sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 17:46:37 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	3e72da66f9	Minor update (preventing WAF specific response reports on generic 403)	2018-09-18 16:45:08 +02:00
Miroslav Stampar	a5e3dce26f	Proper naming	2018-09-14 10:01:31 +02:00
Miroslav Stampar	12012b36b1	Automatic disabling of socket-preconnect for known problematic server (SimpleHTTPServer)	2018-09-04 23:01:17 +02:00
Miroslav Stampar	0507234add	Minor update	2018-08-29 11:06:45 +02:00
Miroslav Stampar	a296d22195	Fixes #3205	2018-08-10 14:01:55 +02:00
Miroslav Stampar	d47c16e196	Minor refactoring	2018-06-07 00:55:32 +02:00
Miroslav Stampar	091c8ab2dd	Minor update (switching --invalid-logical to LIKE version)	2018-06-07 00:37:22 +02:00
Miroslav Stampar	6b3f01bfeb	Minor patch	2018-05-28 11:07:06 +02:00
Miroslav Stampar	2a810fb796	Trivial modifications (thou shalt not judge people by trivial commits)	2018-05-03 14:10:55 +02:00
Miroslav Stampar	8f7a7bed20	Minor patch	2018-05-03 13:31:27 +02:00
Miroslav Stampar	8ca3287df4	Proper way to skip already used payloads (important to --suffix/--prefix cases)	2018-04-12 14:38:32 +02:00
Miroslav Stampar	a8cb14ed4a	Minor patch (disable tamper script usage in WAF/IDS/IPS check phase)	2018-04-11 14:48:54 +02:00
Miroslav Stampar	7f3f1dcdee	Fixes #3022	2018-04-03 12:50:09 +02:00
Miroslav Stampar	4147f44e63	Potential patch for Issues like #3013 and #3017	2018-04-01 12:45:47 +02:00
Miroslav Stampar	2cc6214227	Fixes #3020	2018-04-01 11:25:51 +02:00
Miroslav Stampar	8a90512354	One more commit related to the last one (reduce false hopes in heavily dynamic cases)	2018-03-31 11:02:48 +02:00
Miroslav Stampar	ae8699f258	Reducing false-positive 'appears' messages in heavily dynamic environment	2018-03-29 14:47:30 +02:00
Miroslav Stampar	cdb1e79370	Disabling ORDER BY tests in heavily dynamic environment	2018-03-29 14:37:33 +02:00
Miroslav Stampar	16cd13d7db	Fixes #3014	2018-03-28 17:24:12 +02:00
Miroslav Stampar	45fb5ab4a5	Patch for cases when http: is immediatelly being redirected to https:	2018-03-28 15:13:33 +02:00
Miroslav Stampar	f287ff3767	Trivial comment update	2018-03-21 14:29:54 +01:00
Miroslav Stampar	7d5a0ed2dc	Use false-positive checks in dummy mode	2018-03-21 14:22:59 +01:00
Miroslav Stampar	74de40b9c5	Minor patch of a previous commit	2018-03-16 15:21:19 +01:00
Miroslav Stampar	6c2b7cff80	Minor patch of UNION checking logic	2018-03-16 15:11:04 +01:00
Miroslav Stampar	fa4c1c5251	Some more PEPing (I hope that I haven't broke anything)	2018-03-13 13:45:42 +01:00
Miroslav Stampar	5380e8174b	Safer WAF heuristics in case of URI injections	2018-03-11 03:20:33 +01:00
Miroslav Stampar	4cefff7e98	Bug fix (misencoding inside check waf payload)	2018-03-11 03:13:33 +01:00
Miroslav Stampar	9e75bb7f68	Minor patch	2018-01-31 11:43:17 +01:00
Miroslav Stampar	8a122401aa	Update of copyright years	2018-01-02 00:48:10 +01:00
Miroslav Stampar	66c1f72a16	Minor optimization	2017-12-29 13:04:52 +01:00
Miroslav Stampar	5326df1071	Minor grammar fix	2017-12-13 13:49:55 +01:00
Miroslav Stampar	8cef17b583	Minor just in case patch (error set in case of --string)	2017-12-12 11:18:17 +01:00
Miroslav Stampar	220dffbcfa	Couple of wording updates	2017-12-04 13:59:35 +01:00
Miroslav Stampar	7c5b051d60	Fixes #2808	2017-11-29 15:59:00 +01:00
Miroslav Stampar	132a72c9bd	Minor update of logging messages	2017-11-24 12:20:57 +01:00
Miroslav Stampar	67b470245e	Minor cleanup of NULL connection	2017-11-09 13:45:52 +01:00
