Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bf0e3c4662 
							
						 
					 
					
						
						
							
							improvement for --forms with empty fields  
						
						
						
					 
					
						2011-03-28 22:48:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1e22ff45de 
							
						 
					 
					
						
						
							
							minor update regarding testing of GET parameters if --data and/or --forms is used  
						
						
						
					 
					
						2011-03-28 16:14:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bd75fd26e9 
							
						 
					 
					
						
						
							
							implementing a --page-rank switch as requested by l0rda@l0rda.biz  
						
						
						
					 
					
						2011-03-23 11:57:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c9ccb755 
							
						 
					 
					
						
						
							
							Oracle XML based error payload has problems with char $ as with space  
						
						
						
					 
					
						2011-03-21 13:13:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							970cde5a8a 
							
						 
					 
					
						
						
							
							minor update regarding last commit  
						
						
						
					 
					
						2011-03-17 09:23:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e64f225e65 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2011-03-11 20:16:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8edc3b3302 
							
						 
					 
					
						
						
							
							further update regarding last commit  
						
						
						
					 
					
						2011-03-03 10:39:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							90582ed7dc 
							
						 
					 
					
						
						
							
							minor change  
						
						
						
					 
					
						2011-02-21 11:35:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6cdf08b81c 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-02-17 21:51:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							22cd49a217 
							
						 
					 
					
						
						
							
							--technique can now be something like 123 which includes both techniques 1, 2 and 3  
						
						
						
					 
					
						2011-02-17 21:39:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7ebc1ab90a 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-02-17 08:59:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							50d25c3b4d 
							
						 
					 
					
						
						
							
							update regarding explicit testing of ua and referer when using -p  
						
						
						
					 
					
						2011-02-13 21:58:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb11fd173 
							
						 
					 
					
						
						
							
							update regarding multiple DBMS payloads  
						
						
						
					 
					
						2011-02-13 21:20:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							45a005737d 
							
						 
					 
					
						
						
							
							Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2  
						
						
						
					 
					
						2011-02-13 21:08:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							521635c84d 
							
						 
					 
					
						
						
							
							quick fix for UA and Referer  
						
						
						
					 
					
						2011-02-11 23:36:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							535eb9f3eb 
							
						 
					 
					
						
						
							
							implementation of referer feature  
						
						
						
					 
					
						2011-02-11 23:07:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6ab24e0b5 
							
						 
					 
					
						
						
							
							just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed  
						
						
						
					 
					
						2011-02-10 22:47:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0a81415f2f 
							
						 
					 
					
						
						
							
							Minor code cleanup  
						
						
						
					 
					
						2011-02-08 00:02:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c4f6d2e99 
							
						 
					 
					
						
						
							
							fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too  
						
						
						
					 
					
						2011-02-07 21:53:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a577d0e9a5 
							
						 
					 
					
						
						
							
							restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)  
						
						
						
					 
					
						2011-02-07 21:18:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							061f56daf9 
							
						 
					 
					
						
						
							
							More adjustments related to unescape() and cleanupPayload().  
						
						... 
						
						
						
						Minor code cleanup related to error-based payload. 
						
					 
					
						2011-02-06 23:27:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0800d9e49b 
							
						 
					 
					
						
						
							
							Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()  
						
						
						
					 
					
						2011-02-06 22:58:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							078a2207cc 
							
						 
					 
					
						
						
							
							few reverts  
						
						
						
					 
					
						2011-02-06 22:10:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b9b2fe0e7c 
							
						 
					 
					
						
						
							
							little cleanup  
						
						
						
					 
					
						2011-02-06 21:52:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2b96a66a2 
							
						 
					 
					
						
						
							
							one more update regarding last few "unescape" related commits  
						
						
						
					 
					
						2011-02-06 20:23:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c44978862e 
							
						 
					 
					
						
						
							
							Minor reordering of what gets saved into the injection object  
						
						
						
					 
					
