Miroslav Stampar
|
0d8fca30c9
|
Fix for an Issue #59
|
2012-08-16 11:31:43 +02:00 |
|
Miroslav Stampar
|
432b567584
|
Fix for an Issue #141
|
2012-08-08 00:03:58 +02:00 |
|
Miroslav Stampar
|
fec8a5cc9d
|
Fix for an Issue #139
|
2012-08-07 00:50:58 +02:00 |
|
Miroslav Stampar
|
922ea9d1f4
|
Update for Issue #118
|
2012-07-24 15:43:29 +02:00 |
|
Miroslav Stampar
|
a7d1a0c250
|
Implementation for an Issue #117
|
2012-07-23 14:14:22 +02:00 |
|
Bernardo Damele
|
5f876bdbbe
|
minor adjustments
|
2012-07-16 22:50:29 +01:00 |
|
Miroslav Stampar
|
786686da60
|
Minor language update
|
2012-07-13 14:53:42 +02:00 |
|
Miroslav Stampar
|
3c81f74823
|
Minor style update
|
2012-07-13 12:22:37 +02:00 |
|
Miroslav Stampar
|
c5ecc8b8db
|
Closing work on Issue #83
|
2012-07-13 11:23:21 +02:00 |
|
Bernardo Damele
|
162da75a04
|
modified homepage address
|
2012-07-12 18:38:03 +01:00 |
|
Miroslav Stampar
|
569c9214bf
|
Adding support for boldifying important logging messages
|
2012-07-12 16:30:35 +02:00 |
|
Miroslav Stampar
|
65639cdda6
|
First update for Issue #75 (error-based dumping)
|
2012-07-12 14:31:28 +02:00 |
|
Miroslav Stampar
|
c6464b44be
|
Some more refactoring
|
2012-07-11 20:13:23 +02:00 |
|
Miroslav Stampar
|
d7926b8aac
|
Minor refactoring
|
2012-07-11 19:54:21 +02:00 |
|
Bernardo Damele
|
eb7ffb8f91
|
setup for implementing logging colouring - issue #77
|
2012-07-10 02:54:37 +01:00 |
|
Miroslav Stampar
|
3ff28e58b4
|
Update regarding Issue #52
|
2012-07-08 19:24:25 +02:00 |
|
Bernardo Damele
|
4fa6d51d93
|
improved issues link
|
2012-07-05 16:26:50 +01:00 |
|
Miroslav Stampar
|
c3c1b9e957
|
Minor restyling
|
2012-07-04 20:28:18 +02:00 |
|
Bernardo Damele
|
793fa464e3
|
website url fix
|
2012-07-03 13:14:39 +01:00 |
|
Miroslav Stampar
|
481b46a004
|
Restyling output for Issue #52
|
2012-07-03 13:06:52 +02:00 |
|
Miroslav Stampar
|
3af1532700
|
Implementation for Issue #54
|
2012-07-03 12:09:18 +02:00 |
|
Miroslav Stampar
|
8eefe4b71f
|
Getting back revision number - displayed like in GitHub commits (Issue #52)
|
2012-07-02 13:01:20 +02:00 |
|
Miroslav Stampar
|
21d9ae0a2c
|
some more refactoring
|
2012-07-01 01:19:54 +02:00 |
|
Miroslav Stampar
|
2a72fcce2b
|
Fix for Issue #42
|
2012-06-28 13:55:30 +02:00 |
|
jekil
|
c39e5a85ba
|
Removed $id$ tags
|
2012-06-27 20:56:43 +02:00 |
|
Miroslav Stampar
|
452ef202ae
|
minor fixes
|
2012-06-17 22:48:23 +00:00 |
|
Miroslav Stampar
|
b9f6943a42
|
minor update
|
2012-06-17 21:23:12 +00:00 |
|
Miroslav Stampar
|
06be7bbb18
|
few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)
|
2012-06-15 20:41:53 +00:00 |
|
Miroslav Stampar
|
058a9c59a2
|
fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)
|
2012-06-05 22:40:55 +00:00 |
|
Miroslav Stampar
|
d335ec0c34
|
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
|
2012-05-26 07:00:26 +00:00 |
|
Miroslav Stampar
|
37f2709197
|
making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)