Miroslav Stampar	58b87e4b6b	Some more refactoring	2017-11-08 15:58:23 +01:00
Miroslav Stampar	496075ef20	Trivial refactoring	2017-10-31 10:10:22 +01:00
Miroslav Stampar	1f60dfc835	Minor patch for WAF mechanism	2017-10-16 11:42:11 +02:00
Miroslav Stampar	8c6b761044	Replacing doc/COPYING to LICENSE	2017-10-11 14:50:46 +02:00
Miroslav Stampar	12f802c70f	Minor text update	2017-09-11 10:41:50 +02:00
Miroslav Stampar	96ffb4b911	Fixes #2693	2017-09-11 10:38:19 +02:00
Miroslav Stampar	cb2258fea4	Fixes #2603	2017-08-28 13:02:08 +02:00
Miroslav Stampar	8b0c50f25d	Update related to the #2663	2017-08-23 13:17:37 +02:00
Miroslav Stampar	62ae149464	Minor patch	2017-07-29 03:35:05 +02:00
Miroslav Stampar	0f9c81965b	Implementation on request	2017-07-26 00:24:13 +02:00
Miroslav Stampar	d12b65d38c	Fixes #2624	2017-07-25 23:32:30 +02:00
Louis-Philippe Huberdeau	e38267a61e	Include tracking properties in the HAR to identify which test the requests were associated to	2017-07-18 15:46:52 -04:00
Miroslav Stampar	1678b606a2	Update for #2597	2017-07-03 16:55:24 +02:00
Louis-Philippe Huberdeau	0d756a8823	Parse request data and convert to HAR, include in injection data	2017-06-23 11:50:21 -04:00
Miroslav Stampar	864711b434	Minor improvement	2017-06-05 16:48:14 +02:00
Miroslav Stampar	996ad59126	Minor patch	2017-06-05 16:28:19 +02:00
Miroslav Stampar	359bfb2704	Minor adjustment	2017-05-26 14:14:35 +02:00
Miroslav Stampar	644ea2e3aa	Minor patch	2017-05-26 14:08:08 +02:00
Miroslav Stampar	4ce08dcfa3	Patch for an Issue #2536	2017-05-17 00:22:18 +02:00
Miroslav Stampar	d3a08a2d22	Implementation for an Issue #2505	2017-05-07 23:12:42 +02:00
Miroslav Stampar	fc8eede952	Minor cleanup and one bug fix	2017-04-19 14:46:27 +02:00
Miroslav Stampar	5f2bb88037	Some code refactoring	2017-04-18 15:48:05 +02:00
Miroslav Stampar	38f16decef	Update for an Issue #2384	2017-02-06 13:28:33 +01:00
Miroslav Stampar	55272f7a3b	New version preparation	2017-01-02 14:19:18 +01:00
Miroslav Stampar	edc6f47758	Some refactoring	2016-12-19 23:47:39 +01:00
Miroslav Stampar	6130185ac6	Minor consistency update with the wiki	2016-10-11 00:35:39 +02:00
Miroslav Stampar	171cf6f54d	Minor fine tuning for SQLi heuristic check	2016-10-04 11:32:06 +02:00
Miroslav Stampar	381deb68ff	Implementation for an Issue #2137	2016-09-27 13:26:11 +02:00
Miroslav Stampar	7151df16f6	Adding extra validation step in case of boolean-based blind (e.g. if unexpected 500 occurs)	2016-09-27 11:21:12 +02:00
Miroslav Stampar	8994bf2dba	Further dealing with time-based SQLi (Issue #1973 )	2016-09-27 10:32:22 +02:00
Miroslav Stampar	09617c8243	Introducing extra validation property in case of time-based SQLi (HTTP code) - Issue #1973	2016-09-27 10:20:36 +02:00
Miroslav Stampar	556b4d289e	Minor cosmetic patch (removing multiple same content '...appears...' messages)	2016-09-26 17:02:40 +02:00
Miroslav Stampar	56a918c408	Minor refactoring	2016-09-20 10:03:00 +02:00
Miroslav Stampar	bcd62ecc5b	Minor optimization (avoiding unnecessary deepcopies)	2016-09-20 09:56:08 +02:00
Miroslav Stampar	32dd4a938c	Minor patch of message	2016-09-09 11:37:16 +02:00
Miroslav Stampar	cb43c03712	Definite patch for MemoryError(s) (fixes #1991 )	2016-06-30 14:57:56 +02:00
Miroslav Stampar	8b4367d354	Revert of last commit	2016-06-26 01:42:21 +02:00
Miroslav Stampar	0a9d69a7d0	Minor patch	2016-06-26 01:10:47 +02:00
Miroslav Stampar	0175acd028	Bug fix (in some cases lack of warning message for SQLi appearing)	2016-06-23 17:52:37 +02:00
Miroslav Stampar	78fdb27a0b	More improvements	2016-06-03 15:51:52 +02:00
