1827 Commits

Author	SHA1	Message	Date
Miroslav Stampar	ce51326bff	quick fix	2011-03-31 08:43:17 +00:00
Miroslav Stampar	0916117447	improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names	2011-03-30 18:32:10 +00:00
Miroslav Stampar	dd01d66f13	proper update regarding last commit	2011-03-29 22:10:08 +00:00
Miroslav Stampar	850328df6c	minor cosmetics	2011-03-29 22:03:48 +00:00
Miroslav Stampar	b6af80bab3	refactoring, cleanup and improvement	2011-03-29 21:54:15 +00:00
Miroslav Stampar	adfbfef8c1	minor refactoring	2011-03-29 21:01:47 +00:00
Miroslav Stampar	12f3024c8a	removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)	2011-03-29 20:45:21 +00:00
Miroslav Stampar	9f707febf5	minor update	2011-03-29 15:43:17 +00:00
Miroslav Stampar	d0861a00e2	minor improvement	2011-03-29 15:37:57 +00:00
Miroslav Stampar	d28ca5809b	adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)	2011-03-29 14:16:28 +00:00
Miroslav Stampar	7cf4ba83dc	minor refactoring and comment update	2011-03-29 12:08:07 +00:00
Miroslav Stampar	1821a008af	Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once	2011-03-29 12:00:29 +00:00
Miroslav Stampar	5560196648	minor fix	2011-03-29 11:50:12 +00:00
Miroslav Stampar	e20d460809	Bernardo will kill me (added --wizard for total beginners)	2011-03-29 11:42:55 +00:00
Miroslav Stampar	4d78eac938	revert of that thingy as requested by Bernardo	2011-03-29 10:06:35 +00:00
Miroslav Stampar	a9f5d828c6	minor fix avoiding problems with hashing strange characters in usernames	2011-03-29 07:50:07 +00:00
Miroslav Stampar	e8debbe724	minor cosmetics and one minor fix (|= is a nono with None)	2011-03-29 06:38:19 +00:00
Miroslav Stampar	86f93713d3	fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update	2011-03-29 06:25:17 +00:00
Miroslav Stampar	a2d5358b08	minor fix	2011-03-28 23:40:46 +00:00
Miroslav Stampar	9e900ccbac	minor comment update	2011-03-28 23:12:04 +00:00
Miroslav Stampar	a61e287d23	making updates for dummy Windows users	2011-03-28 23:09:19 +00:00
Miroslav Stampar	bf0e3c4662	improvement for --forms with empty fields	2011-03-28 22:48:00 +00:00
Miroslav Stampar	1823c116bb	minor update for special cases of union testing results	2011-03-28 21:45:38 +00:00
Miroslav Stampar	ae53ad4c30	making an update for special case of timed out response	2011-03-28 21:05:04 +00:00
Miroslav Stampar	1e22ff45de	minor update regarding testing of GET parameters if --data and/or --forms is used	2011-03-28 16:14:08 +00:00
Miroslav Stampar	625f124263	little info message	2011-03-28 12:13:17 +00:00
Miroslav Stampar	47924fb92e	fix for a bug reported by malice.anon@gmail.co​m (AttributeError: 'unicode' object has no attribute 'geturl')	2011-03-27 13:41:54 +00:00
Miroslav Stampar	76b7e3517d	minor update	2011-03-27 07:58:15 +00:00
Miroslav Stampar	dba32306b0	minor update	2011-03-26 22:03:46 +00:00
Miroslav Stampar	d8f7c4bc4c	minor update regarding support for crypt(3)	2011-03-26 21:41:37 +00:00
Miroslav Stampar	4f00b9fa4b	minor fix	2011-03-26 21:10:31 +00:00
Miroslav Stampar	afe2be6a9f	implementation of Standard DES hashing (crypt)	2011-03-26 20:46:25 +00:00
Miroslav Stampar	1119a85f39	it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)	2011-03-25 21:31:26 +00:00
Miroslav Stampar	6c6133e8aa	revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)	2011-03-25 20:46:37 +00:00
Miroslav Stampar	737b4abf13	this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)	2011-03-25 20:30:15 +00:00
Miroslav Stampar	422967fbcd	just an minor update related to the last commit	2011-03-25 12:21:53 +00:00
Miroslav Stampar	c5b6d377fb	fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages)	2011-03-25 12:14:19 +00:00