|
2012-05-09 09:08:23 +00:00 |
|
Miroslav Stampar
|
efd27d7ade
|
minor renaming
|
2012-04-17 08:41:19 +00:00 |
|
Miroslav Stampar
|
627bfc589f
|
some more updates in reflective removal mechanism
|
2012-04-11 21:26:00 +00:00 |
|
Miroslav Stampar
|
01bd5d0ab2
|
some more updates for reflective mechanism
|
2012-04-11 10:41:33 +00:00 |
|
Miroslav Stampar
|
9c2f244d47
|
minor fix
|
2012-04-10 22:20:53 +00:00 |
|
Miroslav Stampar
|
119eec3598
|
improving "boolean detection" by automatic recognition of convenient --string candidate
|
2012-04-10 21:48:34 +00:00 |
|
Miroslav Stampar
|
b2afa87e48
|
reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)
|
2012-04-06 08:42:36 +00:00 |
|
Bernardo Damele
|
d106fb5184
|
layout adjustments
|
2012-04-04 12:27:24 +00:00 |
|
Miroslav Stampar
|
1cd3c3f7af
|
further update of DNS data retrieval mechanism through SQLi
|
2012-04-02 14:05:30 +00:00 |
|
Miroslav Stampar
|
772ead8d03
|
fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values
|
2012-03-29 12:44:20 +00:00 |
|
Miroslav Stampar
|
9433bbe26d
|
memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)
|
2012-03-28 19:27:12 +00:00 |
|
Miroslav Stampar
|
a8c9a47092
|
redirect logic rewritten from scratch
|
2012-03-15 11:10:58 +00:00 |
|
Miroslav Stampar
|
ca0d068575
|
distinguishing NULL from BLANK
|
2012-03-14 13:52:23 +00:00 |
|
Miroslav Stampar
|
e827f41cdb
|
using pickle HIGHEST_PROTOCOL just in case
|
2012-03-13 09:35:37 +00:00 |
|
Miroslav Stampar
|
cda8815634
|
introducing safe deprecation mechanism for HashDB versioning
|
2012-03-12 22:55:57 +00:00 |
|
Miroslav Stampar
|
b3bd4144f5
|
removing of unused imports together with some general code refactoring
|
2012-02-22 10:40:11 +00:00 |
|
Miroslav Stampar
|
bc4dd7c0dd
|
fix for -g
|
2012-02-20 10:02:19 +00:00 |
|
Miroslav Stampar
|
aee269cc14
|
gazillion changes, nothing will work, muhahaha
|
2012-02-17 14:22:48 +00:00 |
|
Miroslav Stampar
|
dcf7277a0f
|
some more refactorings
|
2012-02-16 14:42:28 +00:00 |
|
Miroslav Stampar
|
bcf9fc6c6f
|
minor refactoring
|
2012-02-16 09:32:47 +00:00 |
|
Miroslav Stampar
|
23cc8b6974
|
minor fix for special cases when parameter value contains html encoded characters
|
2012-02-14 14:08:10 +00:00 |
|
Miroslav Stampar
|
2b05ded9c3
|
just a makeup
|
2012-02-07 12:05:23 +00:00 |
|
Miroslav Stampar
|
f7bf1fbe94
|
upgrade/fixes for direct DBMS access
|
2012-02-07 10:46:55 +00:00 |
|
Bernardo Damele
|
c0f4b4632d
|
Minor fix
|
2012-02-02 12:55:39 +00:00 |
|
Miroslav Stampar
|
f2857e38ba
|
minor update
|
2012-01-30 10:19:03 +00:00 |
|
Bernardo Damele
|
7e560eec1f
|
Minor fix
|
2012-01-13 12:54:45 +00:00 |
|
Miroslav Stampar
|
95f89ab63a
|
updating copyright date
|
2012-01-11 14:59:46 +00:00 |
|
Miroslav Stampar
|
2b5e429dc2
|
one more level of defense against user himself
|
2012-01-07 17:16:14 +00:00 |
|
Miroslav Stampar
|
759465bde5
|
minor fix
|
2012-01-06 00:06:38 +00:00 |
|
