Miroslav Stampar
c301b245a9
adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)
2011-03-18 13:39:51 +00:00
Miroslav Stampar
b53c9a2599
minor fix and some refactoring
2011-03-18 00:24:02 +00:00
Miroslav Stampar
fbd0cfda29
minor update toward the implementation of request from Santiago
2011-03-17 06:39:05 +00:00
Bernardo Damele
f00aff5303
-v 0 shows both error, critical and raw_input messages
2011-03-11 22:02:38 +00:00
Bernardo Damele
d7d47b6257
Minor bug fix (revert)
2011-03-11 21:56:45 +00:00
Miroslav Stampar
e64f225e65
minor refactoring
2011-03-11 20:16:34 +00:00
Miroslav Stampar
6cc745f789
removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)
2011-03-11 20:04:15 +00:00
Miroslav Stampar
5eae525010
this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)
2011-03-11 19:57:44 +00:00
Bernardo Damele
3cb0ca4b63
Minor bug fix for --privileges on PgSQL with error-based SQL inj technique
2011-03-11 15:24:25 +00:00
Bernardo Damele
5af7410cb1
Another bug fix for --privileges on PgSQL with UNION query technique
2011-03-11 15:13:09 +00:00
Bernardo Damele
74ef1e53c7
Minor bug fixes to --privileges for PostgreSQL query (corner case)
2011-03-11 14:54:41 +00:00
Miroslav Stampar
eb1cda7065
minor refactoring (more consistent)
2011-03-09 12:06:32 +00:00
Miroslav Stampar
62e3510387
minor refactoring
2011-03-09 11:37:37 +00:00
Miroslav Stampar
5c97f9a496
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
2011-03-09 09:36:56 +00:00
Miroslav Stampar
9b2962ff1c
now when we don't urlencode whole URI using : and \ as safe chars is not a good idea
2011-03-09 08:56:29 +00:00
Miroslav Stampar
30619c599b
minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)
2011-03-08 11:53:59 +00:00
Miroslav Stampar
cc0306044c
adding SVN revision number support for non SVN client platforms
2011-03-07 21:54:30 +00:00
Miroslav Stampar
16b286982d
fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')
2011-03-07 09:50:43 +00:00
Miroslav Stampar
8edc3b3302
further update regarding last commit
2011-03-03 10:39:04 +00:00
Miroslav Stampar
bc50387a17
possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)
2011-03-03 09:42:50 +00:00
Miroslav Stampar
f27f05308a
minor update for masking sensitive data in error report (added aCred too)
2011-03-02 10:09:17 +00:00
Miroslav Stampar
ad2e4002ea
minor improvement
2011-03-01 10:38:27 +00:00
Miroslav Stampar
0f3cc153a3
fix for --technique
2011-03-01 09:54:06 +00:00
Miroslav Stampar
2bf212ffa9
minor minor update
2011-02-27 20:43:38 +00:00
Miroslav Stampar
7036190e8e
minor improvement of regular expression
2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90
further reflective value handling improvement
2011-02-27 17:43:41 +00:00
Bernardo Damele
6e8ebd35f4
Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable
2011-02-27 12:17:41 +00:00
Miroslav Stampar
88faedc0fe
fix for a bug reported by -insane-
2011-02-26 17:48:19 +00:00
Miroslav Stampar
11996ce12e
bug fix for international encoded letters
2011-02-25 22:43:01 +00:00
Miroslav Stampar
2bbbc9a41e
few updates
2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1
incorporation of method for neutralization of reflective values
2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608
added protection mechanism against reflected values
2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e
If no Accept header field is present, then it is assumed that the client accepts all media types.