						2011-02-06 15:20:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b56a77e573 
							
						 
					 
					
						
						
							
							removing obsolete switches (--threshold, --excl-reg, --excl-str)  
						
						
						
					 
					
						2011-02-03 15:55:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8134c2154a 
							
						 
					 
					
						
						
							
							adding WHERE enum for payloads  
						
						
						
					 
					
						2011-02-02 13:34:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d875d848ce 
							
						 
					 
					
						
						
							
							Better sort  
						
						
						
					 
					
						2011-02-01 22:04:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6761933f75 
							
						 
					 
					
						
						
							
							Just.. cosmetics ;)  
						
						
						
					 
					
						2011-01-31 22:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fa58a9c86b 
							
						 
					 
					
						
						
							
							update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)  
						
						
						
					 
					
						2011-01-31 20:36:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8ef47307db 
							
						 
					 
					
						
						
							
							added checking of header values for GREP (error); still UNION to do  
						
						
						
					 
					
						2011-01-31 12:21:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8278d821ac 
							
						 
					 
					
						
						
							
							Another layout adjustment  
						
						
						
					 
					
						2011-01-30 16:23:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							367d0639f0 
							
						 
					 
					
						
						
							
							refactoring (class names should always be Capital cased)  
						
						
						
					 
					
						2011-01-28 16:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e74c571bc 
							
						 
					 
					
						
						
							
							centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels  
						
						
						
					 
					
						2011-01-27 19:44:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10b723f196 
							
						 
					 
					
						
						
							
							minor fix for a bug reported by yonnym@googlemail.com  
						
						
						
					 
					
						2011-01-25 22:26:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e1db2700f0 
							
						 
					 
					
						
						
							
							Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads  
						
						
						
					 
					
						2011-01-24 12:25:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c4c79477d 
							
						 
					 
					
						
						
							
							world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql)  
						
						
						
					 
					
						2011-01-21 18:32:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9770db597e 
							
						 
					 
					
						
						
							
							Centralization of unescape()  
						
						
						
					 
					
						2011-01-20 21:55:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							496a84c356 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-20 18:32:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bade0e3124 
							
						 
					 
					
						
						
							
							Major code refactoring - centralized all kb.dbms* info for both retrieval and set.  
						
						
						
					 
					
						2011-01-19 23:06:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eda0b41859 
							
						 
					 
					
						
						
							
							Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.  
						
						... 
						
						
						
						Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup 
						
					 
					
						2011-01-18 23:03:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c2a358561f 
							
						 
					 
					
						
						
							
							Proper support for --union-cols  
						
						
						
					 
					
						2011-01-17 22:57:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47565f9459 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2011-01-17 21:13:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5e36876e7 
							
						 
					 
					
						
						
							
							removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency  
						
						
						
					 
					
						2011-01-16 19:29:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							718eef8753 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2011-01-16 18:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec1ab3cd2a 
							
						 
					 
					
						
						
							
							removing timeSec from injection configuration attributes as it highly depends on current connection "variables"  
						
						
						
					 
					
						2011-01-16 12:12:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71391874eb 
							
						 
					 
					
						
						
							
							slightly faster and thread safer inference  
						
						
						
					 
					
						2011-01-16 10:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc4ebdc1b 
							
						 
					 
					
						
						
							
							Major bug fix.  
						
						... 
						
						
						
						Minor code refactoring. 
						