Miroslav Stampar
|
37d78ffe01
|
minor optimization
|
2011-12-28 15:59:30 +00:00 |
|
Miroslav Stampar
|
dda979a15a
|
minor refactoring
|
2011-12-27 12:31:29 +00:00 |
|
Miroslav Stampar
|
c20546dcaa
|
minor refactoring
|
2011-12-26 12:24:39 +00:00 |
|
Miroslav Stampar
|
89d2c7c042
|
minor update
|
2011-12-22 20:54:20 +00:00 |
|
Miroslav Stampar
|
abb401879c
|
minor update
|
2011-12-22 20:42:57 +00:00 |
|
Miroslav Stampar
|
087e29d272
|
minor update
|
2011-12-22 20:14:56 +00:00 |
|
Miroslav Stampar
|
094129a656
|
minor optimization
|
2011-12-22 15:42:21 +00:00 |
|
Miroslav Stampar
|
9f68e54fff
|
minor cleanup
|
2011-12-22 10:59:28 +00:00 |
|
Miroslav Stampar
|
526aacb640
|
code cleanup
|
2011-12-21 22:59:23 +00:00 |
|
Miroslav Stampar
|
81bd9a201b
|
minor refactoring
|
2011-12-21 11:50:49 +00:00 |
|
Miroslav Stampar
|
95cd9e2af3
|
adding support for scanning Host header values (-p host)
|
2011-12-20 12:52:41 +00:00 |
|
Miroslav Stampar
|
364113441b
|
adding (for now) hidden switch --tor-http (utilizing Tor proxy bundles)
|
2011-12-14 10:19:45 +00:00 |
|
Bernardo Damele
|
8fe72d87a8
|
minor bug fix for mysql -d --file-read
|
2011-12-06 10:57:23 +00:00 |
|
Miroslav Stampar
|
71c46f50aa
|
adding option --csv-del
|
2011-11-30 17:39:41 +00:00 |
|
Miroslav Stampar
|
02bd9a54f3
|
minor update
|
2011-11-30 17:19:21 +00:00 |
|
Miroslav Stampar
|
885b432808
|
minor update
|
2011-11-23 21:39:53 +00:00 |
|
Miroslav Stampar
|
2e10de8921
|
minor update
|
2011-11-22 12:18:24 +00:00 |
|
Miroslav Stampar
|
ac041399f0
|
minor patch
|
2011-11-22 11:04:43 +00:00 |
|
Miroslav Stampar
|
9697e80013
|
some more optimizations
|
2011-11-22 10:54:29 +00:00 |
|
Miroslav Stampar
|
eee03871d7
|
minor refactoring
|
2011-11-21 21:31:08 +00:00 |
|
Miroslav Stampar
|
440b7efe55
|
minor optimization
|
2011-11-20 20:14:47 +00:00 |
|
Miroslav Stampar
|
e1a92d59de
|
implementing WordPress phpass hash cracking routine
|
2011-11-20 19:10:46 +00:00 |
|
Miroslav Stampar
|
f1979936c8
|
minor update
|
2011-11-18 15:32:33 +00:00 |
|
Miroslav Stampar
|
d735582536
|
major speed improvement of hash cracking
|
2011-11-02 06:53:43 +00:00 |
|
Miroslav Stampar
|
7ce3af68fc
|
fixing support for parsing BURP logs
|
2011-10-27 17:31:34 +00:00 |
|
Miroslav Stampar
|
d64c0af461
|
minor update
|
2011-10-26 14:31:00 +00:00 |
|
Miroslav Stampar
|
86b4a3562f
|
added switch --check-tor
|
2011-10-25 17:37:43 +00:00 |
|
Miroslav Stampar
|
c1486ed4be
|
adding usage of non-encoded/decoded post data (if data is recognized to be already encoded) by user request
|
2011-10-25 09:53:44 +00:00 |
|
Miroslav Stampar
|
323aa7bf2f
|
minor update
|
2011-10-09 21:21:41 +00:00 |
|
Miroslav Stampar
|
e0f521cf9d
|
minor update regarding --randomize
|
2011-08-29 13:08:25 +00:00 |
|
Bernardo Damele
|
9361e633f4
|
Minor bug fix - some applications do really set cookies like param="value" with double-quotes
|
2011-08-16 09:21:01 +00:00 |
|
Miroslav Stampar
