroslav Stampar	89e90c3d84	revert of last commit	2012-05-28 15:01:56 +00:00
Miroslav Stampar	96c84e6e5b	minor update	2012-05-28 15:00:06 +00:00
Miroslav Stampar	a70a647aeb	few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)	2012-05-28 14:51:23 +00:00
Miroslav Stampar	b1d82422a0	changing conf.dnsDomain to conf.dName just because of long text problems in help listing	2012-05-28 14:15:04 +00:00
Miroslav Stampar	226547b7dc	minor fix for --skip-urlencode and custom post	2012-05-28 09:04:25 +00:00
Miroslav Stampar	e967bbd70f	minor patch	2012-05-27 21:44:42 +00:00
Miroslav Stampar	fed0212631	now working with recursive queries too	2012-05-27 10:03:02 +00:00
Miroslav Stampar	09f2144485	full page read is not needed in DNS exfiltration mode	2012-05-26 21:28:43 +00:00
Miroslav Stampar	c394610740	adding switch --skip-urlencode to skip URL encoding of POST data	2012-05-24 23:30:33 +00:00
Miroslav Stampar	2538e2d5b4	fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring	2012-05-22 09:33:22 +00:00
Miroslav Stampar	333f8057a5	minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces	2012-05-14 14:06:43 +00:00
Miroslav Stampar	12d32f58f2	fix for that SOAP reported bug	2012-05-10 13:39:54 +00:00
Miroslav Stampar	fdf61015ad	minor patch	2012-05-09 08:41:05 +00:00
Miroslav Stampar	6af110d631	avoiding --no-cast/--hex warning message before a DBMS is fingerprinted	2012-05-08 14:06:41 +00:00
Miroslav Stampar	775134639d	minor update	2012-04-20 20:33:15 +00:00
Miroslav Stampar	6ebb621228	adding support for (custom) POST injection (marking injection point with '*' in conf.data)	2012-04-17 14:23:00 +00:00
Miroslav Stampar	052d9455fe	warning user in cases of "User xyz already has more than 'max_user_connections' active connections"	2012-04-12 09:44:54 +00:00
Miroslav Stampar	119eec3598	improving "boolean detection" by automatic recognition of convenient --string candidate	2012-04-10 21:48:34 +00:00
Miroslav Stampar	8c6eb4faa9	adding support for PgSQL DNS data exfiltration	2012-04-07 14:06:11 +00:00
Miroslav Stampar	b2afa87e48	reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)	2012-04-06 08:42:36 +00:00
Miroslav Stampar	2223c884e5	minor refactoring	2012-04-05 12:55:26 +00:00
Miroslav Stampar	e0994947e2	minor update	2012-04-04 23:37:50 +00:00
Miroslav Stampar	b1dd03731a	minor cosmetics	2012-04-04 23:34:08 +00:00
Miroslav Stampar	c89a4162e2	bug fix for --dns-domain with --technique=TS	2012-04-04 18:01:39 +00:00
Miroslav Stampar	098c7c06dd	added few comments	2012-04-04 13:24:58 +00:00
Miroslav Stampar	a4b95ab7dd	works against MySQL/Windows	2012-04-04 12:49:45 +00:00
Bernardo Damele	c0946ce2c9	Minor refactoring	2012-04-04 12:42:58 +00:00
Bernardo Damele	75d1dab895	more cosmetics	2012-04-04 12:33:16 +00:00
Bernardo Damele	d106fb5184	layout adjustments	2012-04-04 12:27:24 +00:00
Miroslav Stampar	503988887c	minor update	2012-04-03 10:43:46 +00:00
Miroslav Stampar	2504f4edb8	minor fixes	2012-04-03 10:10:33 +00:00
Miroslav Stampar	e05109812f	minor improvements regarding data retrieval through DNS channel	2012-04-03 09:18:30 +00:00
Miroslav Stampar	1cd3c3f7af	further update of DNS data retrieval mechanism through SQLi	2012-04-02 14:05:30 +00:00
Miroslav Stampar	abffc39929	minor update regarding DNS data retrieval task	2012-04-02 12:22:40 +00:00
