| 
							
							
								 Bernardo Damele | 0a81415f2f | Minor code cleanup | 2011-02-08 00:02:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2c4f6d2e99 | fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too | 2011-02-07 21:53:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a577d0e9a5 | restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary) | 2011-02-07 21:18:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 66adf23532 | Unbiased approach for searching appropriate usable column | 2011-02-07 21:00:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f958b21613 | there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) | 2011-02-07 16:55:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 771020abd6 | one more related commit | 2011-02-07 16:32:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 265e7ca272 | fix for that MSSQL limit/top problem | 2011-02-07 16:24:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 71d1b72e0e | minor adjustment | 2011-02-07 12:51:38 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b33ac19d39 | Minor fix | 2011-02-07 12:36:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 99e9412f74 | minor update | 2011-02-07 12:34:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e023e0d233 | proper fix | 2011-02-07 12:32:08 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 39decebe85 | Minor fixes to checking/re-enabling of xp_cmdshell procedure | 2011-02-07 12:17:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1a5a66870e | problem fixed | 2011-02-07 11:57:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c0233dcd4f | preventing crashes for output=[] | 2011-02-07 10:24:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 096efea282 | added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] | 2011-02-07 10:22:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 008d434325 | Important fix now that the file writing is unescaped too | 2011-02-07 00:56:15 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f0f5d3d3e8 | Began with the update of the user's manual for 0.9 | 2011-02-07 00:55:10 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ba3a8a69d4 | More statements to exclude from unescap'ing | 2011-02-07 00:33:54 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3719f085ae | Added back-end dbms' OS based methods to Backend object - will be used for refactoring | 2011-02-07 00:21:17 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 2e00656235 | Minor fix | 2011-02-07 00:20:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | bf5ca4bd9a | No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') | 2011-02-06 23:30:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 061f56daf9 | More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload. | 2011-02-06 23:27:56 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6a71629575 | Converted from DOS format (\n\r to \n only) | 2011-02-06 23:25:55 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 7dcfcca87f | Tests' titles adjustments | 2011-02-06 23:17:39 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0800d9e49b | Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() | 2011-02-06 22:58:12 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9eac2339ca |  | 2011-02-06 22:55:26 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | db77f8b055 | Code cleanup | 2011-02-06 22:33:08 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f3d6be7868 | Code cleanup | 2011-02-06 22:32:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ecaf5729fd | revert | 2011-02-06 22:14:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 078a2207cc | few reverts | 2011-02-06 22:10:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b9b2fe0e7c | little cleanup | 2011-02-06 21:52:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c4c2cf1d58 | can't stay as it is right now. temporary disabling. | 2011-02-06 21:17:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d2b96a66a2 | one more update regarding last few "unescape" related commits | 2011-02-06 20:23:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | caaac72029 | minor update regarding last commit | 2011-02-06 20:15:03 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6191a7f26f | Major fix for a silent bug | 2011-02-06 15:53:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 1bc2ee2fbf | Updated | 2011-02-06 15:44:27 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 8980227d30 | Minor bug fix | 2011-02-06 15:32:16 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 2afc1e5021 | Layout adjustments | 2011-02-06 15:28:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | a5a648f4fe | Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected. Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug | 2011-02-06 15:23:27 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c44978862e | Minor reordering of what gets saved into the injection object | 2011-02-06 15:20:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5ecb75cc56 | minor update | 2011-02-06 15:14:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f754953c4f | reverting this one. spotted a major bug. dbms is not properly enforced at this moment, don't know why. if it was this would be properly encoded. | 2011-02-06 12:33:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 97f9c9d119 | bug fix (playing with wavsep i've realized that we are sending in this payload quoted 'string' (causing problems), while MD5 also accepts integer values | 2011-02-06 12:24:50 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 412a97b7fe | fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') | 2011-02-05 14:17:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4df8a03c04 | using OrderedDict to store parameters in order of appearance | 2011-02-04 18:07:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | acb986ae80 | minor refactoring | 2011-02-04 17:40:55 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | fec88f6a6d | Minor fix | 2011-02-04 15:57:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1e8eb27156 | update of doc/THANKS | 2011-02-04 14:07:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 09e88cfb19 | fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len()) | 2011-02-04 14:05:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 14c87ec80d | minor fix | 2011-02-04 13:29:02 +00:00 |  |