Commit Graph

2012 Commits

Author SHA1 Message Date
Miroslav Stampar
3a3561fdaa doing proper big table support for partial union too 2011-07-24 20:36:44 +00:00
Miroslav Stampar
ec1bc0219c hello big tables, this is sqlmap, sqlmap this is big tables 2011-07-24 09:19:33 +00:00
Miroslav Stampar
82e1e61554 minor speedup 2011-07-23 19:51:19 +00:00
Miroslav Stampar
094dc91e2d minor update (prior to some changes regarding large content retrieval) 2011-07-23 19:04:59 +00:00
Miroslav Stampar
a89140e1ce revisit of Oracle error-based payloads (added replace for '@' as a problematic char for XMLType function) 2011-07-23 06:07:00 +00:00
Miroslav Stampar
8a00ca83af refactoring. nothing special changed 2011-07-21 10:18:11 +00:00
Miroslav Stampar
963f54e6d2 minor fix for parameters containing '=' inside values itself (remark: no parameter name will have '=' nor '%3d' inside; tested and it does a good job) 2011-07-21 10:06:52 +00:00
Miroslav Stampar
9cf33ec997 now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char 2011-07-15 13:24:13 +00:00
Miroslav Stampar
ff8fc90ac7 bug fix 2011-07-13 06:44:15 +00:00
Miroslav Stampar
5c162efbd8 more optimization 2011-07-12 23:21:15 +00:00
Miroslav Stampar
9933edc718 optimization of reflective removal mechanism 2011-07-12 22:28:19 +00:00
Miroslav Stampar
3583d6dd1b quick fixes, more work to do 2011-07-12 20:32:19 +00:00
Miroslav Stampar
f5e45bf113 quick fix for a bug reported by jovon.itwaru@gmail.com 2011-07-11 08:54:39 +00:00
Miroslav Stampar
0d6afca7db adding new switch '--smart' by request 2011-07-10 15:16:58 +00:00
Miroslav Stampar
1e182e6c72 quick fix 2011-07-08 22:34:44 +00:00
Bernardo Damele
651349e229 More verbose critical message 2011-07-08 13:12:53 +00:00
Bernardo Damele
b5dd4d4a63 Minor bug fix for Microsoft Access case expressions (like --common-tables) in UNION query SQL injection 2011-07-08 10:19:01 +00:00
Miroslav Stampar
02bfd05b20 more general approach 2011-07-08 10:03:14 +00:00
Miroslav Stampar
5443e06430 cosmetics (in debug mode [0] is used) 2011-07-08 09:43:52 +00:00
Miroslav Stampar
c463c411b9 minor update 2011-07-08 09:32:58 +00:00
Miroslav Stampar
ba2c06c9dc quick fix 2011-07-08 09:01:32 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Bernardo Damele
fcd4e94c04 Higher chances to detect UNION query SQL injection against Microsoft Access 2011-07-06 23:52:44 +00:00
Bernardo Damele
23b4efdcaf Revamp of tamper scripts, now supporting dependencies() function as well. Improved a lot the docstring and retested all. Added a new one from Ahmad too. 2011-07-06 21:04:45 +00:00
Bernardo Damele
6f6038b534 Quick fix (revert..) 2011-07-06 11:32:12 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Miroslav Stampar
34d9a91af1 bulk of fixes 2011-07-02 22:48:56 +00:00
Bernardo Damele
861cdb1b14 cosmetics 2011-07-01 10:04:34 +00:00
Miroslav Stampar
4513ef409e massive (like really massive) dictionary support 2011-06-30 23:44:49 +00:00
Miroslav Stampar
43db6b03a7 update with a feature request (file with list of wordlist files) 2011-06-30 08:42:43 +00:00
Miroslav Stampar
be9b8bca78 bug fix 2011-06-29 17:39:58 +00:00
Miroslav Stampar
4be55c811f minor update 2011-06-27 21:48:26 +00:00
Miroslav Stampar
5b4eaf48d9 minor fix (for those blank suffixes out of nowhere at the end of payload - not related to "-- ") 2011-06-27 21:34:49 +00:00