2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068
adding experimental for --group-concat
2011-02-22 14:35:38 +00:00
Miroslav Stampar
3f8eadf4fe
minor refactoring
2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe
minor refactoring
2011-02-22 12:54:22 +00:00
Bernardo Damele
3e8c204121
Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba
2011-02-21 16:00:56 +00:00
Miroslav Stampar
aac817935a
further improvement of MaxDB support
2011-02-20 22:41:42 +00:00
Miroslav Stampar
70449eb01b
minor bug fix
2011-02-20 21:35:28 +00:00
Miroslav Stampar
345df5968d
minor update
2011-02-20 21:27:38 +00:00
Bernardo Damele
8e60acae5d
Added support for --scope also in WebScarab logs (-l)
2011-02-19 21:03:55 +00:00
Miroslav Stampar
b71bb321dd
some more Sybase updates
2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac
some progress regarding SYBASE
2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab
minor update regarding Sybase support
2011-02-19 14:07:08 +00:00
Miroslav Stampar
df58bcaf95
minor improvement
2011-02-18 14:27:02 +00:00
Miroslav Stampar
6cdf08b81c
minor fix
2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217
--technique can now be something like 123 which includes both techniques 1, 2 and 3
2011-02-17 21:39:16 +00:00
Miroslav Stampar
199f14df46
implementation of MySQL GROUP_CONCAT technique
2011-02-15 00:28:27 +00:00
Bernardo Damele
2ea828e416
Proper fix for r3307 (file-write on MySQL via UNION query tech)
2011-02-13 22:48:01 +00:00
Miroslav Stampar
417b311475
minor update
2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d
update regarding explicit testing of ua and referer when using -p
2011-02-13 21:58:48 +00:00
Miroslav Stampar
5fb11fd173
update regarding multiple DBMS payloads
2011-02-13 21:20:21 +00:00
Miroslav Stampar
9f7d666451
removing --method per request of buawig
2011-02-12 19:50:27 +00:00
Bernardo Damele
7253362114
Minor bug fix so that --file-write on MySQL via UNION query now works again
2011-02-11 23:35:45 +00:00
Miroslav Stampar
535eb9f3eb
implementation of referer feature
2011-02-11 23:07:03 +00:00
Miroslav Stampar
4295a78c5f
minor update
2011-02-10 19:51:34 +00:00
Bernardo Damele
c078de894f
Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA
2011-02-10 14:24:04 +00:00
Bernardo Damele
864eade744
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba
More fixes for --common-columns to work against MSSQL too
2011-02-09 17:22:07 +00:00
Miroslav Stampar
7d9be18789
added one comment
2011-02-09 14:34:18 +00:00
Miroslav Stampar
bafc8a1b0f
another update
2011-02-09 13:29:52 +00:00
Miroslav Stampar
600f729139
fix for a bug reported by skysbsb@gmail.com (double ORDER BY)
2011-02-09 12:43:09 +00:00
Miroslav Stampar
5b57a69f3e
fix
2011-02-09 11:20:03 +00:00
Miroslav Stampar
37f7001143
first commit with mysql/error/substringing
2011-02-08 16:23:33 +00:00
Bernardo Damele
c3eb82e60b
Proper fix
2011-02-08 10:08:48 +00:00
Miroslav Stampar
dba2f74588
revert of r3274
2011-02-08 09:44:34 +00:00
Bernardo Damele
cfe2da0195
Minor fix
2011-02-08 00:13:39 +00:00
Bernardo Damele
0a81415f2f
Minor code cleanup
2011-02-08 00:02:54 +00:00
Miroslav Stampar
771020abd6
one more related commit
2011-02-07 16:32:08 +00:00
Miroslav Stampar
265e7ca272
fix for that MSSQL limit/top problem
2011-02-07 16:24:23 +00:00
Miroslav Stampar
99e9412f74
minor update
2011-02-07 12:34:23 +00:00
Miroslav Stampar
e023e0d233
proper fix
2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85
Minor fixes to checking/re-enabling of xp_cmdshell procedure
2011-02-07 12:17:19 +00:00
Miroslav Stampar
096efea282
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4
More statements to exclude from unescap'ing
2011-02-07 00:33:54 +00:00
Bernardo Damele
3719f085ae
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
2011-02-07 00:21:17 +00:00
Bernardo Damele
2e00656235
Minor fix
2011-02-07 00:20:23 +00:00
Bernardo Damele
bf5ca4bd9a
No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')
2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9
More adjustments related to unescape() and cleanupPayload().