Miroslav Stampar	429b8396e9	minor update for DNSServer support	2012-03-30 13:20:29 +00:00
Miroslav Stampar	6acf6b193a	minor update regarding boolean logic comparison mechanism	2012-03-30 09:42:58 +00:00
Miroslav Stampar	5469186540	minor comment update	2012-03-29 14:35:47 +00:00
Miroslav Stampar	637a8d8273	improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism	2012-03-29 14:33:27 +00:00
Miroslav Stampar	ce4c697bbd	disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code	2012-03-29 13:39:12 +00:00
Miroslav Stampar	60146481af	bug fix(es) (flags were used in place of count parameter in re.sub() calls)	2012-03-28 19:33:00 +00:00
Miroslav Stampar	7d131d1fb1	minor update	2012-03-28 13:46:31 +00:00
Miroslav Stampar	769b0d0ae7	more minor updates regarding data retrieval through DNS channel	2012-03-27 19:29:24 +00:00
Miroslav Stampar	1b072f6415	laying foundation for DNS based data retrieval	2012-03-27 18:59:12 +00:00
Miroslav Stampar	e88687b1f0	revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection)	2012-03-21 23:15:59 +00:00
Miroslav Stampar	524c1d38ad	making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message)	2012-03-21 23:03:57 +00:00
Miroslav Stampar	037db9b3b8	minor removal of older stuff	2012-03-19 09:38:27 +00:00
Miroslav Stampar	da7f4eeffd	removing left over	2012-03-18 17:33:14 +00:00
Miroslav Stampar	0fc4288a7c	modifying redirection code for only two choices	2012-03-18 17:27:08 +00:00
Bernardo Damele	c03d0e24fb	it must stay as is	2012-03-16 17:42:00 +00:00
Bernardo Damele	3505503a08	no need to return here	2012-03-16 17:30:16 +00:00
Bernardo Damele	942d9e4fa8	code cleanup	2012-03-16 17:27:24 +00:00
Bernardo Damele	a1c943fc79	Major bug fix to comparison algorithm with OR based boolean-based injections	2012-03-16 17:22:55 +00:00
Miroslav Stampar	577caac4de	putting kb.negativeLogic setting to the safe place	2012-03-16 09:17:11 +00:00
Miroslav Stampar	209e795369	minor just in case update	2012-03-16 09:02:17 +00:00
Miroslav Stampar	adb5fff6b2	one more update related to the redirection mechanism	2012-03-15 20:17:40 +00:00
Miroslav Stampar	7d313ac911	few more fixes for proper redirecting mechanism	2012-03-15 19:47:59 +00:00
Bernardo Damele	86c4650058	Minor bug fix - revert	2012-03-15 17:12:24 +00:00
Bernardo Damele	cc15373769	More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later)	2012-03-15 16:29:28 +00:00
Bernardo Damele	4520744b4d	second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now	2012-03-15 16:25:26 +00:00
Miroslav Stampar	ddd92476a8	minor fix	2012-03-15 15:58:25 +00:00
Miroslav Stampar	19beb912fa	first step toward negative logic support	2012-03-15 15:52:12 +00:00
Miroslav Stampar	8dd570057b	minor fix (double traffic log for -t in case of HTTP error)	2012-03-15 14:51:16 +00:00
Miroslav Stampar	f7df755f37	minor update	2012-03-15 12:55:22 +00:00
Miroslav Stampar	3d39c6cb3b	some fixes here and there	2012-03-15 12:14:50 +00:00
Miroslav Stampar	91f1d6141f	minor fix	2012-03-15 11:24:55 +00:00
Miroslav Stampar	a8c9a47092	redirect logic rewritten from scratch	2012-03-15 11:10:58 +00:00
Miroslav Stampar	52a8b25ff4	minor fix	2012-03-14 14:31:41 +00:00
Miroslav Stampar	a7fbc55748	grammar fix	2012-03-13 22:03:23 +00:00
Miroslav Stampar	edfcddd3c3	minor fix for logging only cookies used by request (e.g. --load-cookies case)	2012-03-13 10:58:15 +00:00
