sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 11:33:47 +03:00

Author	SHA1	Message	Date
Bernardo Damele	2efb3b78ea	Consider also --dbms value during the detection phase	2010-11-29 14:48:07 +00:00
Miroslav Stampar	be6df7abd9	improvement of dynamicity engine	2010-11-29 14:30:57 +00:00
Bernardo Damele	76ce9cc888	Minor bug fix for --forms	2010-11-29 12:46:18 +00:00
Bernardo Damele	6525e08d6b	Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values	2010-11-29 12:13:42 +00:00
Bernardo Damele	c22338ce90	Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).	2010-11-29 11:47:58 +00:00
Bernardo Damele	9d7087e2ff	Proper saving and resuming when more than a parameter are injectable. Minor bug fix to --stacked-test Minor code refactoring.	2010-11-29 01:04:42 +00:00
Bernardo Damele	75f7df75b6	Minor fix	2010-11-28 23:33:51 +00:00
Bernardo Damele	472f4465a6	Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase. Minor bug fix to properly handle the case that no injections are found. Nicer display of injection vulnerabilities detected. Minor code refactoring.	2010-11-28 21:27:47 +00:00
Bernardo Damele	7e3b24afe6	Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!	2010-11-28 18:10:54 +00:00
Bernardo Damele	17486e472a	Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!	2010-11-17 22:00:09 +00:00
Miroslav Stampar	6232397129	minor update	2010-11-16 10:52:49 +00:00
Miroslav Stampar	6ef3846400	update regarding error parsing (and reporting)	2010-11-16 10:42:42 +00:00
Miroslav Stampar	b3ad63b71e	major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page)	2010-11-15 14:59:37 +00:00
Miroslav Stampar	39c6c9f386	minor update	2010-11-15 12:19:22 +00:00
Miroslav Stampar	c25c017c08	cosmetics regarding --forms	2010-11-15 11:50:33 +00:00
Miroslav Stampar	36c544f440	update (--forms acts now more like -g switch)	2010-11-15 11:34:57 +00:00
Miroslav Stampar	a0fb96816f	fix for a bug reported by ToR (value += actVer)	2010-11-14 08:31:29 +00:00
Miroslav Stampar	84849316b3	improvement of heuristic check (now original value is included too)	2010-11-12 23:06:01 +00:00
Miroslav Stampar	0d66f101da	fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)	2010-11-12 22:29:33 +00:00
Miroslav Stampar	2d872f850a	quick fix	2010-11-11 19:54:54 +00:00
Miroslav Stampar	24238ccd0b	re-renaming of brute force switches. this way is better.	2010-11-11 07:57:44 +00:00
Miroslav Stampar	96d88877ba	bug fix (reported by ToR)	2010-11-10 19:44:51 +00:00
Miroslav Stampar	6807fb04cc	minor update	2010-11-09 22:44:23 +00:00
Miroslav Stampar	fef60d5cb7	some fixes :)	2010-11-09 22:32:05 +00:00
Bernardo Damele	2205099a5e	Python stylish	2010-11-09 21:39:05 +00:00
Miroslav Stampar	cee888b613	tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)	2010-11-09 19:14:55 +00:00
Miroslav Stampar	a7fa8d4975	update regarding brute force retrieval of table names and table column names	2010-11-09 16:15:55 +00:00
Miroslav Stampar	4be0631161	refactoring of brute force techniques	2010-11-09 09:42:43 +00:00
Miroslav Stampar	fda8752dca	revert of some HTTP headers handling	2010-11-08 13:26:45 +00:00
Bernardo Damele	78d7b17483	More replacements for refactoring. Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters.	2010-11-08 12:36:48 +00:00
Miroslav Stampar	0d0e2a2228	minor update	2010-11-08 09:49:57 +00:00
Miroslav Stampar	d551423379	further enum refactoring	2010-11-08 09:44:32 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Miroslav Stampar	0482e02c37	minor optimization	2010-11-07 23:37:15 +00:00
Miroslav Stampar	4f346eab33	fix for resume from session	2010-11-07 23:25:53 +00:00
Miroslav Stampar	620fa1c8fb	trust me, i know what i am doing :)	2010-11-07 20:33:33 +00:00
Bernardo Damele	4d81da6bc8	Cosmetics	2010-11-07 16:23:03 +00:00
Bernardo Damele	6716315a76	Minor bug fix to properly set the ratio just before the check for injection, not before the check for dynamicity	2010-11-07 15:45:26 +00:00
Bernardo Damele	9669dbdae1	Minor cosmetics and adjustments	2010-11-07 15:34:52 +00:00
Miroslav Stampar	2b8c942b4a	more update	2010-11-07 08:58:24 +00:00
Miroslav Stampar	00dfd55830	added powerful switch --longest-common for dealing with heavy dynamicity	2010-11-07 08:52:09 +00:00
Miroslav Stampar	508b9cc763	dynamicity engine update	2010-11-07 00:12:00 +00:00
Miroslav Stampar	3619fc5127	minor update	2010-11-06 08:31:11 +00:00
Miroslav Stampar	06760182f1	cosmetics	2010-11-05 16:08:42 +00:00
Miroslav Stampar	9bc9302e58	minor fix	2010-11-05 16:03:12 +00:00
Miroslav Stampar	44435adc4a	added some fancy Ctrl+C when having multiple targets	2010-11-05 15:59:25 +00:00
Miroslav Stampar	0e895fa512	update of dynamicity testing and few misc fixes	2010-11-05 13:14:12 +00:00
Miroslav Stampar	ad6b2e9c21	minor fix	2010-11-04 16:47:18 +00:00
Miroslav Stampar	e1cec8c02b	fix for all that stable, dynamic mambo jambo :)	2010-11-04 16:44:34 +00:00
Miroslav Stampar	efe75aa8a3	added some debug messages	2010-11-04 09:18:32 +00:00

1 2 3 4

178 Commits