Commit Graph

357 Commits

Author SHA1 Message Date
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
d19a8d53e4 minor update 2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2 added one new quick check for multiple target(s) mode 2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254 code refactoring 2011-01-02 16:51:21 +00:00
Miroslav Stampar
da138c46c1 added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly) 2011-01-02 07:37:47 +00:00
Miroslav Stampar
428e817a32 some refactoring 2011-01-01 23:57:27 +00:00
Miroslav Stampar
0e815177c8 minor update 2011-01-01 19:07:40 +00:00
Miroslav Stampar
8f32c740ff code refactoring 2010-12-29 19:39:32 +00:00
Miroslav Stampar
93838fb155 "patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError) 2010-12-28 14:40:34 +00:00
Miroslav Stampar
89c2640d23 basic --search now works with MS Access 2010-12-26 23:50:16 +00:00
Miroslav Stampar
ceeb6374e8 bug fix (TypeError: object of type 'NoneType' has no len()) 2010-12-26 13:27:24 +00:00
Miroslav Stampar
569e060aab important improvement 2010-12-26 13:20:52 +00:00
Miroslav Stampar
a555d1ad68 minor improvement 2010-12-26 11:15:02 +00:00
Miroslav Stampar
b472b96f92 bug fix, refactoring and improved extractErrorMessage capabilities 2010-12-25 10:16:20 +00:00
Miroslav Stampar
2c23a59ba5 fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 12:13:48 +00:00
Miroslav Stampar
23dc408901 prioritization of tests based on DBMS error messages and some comments in common.py 2010-12-24 10:55:41 +00:00
Miroslav Stampar
d9f08e4aa3 randomization of user agents 2010-12-24 10:04:27 +00:00
Miroslav Stampar
017ea9e686 update 2010-12-23 14:06:22 +00:00
Miroslav Stampar
7c06dbffc3 bug fix (AttributeError: 'unicode' object has no attribute 'sort') 2010-12-22 18:55:50 +00:00
Miroslav Stampar
6c1133c4d4 some code refactoring 2010-12-21 15:13:13 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Miroslav Stampar
6b37ddada4 removed some blank trailing spaces (with extra/shutils/blanks.sh) 2010-12-21 10:31:56 +00:00
Bernardo Damele
1a3f57e5fe Cosmetics 2010-12-21 09:23:00 +00:00
Miroslav Stampar
116c141dfa another fix 2010-12-21 00:47:07 +00:00
Miroslav Stampar
8067365b93 fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident') 2010-12-20 23:47:53 +00:00
Miroslav Stampar
8fd3e7ba1f thread based data added 2010-12-20 22:45:01 +00:00
Miroslav Stampar
c9e8aae8a2 we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads) 2010-12-20 19:34:41 +00:00
Miroslav Stampar
e09bc2406c minor refactoring 2010-12-20 19:24:20 +00:00
Miroslav Stampar
5852bad963 some refactoring 2010-12-20 18:56:06 +00:00
Miroslav Stampar
19d8733e9a this is strictly for educational purposes 2010-12-20 17:30:47 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
a19cb2c13a code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") 2010-12-17 21:29:09 +00:00
Miroslav Stampar
7cfeb5447b minor update 2010-12-15 11:46:28 +00:00
Miroslav Stampar
f8a01ddaf8 minor update 2010-12-15 11:21:47 +00:00
Miroslav Stampar
b75d7fa348 minor cache based optimization 2010-12-14 12:22:17 +00:00
Bernardo Damele
cfcee6439e Cosmetics 2010-12-13 21:55:30 +00:00
Miroslav Stampar
e98d9c08e1 dumping table is now possible on Firebird too 2010-12-12 14:38:07 +00:00
Miroslav Stampar
c93634b6c7 blind dumping of tables in sqlite implemented 2010-12-11 22:13:19 +00:00
Miroslav Stampar
b1babeefe5 update regarding dumping of tables with blind on Sqlite 2010-12-11 22:00:16 +00:00
Miroslav Stampar
6a24048aa6 urllib2 doesn't play well with '\n' when non unescaped chars used 2010-12-11 21:17:54 +00:00
Miroslav Stampar
d2a3e8f44f first time firebird error-based query success 2010-12-11 11:17:24 +00:00
Miroslav Stampar
d5e7a8d305 update 2010-12-10 10:54:17 +00:00
Bernardo Damele
9c61adb21d Cosmetics 2010-12-09 00:26:06 +00:00
Miroslav Stampar
81c16926c1 code refactoring some more 2010-12-08 14:46:07 +00:00
Miroslav Stampar
95b48746a6 cosmetics 2010-12-08 14:29:09 +00:00
Miroslav Stampar
01cf1394a4 code refactoring 2010-12-08 14:26:40 +00:00
Miroslav Stampar
b21eb88905 minor update 2010-12-07 22:45:38 +00:00
Miroslav Stampar
ecd4a5a532 added standard deviation check in time based tests 2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec more advanced time technique(s) 2010-12-07 16:04:53 +00:00
Bernardo Damele
