sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	42f4c2bac9	Minor fix when --dbms is enforced	2012-12-10 11:42:10 +01:00
Miroslav Stampar	974407396e	Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)	2012-12-06 14:14:19 +01:00
Miroslav Stampar	ab67344448	Removed unused imports and variables (pyflake-ing)	2012-12-06 11:15:05 +01:00
Miroslav Stampar	ca427af8b3	Minor refactoring/improvement	2012-10-28 01:42:08 +02:00
Miroslav Stampar	bcdba7b7bb	Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details	2012-10-28 01:11:50 +02:00
Miroslav Stampar	c1b8226329	Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)	2012-10-28 00:36:09 +02:00
Miroslav Stampar	235cc656b9	Fix for an Issue #224	2012-10-25 15:25:31 +02:00
Miroslav Stampar	bcf708f4b1	Minor update	2012-10-25 13:37:33 +02:00
Miroslav Stampar	fdcdd11cb9	Minor update for an Issue #222	2012-10-25 13:35:44 +02:00
Miroslav Stampar	8a5844a364	Implementation for an Issue #222	2012-10-25 13:21:32 +02:00
Miroslav Stampar	9ad58cb531	Implementation for an Issue #204	2012-10-16 10:24:05 +02:00
Miroslav Stampar	f71b937add	Minor language cleanup	2012-10-04 18:28:36 +02:00
Miroslav Stampar	2fbd05c98f	Minor language update	2012-10-04 18:04:55 +02:00
Miroslav Stampar	687f3991de	Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.	2012-09-26 11:27:43 +02:00
Miroslav Stampar	9ca7b3e20e	Implementation for an Issue #194	2012-09-25 09:25:35 +02:00
Miroslav Stampar	c1c65a7167	Fix for an Issue #166	2012-08-29 20:21:45 +02:00
Miroslav Stampar	e9ae44c6fc	Implementation for an #162	2012-08-22 16:50:01 +02:00
Miroslav Stampar	0ad3846451	Minor language update	2012-08-22 16:10:56 +02:00
Miroslav Stampar	a62a874d59	Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets)	2012-08-22 16:06:09 +02:00
Miroslav Stampar	4ab4fd1cb4	Minor update	2012-08-22 15:53:40 +02:00
Miroslav Stampar	52351e5d81	Update for an Issue #161 (now detecting format error messages too)	2012-08-22 15:51:47 +02:00
Miroslav Stampar	7b93108e7d	Favoring non-string specific boundaries in case of digit-like parameter values	2012-08-22 13:58:52 +02:00
Miroslav Stampar	8a5042b6a4	Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)	2012-08-22 11:56:30 +02:00
Miroslav Stampar	7d0662da23	Update for an #161	2012-08-22 11:42:06 +02:00
Miroslav Stampar	61151447fe	Implementation of an Issue #161	2012-08-22 11:27:58 +02:00
Miroslav Stampar	6210ddfbd6	Minor refactoring	2012-08-22 11:00:39 +02:00
Miroslav Stampar	a927d94d39	Update for an Issue #155	2012-08-22 10:57:31 +02:00
Miroslav Stampar	6f450ac8bf	Implementation for an Issue #155	2012-08-20 12:14:01 +02:00
Miroslav Stampar	823dde73ab	Minor cleanup	2012-08-20 11:40:49 +02:00
Miroslav Stampar	76338add17	Fix for an Issue #152	2012-08-20 10:41:43 +02:00
Miroslav Stampar	6f529542e3	Making those --string tips (containing escaped characters) decodable by sqlmap	2012-07-31 11:32:53 +02:00
Miroslav Stampar	b3552494c4	Minor preparation for an Issue #48	2012-07-26 12:26:57 +02:00
Miroslav Stampar	30f8d09651	Implementation for an Issue #70	2012-07-26 12:06:02 +02:00
Miroslav Stampar	2b60e61d54	Minor update for #119	2012-07-25 10:57:19 +02:00
Miroslav Stampar	922ea9d1f4	Update for Issue #118	2012-07-24 15:43:29 +02:00
Bernardo Damele	318a01b867	minor typo fixes	2012-07-17 00:25:02 +01:00
Bernardo Damele	162da75a04	modified homepage address	2012-07-12 18:38:03 +01:00
Miroslav Stampar	e948e4d45b	Some more refactoring	2012-07-06 17:18:22 +02:00