Miroslav Stampar	af5342c495	fix for partial inband queries on MSSQL	2011-03-25 11:19:15 +00:00
Miroslav Stampar	e80c9e08d8	minor update regarding --live-test	2011-03-25 09:03:08 +00:00
Miroslav Stampar	ea52d7acad	minor revisit of inference	2011-03-24 20:10:40 +00:00
Miroslav Stampar	1f1c4c0e61	better update related to the last commit	2011-03-24 20:04:20 +00:00
Miroslav Stampar	c0cc5d1dad	minor update	2011-03-24 17:18:03 +00:00
Miroslav Stampar	f3858a5fcf	another fix related to the bug reported by Alone Shell	2011-03-24 17:08:14 +00:00
Miroslav Stampar	e42cdfd138	adding possibility to run only one live test (e.g. --run-case=8)	2011-03-24 12:07:47 +00:00
Miroslav Stampar	2b15ad57c2	basic live tests against 3 major DBMSes	2011-03-24 11:47:01 +00:00
Miroslav Stampar	ecbbfeba6e	introduction of --fresh-queries	2011-03-24 10:08:47 +00:00
Miroslav Stampar	762397854e	fix for a bug reported by Kirill (unknown charset '8859-1')	2011-03-24 09:27:19 +00:00
Miroslav Stampar	d79fae724c	minor refactoring	2011-03-24 09:16:21 +00:00
Miroslav Stampar	0bb08d09d2	fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file	2011-03-24 08:43:40 +00:00
Miroslav Stampar	bd75fd26e9	implementing a --page-rank switch as requested by l0rda@l0rda.biz	2011-03-23 11:57:57 +00:00
Miroslav Stampar	0f7bce5c66	fixing a huge mess going on because of counting on error and union techniques	2011-03-23 11:36:40 +00:00
Miroslav Stampar	5a1aaecf16	minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION')	2011-03-22 13:07:37 +00:00
Miroslav Stampar	7613134515	it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)	2011-03-22 12:37:05 +00:00
Miroslav Stampar	9479a68eb5	minor fix regarding last commit	2011-03-22 12:21:56 +00:00
Miroslav Stampar	c24ed6e622	minor fix related to a bug reported by warninggp@gmail.com	2011-03-22 09:22:48 +00:00
Miroslav Stampar	cbfb10cbd1	fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...)	2011-03-21 16:43:46 +00:00
Miroslav Stampar	b5c9ccb755	Oracle XML based error payload has problems with char $ as with space	2011-03-21 13:13:12 +00:00
Miroslav Stampar	1abcd507b8	hidding --group-concat switch	2011-03-21 12:13:21 +00:00
Bernardo Damele	19e2ed9803	Layout fix	2011-03-21 00:40:25 +00:00
Miroslav Stampar	3ca5cddca7	massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL)	2011-03-20 23:54:56 +00:00
Miroslav Stampar	9b1f2d82d0	minor update (that .strip() was a leftover)	2011-03-20 23:20:47 +00:00
Miroslav Stampar	db992a0a86	mssql likes to htmlescape error reports	2011-03-20 23:16:34 +00:00
Miroslav Stampar	088c815567	minor update (exposing --tor switch)	2011-03-19 18:28:51 +00:00
Miroslav Stampar	2cc91b8470	minor fix	2011-03-19 17:44:34 +00:00
Miroslav Stampar	7c2b3afafb	minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r)	2011-03-19 17:37:26 +00:00
Miroslav Stampar	139448eeb9	little stabilization regarding POST url(de/en)coding	2011-03-19 16:53:14 +00:00
Miroslav Stampar	0fcd999e51	fix for a bug reported by malice	2011-03-18 16:52:46 +00:00
Miroslav Stampar	58e9a074d3	masking some more command line arguments	2011-03-18 16:47:18 +00:00
Miroslav Stampar	36233fac42	update regarding a feature request from andyroyalbattle@yahoo.it	2011-03-18 16:35:30 +00:00
Miroslav Stampar	00b9d85ffc	fix regarding bug report from andyroyalbattle@yahoo.it	2011-03-18 16:26:39 +00:00
Miroslav Stampar	4e300baaf2	minor cosmetics	2011-03-18 14:09:18 +00:00
Miroslav Stampar	3628887110	los cosmeticados	2011-03-18 14:08:36 +00:00
Miroslav Stampar	75c0e09f43	little refactoring	2011-03-18 13:46:51 +00:00
Miroslav Stampar	c301b245a9	adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value)	2011-03-18 13:39:51 +00:00