...
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
6a71629575
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
Bernardo Damele
0800d9e49b
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
2011-02-06 22:58:12 +00:00
Bernardo Damele
f3d6be7868
Code cleanup
2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc
few reverts
2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c
little cleanup
2011-02-06 21:52:39 +00:00
Miroslav Stampar
c4c2cf1d58
can't stay as it is right now. temporary disabling.
2011-02-06 21:17:41 +00:00
Bernardo Damele
6191a7f26f
Major fix for a silent bug
2011-02-06 15:53:43 +00:00
Miroslav Stampar
4df8a03c04
using OrderedDict to store parameters in order of appearance
2011-02-04 18:07:21 +00:00
Miroslav Stampar
acb986ae80
minor refactoring
2011-02-04 17:40:55 +00:00
Bernardo Damele
fec88f6a6d
Minor fix
2011-02-04 15:57:53 +00:00
Miroslav Stampar
09e88cfb19
fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len())
2011-02-04 14:05:47 +00:00
Miroslav Stampar
f83f1a1e06
minor just in case update
2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e
minor refactoring
2011-02-04 13:04:19 +00:00
Miroslav Stampar
accf4e6ce0
one important fix (URI injection parameter '*' now can go anywhere)
2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1
little clean up
2011-02-04 12:25:14 +00:00
Miroslav Stampar
c229efba05
revert
2011-02-04 11:33:21 +00:00
Miroslav Stampar
d211def899
minor adjustment (accepting strange new looking uri formats)
2011-02-04 10:55:03 +00:00
Miroslav Stampar
e4933f0c92
refactoring
2011-02-03 23:25:56 +00:00
Miroslav Stampar
9a1a28c804
adding comments to filtering function
2011-02-03 23:09:08 +00:00
Miroslav Stampar
e5f54644f0
minor "statistical" update
2011-02-03 16:59:49 +00:00
Miroslav Stampar
b56a77e573
removing obsolete switches (--threshold, --excl-reg, --excl-str)
2011-02-03 15:55:19 +00:00
Miroslav Stampar
1b9850b73a
revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) )
2011-02-03 12:21:29 +00:00
Miroslav Stampar
5edba2ffbc
minor change (conf.updateAll to conf.update)
2011-02-03 11:13:39 +00:00
Miroslav Stampar
5f49e20cc8
adding --random-agent and removing -a
2011-02-02 14:51:12 +00:00
Miroslav Stampar
2dae57a56d
cosmetics
2011-02-02 14:35:21 +00:00
Miroslav Stampar
6c87bd1c63
added maskSensitiveData function
2011-02-02 14:25:16 +00:00
Miroslav Stampar
8134c2154a
adding WHERE enum for payloads
2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78
minor update
2011-02-02 13:03:24 +00:00
Miroslav Stampar
e73a147fb5
minor update
2011-02-02 11:49:59 +00:00
Miroslav Stampar
e33428b833
adding __findUnionCharCount function
2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f
minor refactoring
2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed
we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS)
2011-02-02 09:24:37 +00:00
Miroslav Stampar
af99105c27
lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum)
2011-02-01 22:45:38 +00:00
Bernardo Damele
2619e4895f
Properly handle --technique at save/resume phase
2011-02-01 22:05:48 +00:00
Bernardo Damele
3d966bd569
You never know..