Miroslav Stampar	7ad6697446	Fix for Issue #57	2012-07-04 20:21:44 +02:00
jekil	c39e5a85ba	Removed $id$ tags	2012-06-27 20:56:43 +02:00
Miroslav Stampar	302d782a0f	minor style update	2012-06-19 08:33:51 +00:00
Miroslav Stampar	3da8f86e97	minor fix	2012-06-15 21:01:27 +00:00
Miroslav Stampar	76584ff0fa	unhidding --test-filter	2012-06-14 14:36:53 +00:00
Miroslav Stampar	d2bbfa4aad	minor style update	2012-05-28 14:04:17 +00:00
Miroslav Stampar	dc20bff1d0	minor update	2012-05-25 08:30:24 +00:00
Miroslav Stampar	7657bbeaf9	minor update	2012-05-24 22:32:06 +00:00
Miroslav Stampar	86fdad2bfa	minor update	2012-05-24 22:07:50 +00:00
Miroslav Stampar	2538e2d5b4	fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring	2012-05-22 09:33:22 +00:00
Miroslav Stampar	80ee687b41	minor beauty patch	2012-05-07 13:51:31 +00:00
Miroslav Stampar	6f67dc85ee	adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical	2012-04-25 20:29:07 +00:00
Miroslav Stampar	3532d23933	automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)	2012-04-23 13:41:36 +00:00
Miroslav Stampar	54576ab3a6	making a random choice from candidates	2012-04-13 10:54:30 +00:00
Miroslav Stampar	bbbcc95fe5	use it only if page is stable	2012-04-13 10:19:26 +00:00
Miroslav Stampar	b45ae10da4	minor fixes	2012-04-11 21:36:37 +00:00
Miroslav Stampar	e33ea7c33a	minor fix	2012-04-10 22:29:39 +00:00
Miroslav Stampar	a82206cec4	minor cosmetics	2012-04-10 21:57:00 +00:00
Miroslav Stampar	119eec3598	improving "boolean detection" by automatic recognition of convenient --string candidate	2012-04-10 21:48:34 +00:00
Miroslav Stampar	56638f9e95	making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection	2012-03-30 10:50:01 +00:00
Miroslav Stampar	637a8d8273	improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism	2012-03-29 14:33:27 +00:00
Miroslav Stampar	ce4c697bbd	disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code	2012-03-29 13:39:12 +00:00
Miroslav Stampar	c9cac957bb	adding one more case for false positive check (Generic tests without any DBMS knowledge)	2012-03-29 09:56:09 +00:00
Miroslav Stampar	3abcd6910a	strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test	2012-03-22 00:06:50 +00:00
Miroslav Stampar	0fc4288a7c	modifying redirection code for only two choices	2012-03-18 17:27:08 +00:00
Miroslav Stampar	577caac4de	putting kb.negativeLogic setting to the safe place	2012-03-16 09:17:11 +00:00
Miroslav Stampar	7d313ac911	few more fixes for proper redirecting mechanism	2012-03-15 19:47:59 +00:00
Bernardo Damele	4520744b4d	second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now	2012-03-15 16:25:26 +00:00
Miroslav Stampar	a7fbc55748	grammar fix	2012-03-13 22:03:23 +00:00
Miroslav Stampar	c878dd3e5a	doing a dummy test for --os-shell in case of xp_cmdshell	2012-03-09 14:21:41 +00:00
Miroslav Stampar	a0b46963cb	minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup)	2012-03-09 10:28:19 +00:00
Miroslav Stampar	0ead1fd87e	minor update	2012-03-05 09:42:52 +00:00
Miroslav Stampar	1ec56f93ec	minor update	2012-03-01 10:10:19 +00:00
Miroslav Stampar	f142c0f782	minor update	2012-02-28 14:04:13 +00:00
Miroslav Stampar	6e54cb171f	minor code restyling	2012-02-22 15:53:36 +00:00
Miroslav Stampar	b3bd4144f5	removing of unused imports together with some general code refactoring	2012-02-22 10:40:11 +00:00
Miroslav Stampar	844fc8addb	minor cleanup	2012-02-16 10:19:36 +00:00
Miroslav Stampar	11af0b1bbc	minor fix	2012-02-07 11:16:03 +00:00