Miroslav Stampar	b53c9a2599	minor fix and some refactoring	2011-03-18 00:24:02 +00:00
Bernardo Damele	9526f0c4c2	Minor layout adjustments	2011-03-17 12:35:40 +00:00
Bernardo Damele	03fac62592	Minor code restyle	2011-03-17 12:34:29 +00:00
Miroslav Stampar	cbdd9e921e	minor cosmetics	2011-03-17 12:23:56 +00:00
Miroslav Stampar	6607a240cf	added logging to redirecthandler	2011-03-17 12:21:27 +00:00
Miroslav Stampar	9a513198dd	minor fix regarding last couple of commits	2011-03-17 11:25:37 +00:00
Miroslav Stampar	970cde5a8a	minor update regarding last commit	2011-03-17 09:23:46 +00:00
Miroslav Stampar	beba69faa9	implementation of request from Santiago (look for error based responses in redirects)	2011-03-17 09:12:28 +00:00
Miroslav Stampar	847ce863e3	refactoring	2011-03-17 08:54:20 +00:00
Miroslav Stampar	fbd0cfda29	minor update toward the implementation of request from Santiago	2011-03-17 06:39:05 +00:00
Bernardo Damele	f00aff5303	-v 0 shows both error, critical and raw_input messages	2011-03-11 22:02:38 +00:00
Bernardo Damele	d7d47b6257	Minor bug fix (revert)	2011-03-11 21:56:45 +00:00
Miroslav Stampar	e64f225e65	minor refactoring	2011-03-11 20:16:34 +00:00
Miroslav Stampar	2fd3f0d7b2	minor update (added comment)	2011-03-11 20:07:52 +00:00
Miroslav Stampar	6cc745f789	removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut)	2011-03-11 20:04:15 +00:00
Miroslav Stampar	5eae525010	this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly)	2011-03-11 19:57:44 +00:00
Bernardo Damele	d8a76ebe34	Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs	2011-03-11 16:03:19 +00:00
Bernardo Damele	3cb0ca4b63	Minor bug fix for --privileges on PgSQL with error-based SQL inj technique	2011-03-11 15:24:25 +00:00
Bernardo Damele	5af7410cb1	Another bug fix for --privileges on PgSQL with UNION query technique	2011-03-11 15:13:09 +00:00
Bernardo Damele	74ef1e53c7	Minor bug fixes to --privileges for PostgreSQL query (corner case)	2011-03-11 14:54:41 +00:00
Miroslav Stampar	1879a49506	fix for a bug reported by andreoaz@gmail.com	2011-03-10 20:40:12 +00:00
Miroslav Stampar	eb1cda7065	minor refactoring (more consistent)	2011-03-09 12:06:32 +00:00
Miroslav Stampar	62e3510387	minor refactoring	2011-03-09 11:37:37 +00:00
Miroslav Stampar	5c97f9a496	improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)	2011-03-09 09:36:56 +00:00
Miroslav Stampar	9b2962ff1c	now when we don't urlencode whole URI using : and \ as safe chars is not a good idea	2011-03-09 08:56:29 +00:00
Miroslav Stampar	30619c599b	minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...)	2011-03-08 11:53:59 +00:00
Miroslav Stampar	99adbbeaa3	los cosmeticados	2011-03-07 22:04:17 +00:00
Miroslav Stampar	cc0306044c	adding SVN revision number support for non SVN client platforms	2011-03-07 21:54:30 +00:00
Miroslav Stampar	154d947c62	minor update	2011-03-07 10:15:41 +00:00
Miroslav Stampar	16b286982d	fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split')	2011-03-07 09:50:43 +00:00
Miroslav Stampar	8edc3b3302	further update regarding last commit	2011-03-03 10:39:04 +00:00
Miroslav Stampar	bc50387a17	possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms)	2011-03-03 09:42:50 +00:00
Miroslav Stampar	3a1f5744be	minor update to make counting variable totally independent of the urllib2's self.retried	2011-03-02 10:42:17 +00:00
Miroslav Stampar	a010386a23	finally a proper fix for that annoying recursive bug	2011-03-02 10:29:38 +00:00
Miroslav Stampar	f27f05308a	minor update for masking sensitive data in error report (added aCred too)	2011-03-02 10:09:17 +00:00
Miroslav Stampar	ad2e4002ea	minor improvement	2011-03-01 10:38:27 +00:00