Miroslav Stampar	34b0935cb3	refactoring "echo 1" quick test for xp_cmdshell console output	2012-03-13 10:36:49 +00:00
Miroslav Stampar	e6c610abab	minor fix	2012-03-13 09:14:56 +00:00
Miroslav Stampar	48bcde478e	more general update	2012-03-12 15:29:55 +00:00
Miroslav Stampar	1d0c8a7f44	minor update	2012-03-12 15:19:02 +00:00
Miroslav Stampar	5a83f1c5f7	minor update	2012-03-08 15:43:22 +00:00
Miroslav Stampar	cd28eb6544	minor update regarding --load-cookies	2012-03-08 10:19:34 +00:00
Miroslav Stampar	1ec56f93ec	minor update	2012-03-01 10:10:19 +00:00
Miroslav Stampar	a424de3102	minor fix	2012-02-27 12:55:28 +00:00
Miroslav Stampar	1e82405bb9	HashDB is now supported in -d too	2012-02-27 12:14:01 +00:00
Miroslav Stampar	f94b91ad87	added helper function for HashDB data storing/retrieval	2012-02-24 13:07:20 +00:00
Miroslav Stampar	0478e4166a	minor justin case fix	2012-02-23 15:19:20 +00:00
Miroslav Stampar	b3bd4144f5	removing of unused imports together with some general code refactoring	2012-02-22 10:40:11 +00:00
Bernardo Damele	121148f27f	There was no point relying on a support table (sqlmapoutput) to get the stdout of executed OS commands when using direct connection (-d) and it saves also number of requests. Also, BULK INSERT apparently does not work on MSSQL when running as Network Service (at least on Windows XP) so one more reason to avoid using support table. Minor fix also to threat MSSQL's EXEC statements as SELECT ones	2012-02-17 15:54:49 +00:00
Miroslav Stampar	aee269cc14	gazillion changes, nothing will work, muhahaha	2012-02-17 14:22:48 +00:00
Miroslav Stampar	dcf7277a0f	some more refactorings	2012-02-16 14:42:28 +00:00
Miroslav Stampar	e1f86c97c4	minor refactoring	2012-02-16 09:46:41 +00:00
Bernardo Damele	1c44d6d3c7	Fixed annoying bug that prevented proper checkBooleanExpression() function to work with direct connection (-d). Now DBMS fingerprint should work properly with -d	2012-02-14 17:29:00 +00:00
Miroslav Stampar	85a4ef6593	minor update	2012-02-08 12:00:03 +00:00
Miroslav Stampar	e50d64546f	minor fix	2012-02-07 14:57:48 +00:00
Miroslav Stampar	2b05ded9c3	just a makeup	2012-02-07 12:05:23 +00:00
Miroslav Stampar	f7bf1fbe94	upgrade/fixes for direct DBMS access	2012-02-07 10:46:55 +00:00
Miroslav Stampar	af71e3c563	minor update	2012-02-06 09:48:44 +00:00
Miroslav Stampar	a7970d094a	minor update	2012-02-01 15:10:06 +00:00
Miroslav Stampar	8405ef59ac	some estetic updates	2012-02-01 14:49:42 +00:00
Miroslav Stampar	594579bef4	fix for a bug regarding --cookie and --crawl	2012-01-30 09:17:22 +00:00
Miroslav Stampar	2094c715db	minor update	2012-01-23 09:44:17 +00:00
Miroslav Stampar	527ce070a3	minor fix	2012-01-16 10:04:18 +00:00
Miroslav Stampar	e5fe029a78	minor beautification	2012-01-13 21:03:50 +00:00
Miroslav Stampar	6634c4ac20	minor update	2012-01-13 21:01:58 +00:00
Bernardo Damele	e59ace5409	minor bug fix	2012-01-13 16:57:45 +00:00
Miroslav Stampar	dd295bbd4a	minor update regarding -d and time based injections	2012-01-13 12:45:02 +00:00
Miroslav Stampar	95f89ab63a	updating copyright date	2012-01-11 14:59:46 +00:00
Miroslav Stampar	1d0b43b1a2	implemented mechanism for merging cookies by request	2012-01-11 14:28:08 +00:00
Miroslav Stampar	18930539cd	more concise language	2012-01-07 17:45:45 +00:00
Miroslav Stampar	40398f358c	minor update	2012-01-05 14:55:23 +00:00