Miroslav Stampar	8405ef59ac	some estetic updates	2012-02-01 14:49:42 +00:00
Miroslav Stampar	23117e72ca	minor improvement	2012-01-13 20:56:06 +00:00
Miroslav Stampar	95f89ab63a	updating copyright date	2012-01-11 14:59:46 +00:00
Miroslav Stampar	1f085a0241	now [SLEEPTIME] is changeable properly in vivo	2012-01-05 14:45:05 +00:00
Miroslav Stampar	94d43a4135	minor bug fix	2011-12-30 14:20:06 +00:00
Miroslav Stampar	f622995a29	compatibility with partial union and error technique resumed data	2011-12-22 12:20:21 +00:00
Miroslav Stampar	6f8d8a15aa	minor update	2011-12-22 11:55:02 +00:00
Miroslav Stampar	95cd9e2af3	adding support for scanning Host header values (-p host)	2011-12-20 12:52:41 +00:00
Miroslav Stampar	c57941c102	minor beautification	2011-12-15 23:33:44 +00:00
Miroslav Stampar	27d244b326	minor update	2011-12-15 23:29:11 +00:00
Miroslav Stampar	0f5d48ff20	minor update	2011-12-05 09:25:56 +00:00
Miroslav Stampar	2842c13d75	minor update	2011-11-29 16:59:06 +00:00
Miroslav Stampar	2ed3efba12	speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)	2011-11-22 08:39:13 +00:00
Miroslav Stampar	49fddaf668	minor update (for cases with 404 original page - e.g. time based injections in some cases)	2011-11-20 23:11:18 +00:00
Miroslav Stampar	8c32b3653b	minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means)	2011-11-20 20:27:30 +00:00
Miroslav Stampar	20ae1c2187	added switch --logic-negative	2011-10-24 00:40:06 +00:00
Miroslav Stampar	4989e8e6d3	minor update	2011-10-10 17:29:54 +00:00
Miroslav Stampar	b888a84764	minor update	2011-09-27 14:31:58 +00:00
Miroslav Stampar	88f1110c44	adding a new (for now) hidden switch --test-filter for filtering tests by their name	2011-09-27 14:09:25 +00:00
Miroslav Stampar	7e80274fac	refactoring	2011-09-25 21:10:45 +00:00
Miroslav Stampar	f46baac70b	bug fix (when comment is None this was errornous)	2011-08-17 10:58:29 +00:00
Bernardo Damele	702ed73a65	Added --code switch to match in boolean-based tests against the HTTP response code	2011-08-12 16:48:11 +00:00
Bernardo Damele	fff4c34e33	Search for --string and --regexp matches also in HTTP response headers	2011-08-12 15:33:37 +00:00
Miroslav Stampar	2ad267132a	minor update for empty normal responses (like AJAX requests)	2011-08-05 10:55:21 +00:00
Miroslav Stampar	07afcd5440	fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)	2011-08-02 18:20:21 +00:00
Bernardo Damele	6cbb927012	Partial fix for -o not resumed at following runs if missing from command line	2011-07-25 11:05:49 +00:00
Miroslav Stampar	c517e97a44	few fixes and minor cosmetics	2011-07-08 06:02:31 +00:00
Bernardo Damele	aedcf8c8d7	Changed homepage address	2011-07-07 20:10:03 +00:00
Bernardo Damele	0d28c1e9e7	cosmetics	2011-07-06 20:41:13 +00:00
Miroslav Stampar	93b296e02c	few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")	2011-07-06 05:44:47 +00:00
Miroslav Stampar	8a8b94883b	minor update (that default quit in --batch was bothering me - my original idea and it was bad :)	2011-06-27 14:14:49 +00:00
Miroslav Stampar	c4cb367e65	looks nicer (though --tor is implicitly converted into --proxy)	2011-06-24 19:00:53 +00:00
Miroslav Stampar	2de88bd90b	minor update	2011-06-24 17:19:24 +00:00
Bernardo Damele	f8c32cf6b9	Moved folder	2011-06-18 12:34:41 +00:00
Miroslav Stampar	25b923bbc3	minor fixes and minor updates	2011-06-16 12:12:30 +00:00
Miroslav Stampar	4d51fa8155	minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)	2011-06-15 17:37:28 +00:00