effd2ca0e3 Cosmetics 2010-12-07 12:32:58 +00:00
Miroslav Stampar
61f82fd274 introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic 2010-12-07 00:27:26 +00:00
Miroslav Stampar
3f9450b9dc minor fix 2010-12-04 14:43:35 +00:00
Miroslav Stampar
eeb199375b usage of compiled regexes in case of dynamic markings and other refactoring 2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8 code refactoring 2010-12-04 10:13:18 +00:00
Miroslav Stampar
b3a094b9d6 fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql') 2010-12-03 22:44:29 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Miroslav Stampar
612ee08a0b added response time kb attribute 2010-12-03 13:19:34 +00:00
Miroslav Stampar
2cc167a42e fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'" 2010-12-02 18:57:43 +00:00
Miroslav Stampar
70e87d959e update of dynamicity engine 2010-11-29 15:14:49 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
6712f4da55 some refactoring and one less request for aspx maintanance during --os-shell 2010-11-24 14:20:43 +00:00
Bernardo Damele
253eafb643 paranoid cosmetics 2010-11-24 12:03:01 +00:00
Miroslav Stampar
b2b521fc8a gready regex bastard :) 2010-11-24 12:01:36 +00:00
Miroslav Stampar
9579a97039 now ASPX works too for --os-shell 2010-11-24 11:38:27 +00:00
Miroslav Stampar
f9f076ba97 code refactoring 2010-11-23 21:00:42 +00:00
Miroslav Stampar
7877a931d5 more cosmetics regarding dictionary attack 2010-11-23 20:54:40 +00:00
Miroslav Stampar
c4414df594 minor update 2010-11-23 15:33:13 +00:00
Miroslav Stampar
78024eafe0 little precaution 2010-11-23 15:31:23 +00:00
Miroslav Stampar
aa5d038f18 more code refactoring 2010-11-23 14:50:47 +00:00
Miroslav Stampar
3cae76627c code refactoring regarding dictionary attack 2010-11-23 13:58:01 +00:00
Miroslav Stampar
ba4ea32603 first working version of dictionary attack 2010-11-23 13:24:02 +00:00
Miroslav Stampar
d757e4ae1c bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs) 2010-11-17 09:46:04 +00:00
Miroslav Stampar
2a8e270bef proper handling of carriage return character from Windows target machines 2010-11-16 15:11:03 +00:00
Miroslav Stampar
ab33651f96 minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior) 2010-11-16 15:02:22 +00:00
Miroslav Stampar
3487429eac minor cosmetics 2010-11-16 14:41:46 +00:00
Miroslav Stampar
e7a66371f8 update regarding os shell-ing regarding JSP and ASPX 2010-11-16 13:46:46 +00:00
Miroslav Stampar
6ef3846400 update regarding error parsing (and reporting) 2010-11-16 10:42:42 +00:00
Bernardo Damele
a777d59870 Minor bug fix 2010-11-12 15:17:12 +00:00
Miroslav Stampar
697b32554c fix for a bug "ordinal not in range(128)" reported by bugtrace 2010-11-12 11:48:25 +00:00
Bernardo Damele
a34c1b287c Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL) 2010-11-12 11:33:11 +00:00
Bernardo Damele
66c82d72e4 Typo fix 2010-11-12 10:02:02 +00:00
Miroslav Stampar
7752b5efe9 minor update 2010-11-09 09:51:54 +00:00
Miroslav Stampar
221f976fbd minor update 2010-11-09 01:23:54 +00:00
Bernardo Damele
78d7b17483 More replacements for refactoring.
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
a3de10e3a2 new option -t 2010-11-08 11:22:47 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a refactoring regarding injection place (more left) 2010-11-08 08:02:36 +00:00
Miroslav Stampar
508b9cc763 dynamicity engine update 2010-11-07 00:12:00 +00:00
Miroslav Stampar
3619fc5127 minor update 2010-11-06 08:31:11 +00:00
Miroslav Stampar
06760182f1 cosmetics 2010-11-05 16:08:42 +00:00
Miroslav Stampar
f3e3420677 fix for a bug reported by Marcos Mateos Garcia (ValueError) 2010-11-05 11:34:09 +00:00
Miroslav Stampar
3aba0b1bec minor update 2010-11-04 12:51:04 +00:00
Miroslav Stampar
18aea251b3 added concept of tamper script priority 2010-11-04 10:29:40 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
70f6eab715 minor update 2010-11-02 12:08:28 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Miroslav Stampar
5269cb8c08 some code refactoring and beautification 2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a one bug fix in dynamic content engine and some code refactoring 2010-11-02 07:32:08 +00:00
Miroslav Stampar
73b33ed765 fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic 2010-11-01 20:56:13 +00:00
Bernardo Damele
c7b374534b Minor cosmetics 2010-10-31 12:29:00 +00:00