					 
					
						2011-01-16 01:17:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c0d5daee99 
							
						 
					 
					
						
						
							
							More refactoring and cleanup  
						
						
						
					 
					
						2011-01-16 00:15:30 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d3a28124b1 
							
						 
					 
					
						
						
							
							More code cleanup  
						
						
						
					 
					
						2011-01-15 23:11:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4a35f598b8 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-15 22:09:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0f565c941e 
							
						 
					 
					
						
						
							
							bug fix and proper warning message  
						
						
						
					 
					
						2011-01-15 16:59:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5bdb50c224 
							
						 
					 
					
						
						
							
							code review part 3  
						
						
						
					 
					
						2011-01-15 13:15:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a0e0cde3c 
							
						 
					 
					
						
						
							
							code review of modules in lib/core directory  
						
						
						
					 
					
						2011-01-15 12:13:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05b2a338fe 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2011-01-14 16:12:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bff989d348 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-14 15:43:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							daf5662eab 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2011-01-14 15:33:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08f7e20c51 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 14:55:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9d7cdfaa 
							
						 
					 
					
						
						
							
							refactoring, code clearing and removal of obsolete switch --longest-common  
						
						
						
					 
					
						2011-01-14 14:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e9b11b79 
							
						 
					 
					
						
						
							
							Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms.  
						
						
						
					 
					
						2011-01-14 12:47:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3c95d71ea5 
							
						 
					 
					
						
						
							
							Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase  
						
						
						
					 
					
						2011-01-14 11:55:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							676b95b30a 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2011-01-14 09:44:56 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f8c04ce020 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2011-01-13 20:59:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ece2eb31ca 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-13 11:08:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							be6e2d6a31 
							
						 
					 
					
						
						
							
							Important bug fix.  
						
						... 
						
						
						
						Minor code restyling. 
						
					 
					
						2011-01-13 09:41:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af9725214a 
							
						 
					 
					
						
						
							
							Properly deal with partial (single entry) UNION injections.  
						
						... 
						
						
						
						Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase. 
						
					 
					
						2011-01-12 12:01:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8bdb7ec58c 
							
						 
					 
					
						
						
							
							Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.  
						
						
						
					 
					
						2011-01-12 00:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5c7c3c76c3 
							
						 
					 
					
						
						
							
							Fixed previous bug in getErrorParsedDBMSes() call in detection phase.  
						
						... 
						
						
						
						Added minor support to escape quotes in UNION payloads during detection phase. 
						
					 
					
						2011-01-11 23:47:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2f5995a7eb 
							
						 
					 
					
						
						
							
							Added generic and mysql UNION tests from 1 to 25 columns.  
						
						... 
						
						
						
						Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests. 
						
					 
					
						2011-01-11 22:56:21 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							300128042c 
							
						 
					 
					
						
						
							
							First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.  
						
						... 
						
						
						
						Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY. 
						
					 
					
						2011-01-11 22:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1c86ec374e 
							
						 
					 
					
						
						
							
							Code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-07 15:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cc9ca802bf 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-06 08:54:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							572f403069 
							
						 
					 
					
						
						
							
							update of one thing that was missing  
						
						
						
					 
					
						2011-01-03 21:28:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6aa616bd0d 
							
						 
					 
					
						
						
							
							minor minor fix  
						
						
						
					 
					
						2011-01-03 14:28:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							92e4cdb241 
							
						 
					 
					
						
						
							
							raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic  
						
						
						
					 
					
						2011-01-03 14:21:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3629c2737b 
							
						 
					 
					
						
						
							
							automatically turn on --text-only in case of heavily-dynamicity instead of critical exit  
						
						
						
					 
					
						2011-01-03 11:06:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adc41181e6 
							
						 
					 
					
						
						
							
							some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one  
						
						
						
					 
					
						2011-01-03 10:37:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5860b8942f 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 09:16:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d19a8d53e4 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-03 08:46:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8625494ff2 
							
						 
					 
					
						
						
							
							added one new quick check for multiple target(s) mode  
						
						
						
					 
					
						2011-01-03 08:32:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f9b6b2254 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2011-01-02 16:51:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5c6c870db4 
							
						 
					 
					
						
						
							
							removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode  
						
						
						
					 
					
						2011-01-02 08:43:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da138c46c1 
							
						 
					 
					
						
						
							
							added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)  
						
						
						
					 
					
						2011-01-02 07:37:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec4440108b 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2011-01-02 07:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							428e817a32 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2011-01-01 23:57:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							212035e64d 
							