2011-02-01 22:05:12 +00:00
Miroslav Stampar
705d45f4db
minor cosmetics
2011-02-01 11:10:23 +00:00
Miroslav Stampar
196e2d35b2
maybe we could ask user "are you willing to import local data content into error report" and use this function respectably
2011-02-01 11:06:56 +00:00
Bernardo Damele
6761933f75
Just.. cosmetics ;)
2011-01-31 22:51:14 +00:00
Miroslav Stampar
25c175a9a5
minor bug fix
2011-01-31 22:34:57 +00:00
Bernardo Damele
b04e1a0313
More detailed message for unhandled exception
2011-01-31 21:23:40 +00:00
Bernardo Damele
ec9ebb3479
Set threads to 4 when optimization switch is provided, -o
2011-01-31 21:21:13 +00:00
Bernardo Damele
8397c526d8
Minor adjustment
2011-01-31 21:20:23 +00:00
Miroslav Stampar
fa58a9c86b
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 20:36:01 +00:00
Miroslav Stampar
b1dc928e68
implemented validation for time-based inference
2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c
fix for a bug (--predict-output) noticed by Bernardo
2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b
now union technique parses headers too
2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db
added checking of header values for GREP (error); still UNION to do
2011-01-31 12:21:17 +00:00
Miroslav Stampar
fb3513650d
adding ID properties
2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8
refactoring of MSSQL XML banner parsing
2011-01-31 11:38:00 +00:00
Miroslav Stampar
7175efcae1
another minor cosmetic update
2011-01-31 10:59:51 +00:00
Miroslav Stampar
97328c3104
minor fix
2011-01-31 10:54:13 +00:00
Miroslav Stampar
5e768be509
minor bug fix
2011-01-31 09:34:54 +00:00
Miroslav Stampar
f7feebe0df
fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments)
2011-01-31 09:28:16 +00:00
Miroslav Stampar
fc9c626f9e
minor refactoring (removed URL_ENCODE_PAYLOAD)
2011-01-30 17:03:06 +00:00
Bernardo Damele
21e7223779
perhaps this is better english
2011-01-30 16:34:13 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d
added some more info to unhandled exception message(s)
2011-01-28 16:15:45 +00:00
Miroslav Stampar
8e74c571bc
centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels
2011-01-27 19:44:24 +00:00
Miroslav Stampar
81722b6881
major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)
2011-01-27 18:36:28 +00:00
Miroslav Stampar
03413bd5e0
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
2011-01-27 16:55:58 +00:00
Miroslav Stampar
bb6e36fb02
minor updates
2011-01-27 12:38:39 +00:00
Miroslav Stampar
6cc69f5e16
now --technique is appliable also after the injections have been identified
2011-01-24 16:47:24 +00:00
Miroslav Stampar
81011be0d7
minor update of parseTargetUrl method
2011-01-24 14:52:50 +00:00
Bernardo Damele
e1db2700f0
Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads
2011-01-24 12:25:45 +00:00
Miroslav Stampar
4441e11f68
fix for case -r with no params and cookie available
2011-01-24 11:26:51 +00:00
Miroslav Stampar
a3e3387113
fix for proper Firebird resume of version
2011-01-24 11:04:32 +00:00
Miroslav Stampar
c1145c244e
fix for user-agent injections
2011-01-23 23:23:30 +00:00
Miroslav Stampar
b18397fbc7
major revisit of --os-shell methods
2011-01-23 20:47:06 +00:00
Miroslav Stampar
f5ff78d40c
revert
2011-01-23 11:21:27 +00:00
Miroslav Stampar
3a5f0760f6
minor optimization (only way to prematurely stop SAX parser)
2011-01-23 10:12:01 +00:00
Miroslav Stampar
30cd877c4a
fix for URI based injections
2011-01-22 16:23:33 +00:00
Bernardo Damele
f1b402b103
Proper handling of CASE in Oracle, finally
2011-01-20 21:58:50 +00:00
Bernardo Damele
4128b2c87f
Enforce that when --prefix is provided, --suffix is too and viceversa.
2011-01-20 21:57:54 +00:00
Bernardo Damele
7d1c704575
Moved little precaution from checks.py to common.py.
...
Initial refactoring of kb.os* get/set.