Miroslav Stampar	1f085a0241	now [SLEEPTIME] is changeable properly in vivo	2012-01-05 14:45:05 +00:00
Miroslav Stampar	ea87c89c25	minor fix	2012-01-03 23:44:56 +00:00
Miroslav Stampar	63bc4ce116	minor patch	2011-12-30 14:11:02 +00:00
Miroslav Stampar	c20546dcaa	minor refactoring	2011-12-26 12:24:39 +00:00
Miroslav Stampar	9f68e54fff	minor cleanup	2011-12-22 10:59:28 +00:00
Miroslav Stampar	4a1a0773b7	speedup of UNION dumping	2011-12-22 10:44:14 +00:00
Miroslav Stampar	1ae413a206	some refactoring/speedup around UNION technique	2011-12-22 10:32:21 +00:00
Miroslav Stampar	526aacb640	code cleanup	2011-12-21 22:59:23 +00:00
Miroslav Stampar	95cd9e2af3	adding support for scanning Host header values (-p host)	2011-12-20 12:52:41 +00:00
Miroslav Stampar	1b16b5e0f1	minor fix	2011-12-20 09:10:44 +00:00
Miroslav Stampar	c57941c102	minor beautification	2011-12-15 23:33:44 +00:00
Miroslav Stampar	563c0c1066	adding switch --tor-type	2011-12-15 23:19:55 +00:00
Miroslav Stampar	c98f5f6f94	minor fix	2011-12-15 09:28:58 +00:00
Miroslav Stampar	e6820ebbd2	minor update	2011-12-14 10:26:03 +00:00
Miroslav Stampar	364113441b	adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)	2011-12-14 10:19:45 +00:00
Miroslav Stampar	73a500833d	minor bug fix	2011-12-12 14:38:06 +00:00
Miroslav Stampar	0f5d48ff20	minor update	2011-12-05 09:25:56 +00:00
Miroslav Stampar	9bc735963b	update of redirection mechanism (now 3-state - redirected, original and "ignored" (containing redirection message itself))	2011-12-04 22:42:19 +00:00
Miroslav Stampar	b03a5e8928	people don't know what's "standard deviation" and they are wrongly connecting it's value in seconds to the --time-sec value	2011-12-01 13:30:47 +00:00
Miroslav Stampar	872a73f631	minor refactoring	2011-11-29 19:17:07 +00:00
Miroslav Stampar	3cd8f47686	minor bug fix	2011-11-29 17:17:06 +00:00
Miroslav Stampar	d958c2fe48	minor fix	2011-11-28 11:21:39 +00:00
Miroslav Stampar	ba4234dc42	switching from HTTP proxy to SOCKS proxy for --tor (sick and tired of Polipo/Privoxy bull; either Tor flag is overwritten every here and there or they are putting all kinds of filter warnings)	2011-11-23 21:17:08 +00:00
Miroslav Stampar	2e10de8921	minor update	2011-11-22 12:18:24 +00:00
Miroslav Stampar	2ed3efba12	speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)	2011-11-22 08:39:13 +00:00
Miroslav Stampar	4fa24ec704	minor improvement	2011-11-21 17:39:18 +00:00
Miroslav Stampar	65b2b0ad87	adding switch --eval	2011-11-21 16:41:02 +00:00
Miroslav Stampar	df0b451389	minor update	2011-11-20 23:17:57 +00:00
Miroslav Stampar	440b7efe55	minor optimization	2011-11-20 20:14:47 +00:00
Miroslav Stampar	b888829d12	minor update	2011-11-14 11:39:18 +00:00
Miroslav Stampar	ccbd93cc2e	fix for redirect/HOST header bug	2011-11-11 11:28:27 +00:00
Miroslav Stampar	1061c06617	improvement of redirecting code	2011-11-11 11:07:49 +00:00
Miroslav Stampar	e183437f0b	minor typo	2011-11-10 10:30:53 +00:00
Miroslav Stampar	62f8f8d36c	bug fix (thanks to zhen zhou)	2011-11-10 10:22:35 +00:00
Miroslav Stampar	c1486ed4be	adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request	2011-10-25 09:53:44 +00:00
Miroslav Stampar	6d64f87190	minor update	2011-10-24 00:46:54 +00:00
Miroslav Stampar	1f7d87c6a4	bug fix for --code (previously redirecting codes where not considered)	2011-10-23 20:48:37 +00:00