Miroslav Stampar
8a8b94883b minor update (that default quit in --batch was bothering me - my original idea and it was bad :) 2011-06-27 14:14:49 +00:00
Miroslav Stampar
d72db1bf91 minor update (all misc options are alphabetically ordered) 2011-06-27 08:21:33 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Miroslav Stampar
aa83fe5c66 minor update 2011-06-24 18:19:33 +00:00
Miroslav Stampar
21010f702c minor beautification 2011-06-24 17:46:54 +00:00
Miroslav Stampar
96190cf594 minor update 2011-06-24 17:15:15 +00:00
Bernardo Damele
406f2cda09 Got rid of useless TAB completion in --sql-shell 2011-06-24 13:05:13 +00:00
Bernardo Damele
35ce6dedcf Got rid of useless imports 2011-06-24 09:59:11 +00:00
Bernardo Damele
a78f5b4eb3 Minor adjustment to avoid function and variables with same name 2011-06-24 09:29:11 +00:00
Miroslav Stampar
eaa2a4202f changing to: --crawl=CRAWLDEPTH 2011-06-24 05:40:03 +00:00
Miroslav Stampar
3717b8423f cleanest fix this moment (conf.dbms will for sure deal problems later in any form) 2011-06-22 15:48:44 +00:00
Miroslav Stampar
5190440ea2 minor fix 2011-06-22 15:36:59 +00:00
Miroslav Stampar
97d8729d71 probable fix for a bug reported by m4l1c3 (RuntimeError: maximum recursion depth exceeded) 2011-06-22 15:28:49 +00:00
Miroslav Stampar
52ba3c281e minor update 2011-06-22 14:59:49 +00:00
Miroslav Stampar
4ca37901da thread safe logging+stdout (no more overlapping of log messages and raw output) 2011-06-22 14:53:42 +00:00
Miroslav Stampar
84bc8c3a37 update 2011-06-22 14:39:31 +00:00
Miroslav Stampar
938db1b513 replacing xmlobject logic with our own 2011-06-22 14:33:52 +00:00
Bernardo Damele
1cb12ea659 replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license) 2011-06-22 13:31:07 +00:00
Miroslav Stampar
2a4a284a29 crawler fix (skip binary files) 2011-06-20 22:41:38 +00:00
Miroslav Stampar
d6062e8fc9 minor fix for crawler and far less message overlaps in future 2011-06-20 21:18:12 +00:00
Miroslav Stampar
8968c708a0 minor update 2011-06-20 14:27:24 +00:00
Miroslav Stampar
f09340fc89 minor update 2011-06-20 12:40:14 +00:00
Miroslav Stampar
4d1fa5596b added support for --scope in --crawl mode 2011-06-20 12:37:51 +00:00
Miroslav Stampar
67fab9f2e2 putting this to info messages (user needs to know at this place why is it waiting) 2011-06-20 12:17:19 +00:00
Miroslav Stampar
b1426b5131 bug fix 2011-06-20 12:11:09 +00:00
Miroslav Stampar
cda39ca350 minor update 2011-06-20 11:46:23 +00:00
Miroslav Stampar
07e2c72943 adding Beautifulsoup (BSD) into extras; adding --crawl to options 2011-06-20 11:32:30 +00:00
Miroslav Stampar
8c04aa871a english typo 2011-06-20 11:00:23 +00:00
Miroslav Stampar
83af83da9e minor beautification (WordsSet is considered as a bad english) 2011-06-18 15:47:19 +00:00
Bernardo Damele
6b2f44de14 Minor layout adjustment 2011-06-18 12:27:12 +00:00
Bernardo Damele
cd07139919 Layout adjustments 2011-06-18 11:58:14 +00:00
Miroslav Stampar
31ad0875b4 added by request 2011-06-18 11:34:51 +00:00
Miroslav Stampar
e4be141602 minor fix for --smoke-test 2011-06-18 11:26:17 +00:00
Bernardo Damele
c7e1aeeef2 layout 2011-06-18 11:02:48 +00:00
Miroslav Stampar
905fef0eae now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5) 2011-06-18 10:51:14 +00:00