Miroslav Stampar	350baf0a0a	Minor update	2016-06-03 14:29:32 +02:00
Miroslav Stampar	9886b646eb	Proper update regarding the last commit	2016-06-03 14:18:28 +02:00
Miroslav Stampar	c5197b99a0	Minor patch and minor improvement	2016-06-03 13:59:32 +02:00
Miroslav Stampar	229d3a7dd0	Patch for cases when error page looks more like original, than the False one does	2016-05-30 16:46:23 +02:00
Miroslav Stampar	b965e5bf1c	Minor refactoring	2016-05-30 16:06:39 +02:00
Miroslav Stampar	3bd74c5351	Minor patch	2016-05-30 15:20:21 +02:00
Miroslav Stampar	55624ec1a2	Minor message update	2016-05-30 14:40:22 +02:00
Miroslav Stampar	69fd900108	Adding waf script for detection of generic/unknown	2016-05-27 16:34:41 +02:00
Miroslav Stampar	de9f23939f	Major bug fix in WAF/IDS/IPS detection (question 'do you want..to try to detect backend WAF/IPS/IDS' never worked)	2016-05-27 13:41:03 +02:00
Miroslav Stampar	7a2ac23f0b	Adding new waf script (sitelock)	2016-05-27 02:13:01 +02:00
Miroslav Stampar	c395958dff	Fixes #1888	2016-05-24 14:55:19 +02:00
Miroslav Stampar	f7cae68378	More formal language	2016-05-22 21:44:17 +02:00
Miroslav Stampar	f6ff1a115a	Better (automatic) picking of a --string candidate (especially in case of international pages)	2016-05-22 21:29:08 +02:00
Miroslav Stampar	32ee586e2a	Minor language update	2016-05-22 14:30:32 +02:00
Miroslav Stampar	6623c3f877	Pesky bug fix (nobody noticed :)	2016-05-22 14:22:31 +02:00
Miroslav Stampar	30a4173249	I like users which don't know the difference between detection and identification	2016-05-22 12:40:23 +02:00
Miroslav Stampar	5e8b105677	Fixes #1880	2016-05-19 19:46:12 +02:00
Miroslav Stampar	be9381abc5	Implements #1845	2016-05-06 13:06:59 +02:00
Miroslav Stampar	9dd5cd8eb6	Removing CloudFlare check	2016-04-29 00:17:07 +02:00
Miroslav Stampar	aa21550712	Minor patch for integer casting heuristics (circumvent auto-casting by DBMS itself)	2016-04-15 13:47:19 +02:00
Miroslav Stampar	d7cdb6cbd8	Minor update	2016-02-06 20:16:33 +01:00
Miroslav Stampar	62f94f6587	Adding comments (Issue #1681 )	2016-01-26 07:52:25 +01:00
Miroslav Stampar	574b3a79aa	Adding support for detection of CloudFlare responses	2016-01-21 10:16:23 +01:00
Miroslav Stampar	59695af101	Minor improvement of heuristic checks	2016-01-14 22:21:47 +01:00
Miroslav Stampar	bdcf3fffba	Minor update related to the last (error results in OR boolean-based blind should not be the same as True to be able to do proper comparison)	2016-01-14 13:40:50 +01:00
Miroslav Stampar	c7ef9429ae	Minor check for problematic injections	2016-01-14 13:16:44 +01:00
Miroslav Stampar	4c1fc095d8	Adding heuristic check for FI vulnerability	2016-01-14 09:59:13 +01:00
Miroslav Stampar	a8c6c6fca1	Minor update related to the last one	2016-01-13 23:47:34 +01:00
Miroslav Stampar	4e29e1b351	Fixing wrong commit #4f939b5719716dfe9bd085c4f67696bc11064edd	2016-01-13 23:34:42 +01:00
Miroslav Stampar	8362bdcf66	Fix for screw up made by #52dd92748a50bcee4fb979ea49185840ff6743b9	2016-01-13 23:16:27 +01:00
Miroslav Stampar	eb989469f3	Minor just in case update	2016-01-12 10:27:04 +01:00
Miroslav Stampar	48ac2101f2	Using only once the dummy checkWaf payload	2016-01-08 23:23:41 +01:00
Miroslav Stampar	d0d676ccce	Update of copyright string	2016-01-06 00:06:12 +01:00
Miroslav Stampar	c6d4217495	Minor update (just in case)	2015-12-03 02:08:59 +01:00
Miroslav Stampar	53de0e8949	Implements #1442	2015-10-01 11:57:33 +02:00
Miroslav Stampar	81caf14b6d	Adding switch --skip-waf	2015-09-21 14:57:44 +02:00
Miroslav Stampar	e81e474646	Minor adjustment	2015-09-21 14:46:34 +02:00