|
7cc5743c5d
|
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
|
2011-08-16 06:50:20 +00:00 |
|
Miroslav Stampar
|
df4abf1af1
|
lowering constant value from 10 to 7 for da peace in da houz
|
2011-08-12 17:19:19 +00:00 |
|
Miroslav Stampar
|
9423d15fb3
|
ORDER BY technique used for finding proper UNION col count (dramatical improvement of speed and capabilities) and one minor bug fix
|
2011-08-03 09:08:16 +00:00 |
|
Miroslav Stampar
|
5770c08784
|
minor optimization and refactoring
|
2011-07-25 20:17:44 +00:00 |
|
Miroslav Stampar
|
ec1bc0219c
|
hello big tables, this is sqlmap, sqlmap this is big tables
|
2011-07-24 09:19:33 +00:00 |
|
Miroslav Stampar
|
094dc91e2d
|
minor update (prior to some changes regarding large content retrieval)
|
2011-07-23 19:04:59 +00:00 |
|
Miroslav Stampar
|
9cf33ec997
|
now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char
|
2011-07-15 13:24:13 +00:00 |
|
Miroslav Stampar
|
5c162efbd8
|
more optimization
|
2011-07-12 23:21:15 +00:00 |
|
Miroslav Stampar
|
5443e06430
|
cosmetics (in debug mode [0] is used)
|
2011-07-08 09:43:52 +00:00 |
|
Bernardo Damele
|
aedcf8c8d7
|
Changed homepage address
|
2011-07-07 20:10:03 +00:00 |
|
Bernardo Damele
|
067354b97f
|
Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access
|
2011-07-07 13:20:40 +00:00 |
|
Bernardo Damele
|
fcd4e94c04
|
Higher chances to detect UNION query SQL injection against Microsoft Access
|
2011-07-06 23:52:44 +00:00 |
|
Miroslav Stampar
|
93b296e02c
|
few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")
|
2011-07-06 05:44:47 +00:00 |
|
Miroslav Stampar
|
b8ffcf9495
|
few fixes here and there and multi-core processing for dictionary based hash attack
|
2011-07-04 19:58:41 +00:00 |
|
Bernardo Damele
|
36c96ef796
|
Added DB2 support - patch provided by Sebastian Bittig
|
2011-06-25 09:44:24 +00:00 |
|
Miroslav Stampar
|
aa83fe5c66
|
minor update
|
2011-06-24 18:19:33 +00:00 |
|
Miroslav Stampar
|
21010f702c
|
minor beautification
|
2011-06-24 17:46:54 +00:00 |
|
Miroslav Stampar
|
96190cf594
|
minor update
|
2011-06-24 17:15:15 +00:00 |
|
Bernardo Damele
|
1cb12ea659
|
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
|
2011-06-22 13:31:07 +00:00 |
|
Miroslav Stampar
|
2a4a284a29
|
crawler fix (skip binary files)
|
2011-06-20 22:41:38 +00:00 |
|
Miroslav Stampar
|
d6062e8fc9
|
minor fix for crawler and far less message overlaps in future
|
2011-06-20 21:18:12 +00:00 |
|
Miroslav Stampar
|
31ad0875b4
|
added by request
|
2011-06-18 11:34:51 +00:00 |
|
Miroslav Stampar
|
ec6fa384eb
|
update
|
2011-06-17 22:04:25 +00:00 |
|
Miroslav Stampar
|
530c296519
|
minor fix
|
2011-06-16 13:56:17 +00:00 |
|
Miroslav Stampar
|
6f681b45ad
|
cleaning up a bit for a configuration mess
|
2011-06-16 11:42:13 +00:00 |
|
Miroslav Stampar
|
2da56ea507
|
fix of a language bug
|
2011-06-11 21:17:30 +00:00 |
|
Miroslav Stampar
|
f8dde2c23b
|
adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)