						 
					 
					
						
						
							
							user can now choose if he wants to skip non-heuristic based DBMS tests  
						
						
						
					 
					
						2011-01-01 23:38:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8a93cfd975 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 22:43:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							52e44df86c 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 21:11:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							942cbafba6 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-01 20:19:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4fd8b3f0c 
							
						 
					 
					
						
						
							
							(e) finally works as it should  
						
						
						
					 
					
						2011-01-01 19:22:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							15e6911fd8 
							
						 
					 
					
						
						
							
							fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write')  
						
						
						
					 
					
						2011-01-01 12:23:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							91f665aaaa 
							
						 
					 
					
						
						
							
							bug fix for Ctrl+C  
						
						
						
					 
					
						2010-12-31 15:00:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5db8ebbfa9 
							
						 
					 
					
						
						
							
							update of mysql comment versions  
						
						
						
					 
					
						2010-12-31 12:42:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							613242e298 
							
						 
					 
					
						
						
							
							bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)  
						
						
						
					 
					
						2010-12-29 19:48:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8f32c740ff 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-29 19:39:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6700cabc36 
							
						 
					 
					
						
						
							
							minor optimization  
						
						
						
					 
					
						2010-12-29 19:01:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							569e060aab 
							
						 
					 
					
						
						
							
							important improvement  
						
						
						
					 
					
						2010-12-26 13:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2d115e0350 
							
						 
					 
					
						
						
							
							one more fix  
						
						
						
					 
					
						2010-12-24 18:44:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							edcf1a0872 
							
						 
					 
					
						
						
							
							few bug fixes  
						
						
						
					 
					
						2010-12-24 18:40:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96a06351a1 
							
						 
					 
					
						
						
							
							minor fix (in testing phase raise404 should be set to False)  
						
						
						
					 
					
						2010-12-24 12:36:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c23a59ba5 
							
						 
					 
					
						
						
							
							fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)  
						
						
						
					 
					
						2010-12-24 12:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aab14fa2d3 
							
						 
					 
					
						
						
							
							minor refactoring/cosmetics  
						
						
						
					 
					
						2010-12-24 11:06:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							23dc408901 
							
						 
					 
					
						
						
							
							prioritization of tests based on DBMS error messages and some comments in common.py  
						
						
						
					 
					
						2010-12-24 10:55:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							017ea9e686 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-23 14:06:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							73f33c1999 
							
						 
					 
					
						
						
							
							bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)  
						
						
						
					 
					
						2010-12-23 11:28:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fc60215ed 
							
						 
					 
					
						
						
							
							lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.  
						
						
						
					 
					
						2010-12-22 19:12:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5228f336da 
							
						 
					 
					
						
						
							
							Minor fix for ctrl+c during detection phase  
						
						
						
					 
					
						2010-12-22 13:15:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08c88495d0 
							
						 
					 
					
						
						
							
							removed that ugly hack  
						
						
						
					 
					
						2010-12-22 13:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d974a966b8 
							
						 
					 
					
						
						
							
							minor fix for end phase (Ctrl+C)  
						
						
						
					 
					
						2010-12-21 23:55:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0e68248f60 
							
						 
					 
					
						
						
							
							minor update of heuristic check  
						
						
						
					 
					
						2010-12-21 12:56:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							16f1f4e13e 
							
						 
					 
					
						
						
							
							when doing dynamic checks there are cases when 404 can be raised (perfectly normal)  
						
						
						
					 
					
						2010-12-21 11:04:49 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad6b528b33 
							
						 
					 
					
						
						
							
							Bit more verbose comment  
						
						
						
					 
					
						2010-12-21 10:47:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							416755c0b7 
							
						 
					 
					
						
						
							
							minor adjustments  
						
						
						
					 
					
						2010-12-21 00:25:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e10670d9ac 
							
						 
					 
					
						
						
							
							added end detection phase choice into Ctrl+C list  
						
						
						