2011-01-20 21:56:10 +00:00
Bernardo Damele
9770db597e
Centralization of unescape()
2011-01-20 21:55:13 +00:00
Miroslav Stampar
dd7262d9e6
we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode
2011-01-20 17:53:49 +00:00
Miroslav Stampar
ad12242151
LoL (removing those checks because we use same "logic" for parsing Burp log files and request files)
2011-01-20 16:27:59 +00:00
Miroslav Stampar
e8c037de1a
minor update
2011-01-20 16:17:38 +00:00
Miroslav Stampar
4e5f0da1ae
minor update
2011-01-20 16:07:08 +00:00
Miroslav Stampar
2fa066f892
added support for WebScarab logs
2011-01-20 15:55:50 +00:00
Miroslav Stampar
345e2288e1
important fix regarding encoding stuff
2011-01-20 13:54:18 +00:00
Miroslav Stampar
f6f4b5e9dd
bug fix for charset used in inference for pages retrieved with --null-connection
2011-01-20 11:01:01 +00:00
Bernardo Damele
701947490b
Two major bug fixes related to UNION technique query forging
2011-01-19 23:46:39 +00:00
Miroslav Stampar
7a060e756d
dummy fix for SQLite schema retrieval (lots of spaces inside)
2011-01-19 23:16:22 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Miroslav Stampar
c106dc829a
more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run)
2011-01-19 22:08:56 +00:00
Miroslav Stampar
7ad41f9b19
bug fix (UnboundLocalError: local variable 'colType' referenced before assignment)
2011-01-19 21:46:43 +00:00
Miroslav Stampar
aea43a1e43
minor refactoring
2011-01-19 15:26:57 +00:00
Miroslav Stampar
eadaf680de
fuck yea
2011-01-19 15:25:48 +00:00
Miroslav Stampar
89e0fd0709
back to roots
2011-01-19 14:06:26 +00:00
Bernardo Damele
33485198e1
Code cleanup
2011-01-18 23:05:32 +00:00
Bernardo Damele
daebb0010b
Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
...
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
2011-01-17 23:43:37 +00:00
Bernardo Damele
35fb50a6ee
Major bug fix
2011-01-17 22:56:04 +00:00
Bernardo Damele
47565f9459
Minor code refactoring
2011-01-17 21:13:59 +00:00
Miroslav Stampar
041abb56e2
you can't believe how much man can learn when having good testing points
2011-01-17 13:59:22 +00:00
Miroslav Stampar
d225c5c9aa
was wrong about this one (just now tested on a real site)
2011-01-17 11:00:09 +00:00
Miroslav Stampar
ac0b5e6dbc
proper way to handle this (console output has totally different encoding than the page one)
2011-01-17 10:27:36 +00:00
Miroslav Stampar
34d13be0d3
minor update regarding default page encoding
2011-01-17 10:23:37 +00:00
Miroslav Stampar
5c857779c1
important fix for unicode based character inference
2011-01-17 10:15:19 +00:00
Miroslav Stampar
0fcca671bd
information update regarding common password suffixes
2011-01-17 09:28:25 +00:00
Miroslav Stampar
a835f233ac
fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer')
2011-01-17 00:17:31 +00:00
Miroslav Stampar
2041361695
minor cosmetics
2011-01-16 23:20:52 +00:00
Miroslav Stampar
e2c821eb81
minor cosmetics
2011-01-16 22:35:54 +00:00
Miroslav Stampar
e881465a9f
minor improvement
2011-01-16 20:55:07 +00:00
Miroslav Stampar
a6516798c0
proper fix for that previous "stacked" fix (that one screwed other injection types)
2011-01-16 19:25:10 +00:00
Miroslav Stampar
5476a8a27e
russian sites are great for testing :)
2011-01-16 19:00:19 +00:00
Miroslav Stampar
19dcaeaabf
fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated)
2011-01-16 18:25:18 +00:00
Miroslav Stampar
30d6791968
update regarding time based data retrieval
2011-01-16 17:52:42 +00:00
Miroslav Stampar
2001bad7e1
automatic adjustment of timeSec for delayed queries
2011-01-16 12:04:32 +00:00
Miroslav Stampar
71391874eb
slightly faster and thread safer inference
2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b
Major bug fix.
...