|
2011-06-10 23:18:43 +00:00 |
|
Bernardo Damele
|
7da3d8dbd1
|
minor layout adjustment
|
2011-06-08 13:01:33 +00:00 |
|
Miroslav Stampar
|
f27181c628
|
minor improvement for blind based injections with reflected values
|
2011-06-03 14:41:36 +00:00 |
|
Miroslav Stampar
|
89559d1b0a
|
better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it
|
2011-05-30 20:18:30 +00:00 |
|
Miroslav Stampar
|
20988e58ed
|
warp 5 mr spock :)
|
2011-05-30 09:46:32 +00:00 |
|
Miroslav Stampar
|
001cbff2a9
|
speed up of 2 times for partial union technique
|
2011-05-30 09:07:48 +00:00 |
|
Miroslav Stampar
|
d51efa679d
|
typo update
|
2011-05-29 06:26:28 +00:00 |
|
Miroslav Stampar
|
f848cc779e
|
adding legal disclaimer as latest situation (these days news headlines) seems out of control
|
2011-05-28 18:54:14 +00:00 |
|
Miroslav Stampar
|
03ef53f00a
|
update regarding mysql function resolution and versionedkeywords
|
2011-05-28 17:34:43 +00:00 |
|
Miroslav Stampar
|
4f46a5ab63
|
minor usability enhancement regarding warning for --text-only switch
|
2011-05-26 20:48:18 +00:00 |
|
Miroslav Stampar
|
0e480a9921
|
adding SYS to the ORACLE_SYSTEM_DBS
|
2011-05-25 10:55:47 +00:00 |
|
Miroslav Stampar
|
f774d8fea0
|
proper Tor settings (reverted r3915 and implemented it the right way)
|
2011-05-24 11:06:58 +00:00 |
|
Miroslav Stampar
|
a58aaf2e1a
|
better format for results file (easier for sorting when lots of files)
|
2011-05-22 07:02:36 +00:00 |
|
Miroslav Stampar
|
25fff8c135
|
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
|
2011-05-21 11:46:57 +00:00 |
|
Miroslav Stampar
|
9e5856caf8
|
improvement for recognition of scalar vs multiple-row commands
|
2011-05-19 16:45:05 +00:00 |
|
Miroslav Stampar
|
3048e9f710
|
minor refactoring
|
2011-05-17 23:03:31 +00:00 |
|
Miroslav Stampar
|
faa74cd2bc
|
introducing results file for multiple target mode
|
2011-05-15 22:21:38 +00:00 |
|
Bernardo Damele
|
aae140080e
|
SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
|
2011-05-06 10:27:43 +00:00 |
|
Miroslav Stampar
|
6e392b6054
|
applying contributed patch for DB2
|
2011-05-06 09:30:39 +00:00 |
|
Miroslav Stampar
|
742b0ef76e
|
major improvement of ERROR data retrieval on MSSQL
|
2011-05-03 13:25:20 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Bernardo Damele
|
d0dff82ce0
|
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
|
2011-04-23 16:25:09 +00:00 |
|
Miroslav Stampar
|
f88aa4b165
|
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
|
2011-04-22 19:58:10 +00:00 |
|
Bernardo Damele
|
06a00fe85e
|
For development version, print also the revision number in the banner
|
2011-04-21 21:34:57 +00:00 |
|
Miroslav Stampar
|
7a06af9a92
|
added "lagging" critical message
|
2011-04-19 10:37:20 +00:00 |
|
Miroslav Stampar
|
b79d4f70f3
|
cleaner solution for the problem solved with last commit
|
2011-04-18 14:51:48 +00:00 |
|
Miroslav Stampar
|
f5cff067c6