Miroslav Stampar	77e630d89e	replaced longer CHAR form of escaped MySQL strings with more compact hex form	2011-10-23 20:19:42 +00:00
Miroslav Stampar	3f0517d3f3	support for non-latin (e.g. cyrillic) URLs	2011-10-23 17:02:48 +00:00
Miroslav Stampar	0db0571f35	minor patch	2011-10-21 09:06:00 +00:00
Miroslav Stampar	dd0ed5f5da	adding redirect response to the traffic file	2011-09-28 08:13:46 +00:00
Miroslav Stampar	34738129c9	minor update	2011-09-25 21:27:58 +00:00
Miroslav Stampar	e0f521cf9d	minor update regarding --randomize	2011-08-29 13:08:25 +00:00
Miroslav Stampar	ac00014c4a	implemented --randomize switch by request	2011-08-29 12:50:52 +00:00
Miroslav Stampar	75ec146224	minor beautification	2011-08-17 21:17:02 +00:00
Miroslav Stampar	600ef3eace	minor patch	2011-08-16 06:22:04 +00:00
Bernardo Damele	702ed73a65	Added --code switch to match in boolean-based tests against the HTTP response code	2011-08-12 16:48:11 +00:00
Bernardo Damele	fff4c34e33	Search for --string and --regexp matches also in HTTP response headers	2011-08-12 15:33:37 +00:00
Bernardo Damele	5e5133b8e7	Should be fixed now	2011-08-12 15:00:11 +00:00
Bernardo Damele	1505cb2a80	typo	2011-08-12 14:51:39 +00:00
Bernardo Damele	702ca22d54	Minor bug fix for URI injections	2011-08-12 14:48:44 +00:00
Bernardo Damele	28bba9f5e6	More verbose warning message	2011-08-12 13:47:38 +00:00
Miroslav Stampar	10bdd90e60	minor speed optimizations (as a result of profiling)	2011-08-12 13:40:37 +00:00
Miroslav Stampar	0643ced651	minor update	2011-08-02 08:12:43 +00:00
Miroslav Stampar	6bbb8139a0	update (smaller memory footprint in postprocessing phase because of safecharencode part)	2011-07-25 20:40:31 +00:00
Miroslav Stampar	2033a28ae7	minor update regarding last commit (cleaner code)	2011-07-24 20:44:17 +00:00
Miroslav Stampar	ec1bc0219c	hello big tables, this is sqlmap, sqlmap this is big tables	2011-07-24 09:19:33 +00:00
Miroslav Stampar	a46b5230f5	minor "patch"	2011-07-11 20:33:16 +00:00
Miroslav Stampar	98958f8808	minor minor update	2011-07-10 15:41:45 +00:00
Miroslav Stampar	02bfd05b20	more general approach	2011-07-08 10:03:14 +00:00
Miroslav Stampar	ba2c06c9dc	quick fix	2011-07-08 09:01:32 +00:00
Bernardo Damele	aedcf8c8d7	Changed homepage address	2011-07-07 20:10:03 +00:00
Miroslav Stampar	93b296e02c	few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")	2011-07-06 05:44:47 +00:00
Miroslav Stampar	75524c283d	minor update	2011-06-27 21:59:31 +00:00
Miroslav Stampar	831f083223	minor update	2011-06-27 21:38:12 +00:00
Miroslav Stampar	e9286ddd5b	fix for a bug reported by g@brindi.si (UnicodeDecodeError: 'ascii' codec can't decode byte 0xc2 in position 47: ordinal not in range(128))	2011-06-24 19:24:11 +00:00
Miroslav Stampar	e76cb19e35	minor patch	2011-06-22 09:11:12 +00:00
Miroslav Stampar	b16b92fe46	minor update	2011-06-21 20:59:34 +00:00
Miroslav Stampar	2220afbdf5	fix by request	2011-06-21 20:50:16 +00:00
Miroslav Stampar	bdb530da1f	minor update	2011-06-19 10:11:27 +00:00
Miroslav Stampar	d5bc149636	made changes by buawig request (504 is treated as a classical timeout)	2011-06-19 09:57:41 +00:00
Bernardo Damele	f8c32cf6b9	Moved folder	2011-06-18 12:34:41 +00:00
Miroslav Stampar	0c9fa5c550	fix	2011-06-17 17:12:47 +00:00
Miroslav Stampar	043f2f92c1	minor update	2011-06-17 17:10:52 +00:00