Miroslav Stampar	0f3cc153a3	fix for --technique	2011-03-01 09:54:06 +00:00
Miroslav Stampar	9856cb71de	redo of the last commit with comments added	2011-02-28 18:58:05 +00:00
Miroslav Stampar	ade31b2cb0	removal of obsolete item	2011-02-28 18:49:25 +00:00
Miroslav Stampar	2bf212ffa9	minor minor update	2011-02-27 20:43:38 +00:00
Miroslav Stampar	7036190e8e	minor improvement of regular expression	2011-02-27 17:58:01 +00:00
Miroslav Stampar	21041f8b90	further reflective value handling improvement	2011-02-27 17:43:41 +00:00
Bernardo Damele	6e8ebd35f4	Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable	2011-02-27 12:17:41 +00:00
Bernardo Damele	60605b6e7c	Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)	2011-02-27 12:14:13 +00:00
Miroslav Stampar	88faedc0fe	fix for a bug reported by -insane-	2011-02-26 17:48:19 +00:00
Miroslav Stampar	11996ce12e	bug fix for international encoded letters	2011-02-25 22:43:01 +00:00
Miroslav Stampar	63b8156c00	some update (if header key is non-unicode comformant)	2011-02-25 09:43:04 +00:00
Miroslav Stampar	2bbbc9a41e	few updates	2011-02-25 09:35:24 +00:00
Miroslav Stampar	aa88361ab1	incorporation of method for neutralization of reflective values	2011-02-25 09:22:44 +00:00
Miroslav Stampar	708ddf5608	added protection mechanism against reflected values	2011-02-24 16:52:46 +00:00
Miroslav Stampar	38dc82e13e	If no Accept header field is present, then it is assumed that the client accepts all media types.	2011-02-22 22:26:22 +00:00
Miroslav Stampar	d05bd75068	adding experimental for --group-concat	2011-02-22 14:35:38 +00:00
Miroslav Stampar	12ede1e5de	minor JIC (just-in-case) update	2011-02-22 13:18:47 +00:00
Miroslav Stampar	3f8eadf4fe	minor refactoring	2011-02-22 13:00:58 +00:00
Miroslav Stampar	dcad5410fe	minor refactoring	2011-02-22 12:54:22 +00:00
Miroslav Stampar	17c39fe231	fix for that non-HTML stuff	2011-02-22 11:32:55 +00:00
Bernardo Damele	3e8c204121	Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba	2011-02-21 16:00:56 +00:00
Miroslav Stampar	90582ed7dc	minor change	2011-02-21 11:35:21 +00:00
Miroslav Stampar	aac817935a	further improvement of MaxDB support	2011-02-20 22:41:42 +00:00
Miroslav Stampar	70449eb01b	minor bug fix	2011-02-20 21:35:28 +00:00
Miroslav Stampar	345df5968d	minor update	2011-02-20 21:27:38 +00:00
Miroslav Stampar	0c57f2af0f	minor fix	2011-02-20 12:20:44 +00:00
Bernardo Damele	023a80c31c	Section explanation change to reflect recent enhancements	2011-02-19 21:06:24 +00:00
Bernardo Damele	60b05ff49f	Reflect new switch name	2011-02-19 21:05:15 +00:00
Bernardo Damele	8e60acae5d	Added support for --scope also in WebScarab logs (-l)	2011-02-19 21:03:55 +00:00
Miroslav Stampar	b71bb321dd	some more Sybase updates	2011-02-19 18:04:27 +00:00
Miroslav Stampar	cec7694aac	some progress regarding SYBASE	2011-02-19 14:56:58 +00:00
Miroslav Stampar	e0efe453ab	minor update regarding Sybase support	2011-02-19 14:07:08 +00:00
Miroslav Stampar	df58bcaf95	minor improvement	2011-02-18 14:27:02 +00:00
Miroslav Stampar	3badf92ceb	not doing "basic" filtering in default cases because of a bug reported by Kazim	2011-02-18 07:38:13 +00:00
Miroslav Stampar	6cdf08b81c	minor fix	2011-02-17 21:51:40 +00:00
Miroslav Stampar	22cd49a217	--technique can now be something like 123 which includes both techniques 1, 2 and 3	2011-02-17 21:39:16 +00:00
Miroslav Stampar	7ebc1ab90a	minor cosmetics	2011-02-17 08:59:14 +00:00
Miroslav Stampar	199f14df46	implementation of MySQL GROUP_CONCAT technique	2011-02-15 00:28:27 +00:00
Bernardo Damele	2ea828e416	Proper fix for r3307 (file-write on MySQL via UNION query tech)	2011-02-13 22:48:01 +00:00
Miroslav Stampar	417b311475	minor update	2011-02-13 22:02:47 +00:00