|
little hack for --time-sec
|
2011-04-18 14:46:18 +00:00 |
|
Miroslav Stampar
|
6fab44d635
|
minor refactoring and improving of used regex
|
2011-04-17 22:37:00 +00:00 |
|
Miroslav Stampar
|
c461fdca54
|
some refactoring
|
2011-04-15 13:51:06 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
4d8a49a87c
|
more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation
|
2011-04-15 11:53:20 +00:00 |
|
Miroslav Stampar
|
ded28442fb
|
minor fixes and refactoring regarding safecharencoding
|
2011-04-14 15:54:00 +00:00 |
|
Miroslav Stampar
|
eafab03d99
|
safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)
|
2011-04-14 13:53:56 +00:00 |
|
Miroslav Stampar
|
30bfefd638
|
minor fix
|
2011-04-14 12:58:03 +00:00 |
|
Bernardo Damele
|
5cf38cd0d7
|
More cookies to ignore
|
2011-04-14 12:46:14 +00:00 |
|
Miroslav Stampar
|
bb99bd2fbe
|
one more commit related to the issue with displaying of garbled characters
|
2011-04-14 09:43:36 +00:00 |
|
Miroslav Stampar
|
5dfb55effc
|
revert of the last commit because of this http://osvdb.org/show/osvdb/26582
|
2011-04-14 06:46:32 +00:00 |
|
Miroslav Stampar
|
786f305e1a
|
minor update
|
2011-04-14 06:43:08 +00:00 |
|
Miroslav Stampar
|
21114d1748
|
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
|
2011-04-13 19:01:02 +00:00 |
|
Miroslav Stampar
|
d06ae9cd47
|
implemented retrieved items info for partial union too
|
2011-04-13 14:33:15 +00:00 |
|
Miroslav Stampar
|
f5f2201bbc
|
minor cosmetics for partial inband retrieval
|
2011-04-13 11:25:42 +00:00 |
|
Miroslav Stampar
|
c193b896be
|
just in case update to prevent gibberish "retrieved: " outputs
|
2011-04-12 23:07:50 +00:00 |
|
Miroslav Stampar
|
941daa1645
|
just in case to prevent "object of type 'NoneType' has no len()" error reports
|
2011-04-11 11:59:02 +00:00 |
|
Miroslav Stampar
|
08d14886fd
|
added new dev version string
|
2011-04-11 09:44:44 +00:00 |
|
Bernardo Damele
|
07d6b18c4e
|
cutting for 0.9 stable
|
2011-04-11 00:24:51 +00:00 |
|
Miroslav Stampar
|
8597409d9e
|
lowering the value
|
2011-04-10 22:57:17 +00:00 |
|
Bernardo Damele
|
c3b54cc222
|
Cosmetics
|
2011-04-01 16:40:28 +00:00 |
|
Miroslav Stampar
|
220366b6e8
|
minor update (ip addresses will not be confused any more for crypt_generic hashes)
|
2011-03-31 16:56:26 +00:00 |
|
Miroslav Stampar
|
c5de903eab
|
minor improvement ("quick defense against substr fields")
|
2011-03-31 09:35:09 +00:00 |
|
Miroslav Stampar
|
d28ca5809b
|
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
|
2011-03-29 14:16:28 +00:00 |
|
Miroslav Stampar
|
7cf4ba83dc
|
minor refactoring and comment update
|
2011-03-29 12:08:07 +00:00 |
|
Miroslav Stampar
|
bf0e3c4662
|
improvement for --forms with empty fields
|
2011-03-28 22:48:00 +00:00 |
|
Miroslav Stampar
|
76b7e3517d
|
minor update
|
2011-03-27 07:58:15 +00:00 |
|
Miroslav Stampar
|
d79fae724c
|
minor refactoring
|
2011-03-24 09:16:21 +00:00 |
|
Miroslav Stampar
|