					 
					
						2010-12-20 23:34:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b34fe5c334 
							
						 
					 
					
						
						
							
							no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout)  
						
						
						
					 
					
						2010-12-20 22:49:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaf8929085 
							
						 
					 
					
						
						
							
							more minor updates  
						
						
						
					 
					
						2010-12-20 10:48:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fd00ff7a82 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-20 10:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e9f1ecb9e7 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-20 10:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							10a7a2dfb2 
							
						 
					 
					
						
						
							
							kids, don't use this at home  
						
						
						
					 
					
						2010-12-20 10:13:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4cb83654dc 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-18 16:28:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							05c6d661e8 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-18 10:49:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03220d34ba 
							
						 
					 
					
						
						
							
							added Ctrl+C check in detection phase  
						
						
						
					 
					
						2010-12-18 10:42:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe67d3827c 
							
						 
					 
					
						
						
							
							code refactoring and some fixes  
						
						
						
					 
					
						2010-12-18 09:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							323af45ce4 
							
						 
					 
					
						
						
							
							added one more time request payload to confirm test results  
						
						
						
					 
					
						2010-12-17 07:53:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e3fa3b0e8e 
							
						 
					 
					
						
						
							
							fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint')  
						
						
						
					 
					
						2010-12-17 07:48:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f8a01ddaf8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-15 11:21:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							63f5c35c23 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-12-15 10:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5fb921154 
							
						 
					 
					
						
						
							
							removed debug print  
						
						
						
					 
					
						2010-12-09 20:08:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eb2c408a9 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-09 16:49:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							df5f6bc1b7 
							
						 
					 
					
						
						
							
							Little precaution  
						
						
						
					 
					
						2010-12-09 14:06:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fb04515d3 
							
						 
					 
					
						
						
							
							Added hidden (for the moment) switch --technique  
						
						
						
					 
					
						2010-12-09 13:47:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0c01be0eeb 
							
						 
					 
					
						
						
							
							Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).  
						
						
						
					 
					
						2010-12-09 00:34:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9c61adb21d 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-09 00:26:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							10ef2b5de8 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-12-08 23:09:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81c16926c1 
							
						 
					 
					
						
						
							
							code refactoring some more  
						
						
						
					 
					
						2010-12-08 14:46:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ed09c53ee4 
							
						 
					 
					
						
						
							
							minor minor update  
						
						
						
					 
					
						2010-12-08 14:27:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ae2fa7f1a 
							
						 
					 
					
						
						
							
							update regarding time based payloads  
						
						
						
					 
					
						2010-12-08 11:26:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4a63f5b1e 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 23:49:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							293ce18fed 
							
						 
					 
					
						
						
							
							two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)  
						
						
						
					 
					
						2010-12-07 23:32:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							575e50673b 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 19:27:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							398b82644a 
							
						 
					 
					
						
						
							
							little explanation  
						
						
						
					 
					
						2010-12-07 19:25:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc651d59ec 
							
						 
					 
					
						
						
							
							little mathematics here and there (used "Rules for normally distributed data")  
						
						
						
					 
					
						2010-12-07 19:19:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ee72838231 
							
						 
					 
					
						
						
							
							Removed debug print  
						
						
						
					 
					
						2010-12-07 17:19:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f97312f29 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-07 17:17:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecd4a5a532 
							
						 
					 
					
						
						
							
							added standard deviation check in time based tests  
						
						
						
					 
					
						2010-12-07 16:39:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							294119d2ec 
							
						 
					 
					
						
						
							
							more advanced time technique(s)  
						
						
						
					 
					
						2010-12-07 16:04:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4959da3ce6 
							
						 
					 
					
						
						
							
							it's a must to double check time based payloads  
						
						
						
					 
					
						2010-12-07 14:59:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e53fef546e 
							
						 
					 
					
						
						
							
							update regarding session page templates  
						
						
						
					 
					
						2010-12-07 14:35:31 +00:00