Miroslav Stampar	c9a6aad5c3	minor fix by request	2011-06-17 16:58:50 +00:00
Miroslav Stampar	0990f16f7f	minor update for invalid cases like 'iso-8859-1 (western europe)'	2011-06-12 08:36:21 +00:00
Miroslav Stampar	f8dde2c23b	adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)	2011-06-10 23:18:43 +00:00
Miroslav Stampar	15d72ec566	minor improvement for special cases with --string/--regexp	2011-06-10 23:05:47 +00:00
Miroslav Stampar	8fac4605a9	minor fix for None results	2011-06-10 22:28:15 +00:00
Bernardo Damele	0d8d6a4ace	Cosmetics	2011-06-08 16:08:20 +00:00
Miroslav Stampar	6387d98ab0	quick fix	2011-06-08 14:42:48 +00:00
Miroslav Stampar	4a9640160e	more concise	2011-06-08 14:35:23 +00:00
Miroslav Stampar	6b81eef65a	refactoring	2011-06-08 14:30:12 +00:00
Miroslav Stampar	75c12c5edb	fix for a bug reported by cclements@flatearth.net (TypeError: argument of type 'NoneType' is not iterable)	2011-06-07 21:46:49 +00:00
Miroslav Stampar	7a3cc38e3c	refactoring and stabilization of multithreading	2011-06-07 09:50:00 +00:00
Miroslav Stampar	5f7858455d	fix for a bug reported by l0rda@l0rda.biz	2011-06-07 05:57:21 +00:00
Miroslav Stampar	8c80413c52	well, important fix for blind based cases (especially OR ones)	2011-06-03 15:29:22 +00:00
Miroslav Stampar	a5a70f0895	minor update	2011-05-28 18:21:03 +00:00
Miroslav Stampar	c11ea35d53	adding some user input for "refreshing" cases (like redirect ones)	2011-05-27 22:42:23 +00:00
Miroslav Stampar	cf69809c3c	minor update	2011-05-27 16:26:00 +00:00
Miroslav Stampar	61b960f65f	minor update related to the last one	2011-05-26 22:05:10 +00:00
Miroslav Stampar	45caadbd4a	important update - finally found what was causing headache for UNION payloads in noticeable number of cases	2011-05-26 21:54:19 +00:00
Miroslav Stampar	4f2c999146	fix for a bug reported by mail@8dh.de (UnicodeDecodeError: requestMsg += "\n%s" % requestHeaders)	2011-05-26 13:47:20 +00:00
Miroslav Stampar	5369657cd5	fix for cases with retrieved binary files (preventing difflib nagging around comparison)	2011-05-25 20:54:30 +00:00
Miroslav Stampar	0072c3af8e	fix for a bug reported by aboynes@gmail.com (for elt in self.a)	2011-05-24 15:03:21 +00:00
Miroslav Stampar	f774d8fea0	proper Tor settings (reverted r3915 and implemented it the right way)	2011-05-24 11:06:58 +00:00
Miroslav Stampar	915c206e3d	minor fix for socks proxy issues	2011-05-24 09:47:10 +00:00
Miroslav Stampar	ad25bcc2be	better way for dealing with relative paths	2011-05-24 05:26:51 +00:00
Miroslav Stampar	a536bf210f	improved redirection mechanism	2011-05-23 23:20:03 +00:00
Miroslav Stampar	40971aca94	fixing nasty bug caused by retrying counter	2011-05-22 10:59:56 +00:00
Miroslav Stampar	712e238f33	another minor fix	2011-05-22 10:29:25 +00:00
Miroslav Stampar	2795aeff34	minor fix	2011-05-22 10:27:45 +00:00
Miroslav Stampar	806e898694	no more CRITICAL drop outs in test mode - lots of reports were related to this	2011-05-22 10:21:49 +00:00
Miroslav Stampar	9b2623514a	one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables	2011-05-22 09:48:46 +00:00
Miroslav Stampar	2ea613b170	type correction and adding global flag kb.ignoreTimeout which could be useful	2011-05-22 08:24:13 +00:00
Miroslav Stampar	27f0e73cc9	refactoring of 'target' flag in connect.py	2011-05-22 07:46:09 +00:00

... 5 6 7 8 9 ...

1178 Commits