Miroslav Stampar	9331abb96f	minor update	2011-06-11 08:33:36 +00:00
Bernardo Damele	d217cf71b2	Minor bug fix	2011-06-08 23:32:44 +00:00
Miroslav Stampar	d8155dfae9	change by request	2011-06-08 14:44:11 +00:00
Bernardo Damele	0d3e8a76d8	Cosmetics and a missing param	2011-06-08 14:40:42 +00:00
Miroslav Stampar	4a9640160e	more concise	2011-06-08 14:35:23 +00:00
Miroslav Stampar	1c633b7351	i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified	2011-06-07 22:14:18 +00:00
Miroslav Stampar	97d8c60c3f	better language	2011-06-03 15:58:19 +00:00
Miroslav Stampar	0a620bf322	more info to the user	2011-06-03 15:43:50 +00:00
Miroslav Stampar	8aa5625cd0	proper fix related to the last commit	2011-06-01 23:00:18 +00:00
Miroslav Stampar	fd57aae779	bug fix (until this moment we had UNION unfunctional for MSSQL)	2011-06-01 22:47:54 +00:00
Miroslav Stampar	45caadbd4a	important update - finally found what was causing headache for UNION payloads in noticeable number of cases	2011-05-26 21:54:19 +00:00
Miroslav Stampar	97bd5355dd	minor update	2011-05-26 21:18:55 +00:00
Miroslav Stampar	4f46a5ab63	minor usability enhancement regarding warning for --text-only switch	2011-05-26 20:48:18 +00:00
Miroslav Stampar	f11d5c91e3	minor update so that only one DNS request per scan is being done (before this commit there were two)	2011-05-12 14:32:39 +00:00
Miroslav Stampar	120b0d756e	unfix	2011-05-10 21:33:06 +00:00
Bernardo Damele	3a8309c4b0	Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches	2011-05-10 15:34:54 +00:00
Bernardo Damele	1151af52bb	More fix for save/resume of --technique	2011-05-07 21:08:14 +00:00
Bernardo Damele	2d8408c885	More fix for --technique resume	2011-05-05 16:38:46 +00:00
Bernardo Damele	6cff3e97f4	cosmetics	2011-05-02 21:48:08 +00:00
Miroslav Stampar	06498796b9	minor cosmetics	2011-05-02 20:51:53 +00:00
Bernardo Damele	955dbc85e7	Minor variable rename	2011-04-30 15:29:59 +00:00
Bernardo Damele	f56d135438	Minor code restyling	2011-04-30 13:20:05 +00:00
Bernardo Damele	441c288dd9	cosmeticados	2011-04-25 00:36:09 +00:00
Miroslav Stampar	304500a2e8	implemented checkFalsePositives method (simple Turing like tests)	2011-04-22 12:24:16 +00:00
Miroslav Stampar	df0331fe9b	some more refactoring	2011-04-19 23:04:10 +00:00
Miroslav Stampar	9b0db33cc5	initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model	2011-04-19 08:55:38 +00:00
Miroslav Stampar	0387654166	update of copyright string (until year)	2011-04-15 12:33:18 +00:00
Bernardo Damele	5b21352656	cosmeticados ;)	2011-04-08 10:39:07 +00:00
Bernardo Damele	c6b9d89d31	Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly	2011-04-07 11:10:35 +00:00
Bernardo Damele	05d12790f1	closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message)	2011-04-06 14:41:44 +00:00
Miroslav Stampar	0916117447	improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names	2011-03-30 18:32:10 +00:00
Miroslav Stampar	dd01d66f13	proper update regarding last commit	2011-03-29 22:10:08 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	970cde5a8a	minor update regarding last commit	2011-03-17 09:23:46 +00:00
Miroslav Stampar	e64f225e65	minor refactoring	2011-03-11 20:16:34 +00:00
Miroslav Stampar	90582ed7dc	minor change	2011-02-21 11:35:21 +00:00
Miroslav Stampar	6cdf08b81c	minor fix	2011-02-17 21:51:40 +00:00
Miroslav Stampar	22cd49a217	--technique can now be something like 123 which includes both techniques 1, 2 and 3	2011-02-17 21:39:16 +00:00

1 2 3 4 5 ...

492 Commits