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Miroslav Stampar
29ea0950b6
now False is also affected (along with None and "")
2011-01-15 23:43:26 +00:00
Bernardo Damele
558f3894f4
Minor improvement
2011-01-15 23:20:52 +00:00
Bernardo Damele
d3a28124b1
More code cleanup
2011-01-15 23:11:36 +00:00
Miroslav Stampar
3873d204bb
important update for dictionary attack
2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca
update
2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224
code review part 3
2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7
code reviewing part 2
2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c
code review of modules in lib/core directory
2011-01-15 12:13:45 +00:00
Miroslav Stampar
daf5662eab
update
2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d
Code cleanup
2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51
minor code refactoring
2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa
refactoring, code clearing and removal of obsolete switch --longest-common
2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc
Minor bug fix
2011-01-14 14:20:28 +00:00
Bernardo Damele
3c95d71ea5
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7
Minor bug fix
2011-01-14 09:49:14 +00:00
Miroslav Stampar
676b95b30a
minor code refactoring
2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020
Minor bug fix
2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
b0fdbdb13b
minor update
2011-01-13 15:15:56 +00:00
Bernardo Damele
877ea31521
Verbose docstring
2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555
update
2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62
Cosmetics
2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca
minor update
2011-01-13 11:08:29 +00:00
Bernardo Damele
ca33728fbc
Minor fix to avoid query splitting/unpacking when the statement is EXISTS()
2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31
Important bug fix.
...
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f
Minor code refactoring and added internal debug prints
2011-01-12 12:03:23 +00:00
Bernardo Damele
af9725214a
Properly deal with partial (single entry) UNION injections.
...
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
3cff42986f
Code cleanup
2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754
One more step to fully working UNION exploitation after merge into detection phase
2011-01-12 01:13:32 +00:00
Bernardo Damele
b5c6f7556f
Minor update
2011-01-12 00:53:48 +00:00
Bernardo Damele
8bdb7ec58c
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
2011-01-12 00:47:39 +00:00
Bernardo Damele
c2e994e806
Minor adjustment
2011-01-11 23:56:04 +00:00
Bernardo Damele
5c7c3c76c3
Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
...
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
2f5995a7eb
Added generic and mysql UNION tests from 1 to 25 columns.
...
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92
Minor code refactoring and cosmetics
2011-01-11 21:46:21 +00:00
Miroslav Stampar
394b6bc029
reverting some changes
2011-01-11 12:11:33 +00:00
Miroslav Stampar
54e0ba935a
minor update
2011-01-11 12:08:36 +00:00
Miroslav Stampar
690281dce1
didn't know this to be honest
2011-01-11 10:17:22 +00:00
Miroslav Stampar
0676b38063
revert of one thing for Bernardo and minor update
2011-01-10 10:30:17 +00:00
Miroslav Stampar
77b51dae57
adding openFile method with an exception block around file opening part
2011-01-08 09:30:10 +00:00
Bernardo Damele
97ae7e330f
cosmetics
2011-01-07 17:10:58 +00:00
Bernardo Damele
e373dac1f2
Cosmetics
2011-01-07 16:50:39 +00:00
Miroslav Stampar
c17714c423
suppress session in case of brute methods
2011-01-07 16:47:46 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Miroslav Stampar
1a079c62cb
minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)
2011-01-07 16:08:01 +00:00
Bernardo Damele
1c86ec374e
Code refactoring and cosmetics
2011-01-07 15:41:09 +00:00
Miroslav Stampar
a8d660db54
fixes for bugs reported by pragmatk@gmail.com
2011-01-06 16:59:58 +00:00
Miroslav Stampar
cc9ca802bf
minor update
2011-01-06 08:54:50 +00:00
Miroslav Stampar
1297df66da
fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed)
2011-01-06 08:04:59 +00:00
Miroslav Stampar
694a65f6f1
minor fix/update
2011-01-05 13:32:40 +00:00
Miroslav Stampar
7ae5192070
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5
foundation for filtering binary string values (for example, replacement of non readable chars with #)
2011-01-04 21:56:37 +00:00
Miroslav Stampar
aa81ed4033
implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)
2011-01-04 15:49:20 +00:00
Miroslav Stampar
fdc463d08b
fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)
2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e
important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)
2011-01-03 22:02:58 +00:00
Miroslav Stampar
92e4cdb241
raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic
2011-01-03 14:21:41 +00:00