5c97f9a496
|
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
|
2011-03-09 09:36:56 +00:00 |
|
Miroslav Stampar
|
f27f05308a
|
minor update for masking sensitive data in error report (added aCred too)
|
2011-03-02 10:09:17 +00:00 |
|
Miroslav Stampar
|
7036190e8e
|
minor improvement of regular expression
|
2011-02-27 17:58:01 +00:00 |
|
Miroslav Stampar
|
21041f8b90
|
further reflective value handling improvement
|
2011-02-27 17:43:41 +00:00 |
|
Miroslav Stampar
|
708ddf5608
|
added protection mechanism against reflected values
|
2011-02-24 16:52:46 +00:00 |
|
Miroslav Stampar
|
3f8eadf4fe
|
minor refactoring
|
2011-02-22 13:00:58 +00:00 |
|
Miroslav Stampar
|
199f14df46
|
implementation of MySQL GROUP_CONCAT technique
|
2011-02-15 00:28:27 +00:00 |
|
Miroslav Stampar
|
50d25c3b4d
|
update regarding explicit testing of ua and referer when using -p
|
2011-02-13 21:58:48 +00:00 |
|
Miroslav Stampar
|
4295a78c5f
|
minor update
|
2011-02-10 19:51:34 +00:00 |
|
Miroslav Stampar
|
5b57a69f3e
|
fix
|
2011-02-09 11:20:03 +00:00 |
|
Miroslav Stampar
|
37f7001143
|
first commit with mysql/error/substringing
|
2011-02-08 16:23:33 +00:00 |
|
Miroslav Stampar
|
99e9412f74
|
minor update
|
2011-02-07 12:34:23 +00:00 |
|
Bernardo Damele
|
39decebe85
|
Minor fixes to checking/re-enabling of xp_cmdshell procedure
|
2011-02-07 12:17:19 +00:00 |
|
Miroslav Stampar
|
096efea282
|
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
|
2011-02-07 10:22:43 +00:00 |
|
Bernardo Damele
|
ba3a8a69d4
|
More statements to exclude from unescap'ing
|
2011-02-07 00:33:54 +00:00 |
|
Bernardo Damele
|
2e00656235
|
Minor fix
|
2011-02-07 00:20:23 +00:00 |
|
Bernardo Damele
|
f3d6be7868
|
Code cleanup
|
2011-02-06 22:32:44 +00:00 |
|
Miroslav Stampar
|
acb986ae80
|
minor refactoring
|
2011-02-04 17:40:55 +00:00 |
|
Miroslav Stampar
|
accf4e6ce0
|
one important fix (URI injection parameter '*' now can go anywhere)
|
2011-02-04 12:43:18 +00:00 |
|
Miroslav Stampar
|
c19d481bb1
|
little clean up
|
2011-02-04 12:25:14 +00:00 |
|
Miroslav Stampar
|
e4933f0c92
|
refactoring
|
2011-02-03 23:25:56 +00:00 |
|
Miroslav Stampar
|
e5f54644f0
|
minor "statistical" update
|
2011-02-03 16:59:49 +00:00 |
|
Miroslav Stampar
|
6c87bd1c63
|
added maskSensitiveData function
|
2011-02-02 14:25:16 +00:00 |
|
Miroslav Stampar
|
d6c9515f78
|
minor update
|
2011-02-02 13:03:24 +00:00 |
|
Miroslav Stampar
|
e33428b833
|
adding __findUnionCharCount function
|
2011-02-02 11:22:35 +00:00 |
|
Miroslav Stampar
|
99aa38b58f
|
minor refactoring
|
2011-02-02 10:10:28 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
b1dc928e68
|
implemented validation for time-based inference
|
2011-01-31 16:07:23 +00:00 |
|
Miroslav Stampar
|
25463bc67c
|
fix for a bug (--predict-output) noticed by Bernardo
|
2011-01-31 15:00:41 +00:00 |
|
Miroslav Stampar
|
60a2364f2b
|
now union technique parses headers too
|
2011-01-31 12:41:39 +00:00 |
|