Miroslav Stampar	56f0b811a6	Minor patch	2015-09-21 13:23:56 +02:00
Miroslav Stampar	f494004f44	Switching to the getSafeExString (where it can be used)	2015-09-10 15:51:33 +02:00
Miroslav Stampar	c1f829d131	Removing last remnants of bad handling the exceptions as strings	2015-09-08 11:15:31 +02:00
Miroslav Stampar	e623ee66ad	Better approach for #1320	2015-07-30 23:29:31 +02:00
Miroslav Stampar	58002c5057	Minor cosmetics	2015-07-23 09:55:59 +02:00
Miroslav Stampar	21e8182ac6	Fixes #1305	2015-07-18 17:01:34 +02:00
Miroslav Stampar	16f8e4c8ba	Removing unused imports	2015-07-12 12:25:02 +02:00
Miroslav Stampar	10f8c6a0b6	Introducing --offline switch (to perform session only lookups)	2015-07-10 16:10:24 +02:00
Miroslav Stampar	0ba264bfa0	Minor patch	2015-07-10 09:51:11 +02:00
Miroslav Stampar	4baaa4a5ad	Minor improvement	2015-07-10 09:24:14 +02:00
Miroslav Stampar	9ff115ce71	Minor patch	2015-07-10 01:33:53 +02:00
Miroslav Stampar	02470ea683	Further decreasing number of testing payloads	2015-07-10 01:19:46 +02:00
Miroslav Stampar	48b627f3ff	Prevent double tests (e.g. in same final tests where suffix is cut by the comment)	2015-07-10 00:54:02 +02:00
Miroslav Stampar	ca2f63c672	Test speed up in case of boolean based blind	2015-07-10 00:37:59 +02:00
Miroslav Stampar	96327b6701	Fixes #1290	2015-07-05 01:47:01 +02:00
Miroslav Stampar	1f71d809d4	Fixes #1288	2015-07-03 08:55:33 +02:00
Miroslav Stampar	08caca387b	Minor patch of automatic WAF heuristic check	2015-05-29 16:01:41 +02:00
Miroslav Stampar	adc8ac267d	Fixes #1190	2015-03-10 09:23:26 +01:00
Bernardo Damele	8281fe48e5	bug fix: test for boundaries with high levels if the test was extended	2015-03-01 11:02:05 +00:00
Bernardo Damele	2f08c8b666	bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup	2015-02-27 13:57:28 +00:00
Bernardo Damele	475cc8b24b	trivial code cleanup	2015-02-21 13:12:30 +00:00
Bernardo Damele	d235ee375b	code cleanup	2015-02-21 12:59:44 +00:00
Bernardo Damele	52dd92748a	rework some of the logic of the detection phase based on identified DBMS along the way	2015-02-21 02:23:42 +00:00
Bernardo Damele	4f939b5719	avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables	2015-02-20 18:36:34 +00:00
Bernardo Damele	214b9360e9	Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup	2015-02-20 18:30:42 +00:00
Bernardo Damele	79d4d970a5	trivial code cleanup	2015-02-20 15:42:28 +00:00
Bernardo Damele	201b605f9b	Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already	2015-02-20 10:21:44 +00:00
Bernardo Damele	e17d212c23	bug fix introduced with `863d5a6281`	2015-02-15 20:07:52 +00:00
Bernardo Damele	863d5a6281	--test-filter now ignores values of --risk and --level	2015-02-15 16:28:37 +00:00
Miroslav Stampar	2e5c11e427	Closes #1163	2015-02-13 10:59:03 +01:00
Miroslav Stampar	2e9bf47703	Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145 )	2015-01-30 22:12:35 +01:00
Miroslav Stampar	b7cfaa6ca5	Minor style update	2015-01-22 08:55:37 +01:00
Miroslav Stampar	a603002acd	Adding a choice to automatically turn on --identify-waf if protection has been detected	2015-01-20 09:38:18 +01:00
Miroslav Stampar	45bdefd29b	Update of copyright	2015-01-06 15:02:16 +01:00
Miroslav Stampar	6fc41ca940	Heuristically checking for WAF/IDS/IPS by default	2015-01-06 14:01:47 +01:00
Miroslav Stampar	e6de92ce88	Minor patch (unicode related)	2014-12-15 13:36:08 +01:00
Miroslav Stampar	1e06e7c386	Adding a debug message during name resolution	2014-12-11 13:29:26 +01:00

1 2 3 4 5 ...

740 Commits