Miroslav Stampar
1440c9f2d4 minor update 2011-06-17 22:28:07 +00:00
Miroslav Stampar
87e9842371 better language 2011-06-17 22:13:45 +00:00
Miroslav Stampar
ce3170edef minor update/better language 2011-06-17 22:11:40 +00:00
Miroslav Stampar
ec6fa384eb update 2011-06-17 22:04:25 +00:00
Miroslav Stampar
f3ee2c09fb cleaner fix 2011-06-17 15:32:23 +00:00
Miroslav Stampar
bb987ec98f fix for DNS leakage 2011-06-17 15:23:58 +00:00
Miroslav Stampar
9498a3f259 little stabilization of multi threading 2011-06-17 12:50:28 +00:00
Miroslav Stampar
530c296519 minor fix 2011-06-16 13:56:17 +00:00
Miroslav Stampar
0eeb48f8f5 some fixes 2011-06-16 13:41:02 +00:00
Miroslav Stampar
7733e5866a minor update regarding mnemonics (again) 2011-06-16 12:34:38 +00:00
Miroslav Stampar
17e4c6b564 minor update regarding mnemonics 2011-06-16 12:26:50 +00:00
Miroslav Stampar
25b923bbc3 minor fixes and minor updates 2011-06-16 12:12:30 +00:00
Miroslav Stampar
3995891ab4 new file containing default settings 2011-06-16 11:43:07 +00:00
Miroslav Stampar
6f681b45ad cleaning up a bit for a configuration mess 2011-06-16 11:42:13 +00:00
Bernardo Damele
f515c9c9e0 Dealt with SVN update login traceback. Need to investigate further why it asks for credentials sometimes 2011-06-16 10:11:11 +00:00
Miroslav Stampar
63d98d8ce6 fix for a bug reported by rdsears@mtu.edu (ignored config file items) 2011-06-16 08:08:49 +00:00
Miroslav Stampar
4d51fa8155 minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails) 2011-06-15 17:37:28 +00:00
Miroslav Stampar
e0ad72031f minor update 2011-06-15 12:04:30 +00:00
Miroslav Stampar
1d93a03eeb introducing mnemonics 2011-06-15 11:58:50 +00:00
Miroslav Stampar
d55a242908 minor improvement. messages are now warnings (not errors because lots of them are not causing problems for a normal usage) and most of all it's being checked only if the --dependencies is used (until now this switch has been ignored and turned on by default - always) 2011-06-14 19:38:35 +00:00
Bernardo Damele
8978fded03 typo fix 2011-06-13 19:00:27 +00:00
Bernardo Damele
7152a1ed3b Added --dependences to show which sqlmap dependences are not available 2011-06-13 18:44:02 +00:00
Miroslav Stampar
2da56ea507 fix of a language bug 2011-06-11 21:17:30 +00:00
Miroslav Stampar
9331abb96f minor update 2011-06-11 08:33:36 +00:00
Miroslav Stampar
f8dde2c23b adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones) 2011-06-10 23:18:43 +00:00
Miroslav Stampar
fae089646b minor fix 2011-06-09 08:38:17 +00:00
Miroslav Stampar
9202fedf7b minor fix 2011-06-09 08:14:54 +00:00
Miroslav Stampar
af5fe457bd revert of the revert (it's a good idea to have it like this because of problems with e.g. --text-only and binary content) 2011-06-09 07:53:31 +00:00
Miroslav Stampar
8ec4bc9d9d revert of the last commit. have to think about it 2011-06-09 06:32:53 +00:00
Miroslav Stampar
9c093d91f2 minor update 2011-06-09 06:14:35 +00:00
Bernardo Damele
0d8d6a4ace Cosmetics 2011-06-08 16:08:20 +00:00
Bernardo Damele
70cac24909 Cosmetics 2011-06-08 15:31:27 +00:00
Bernardo Damele
64bef644c3 This was missing 2011-06-08 15:30:59 +00:00
Bernardo Damele
0d3e8a76d8 Cosmetics and a missing param 2011-06-08 14:40:42 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a refactoring 2011-06-08 14:30:12 +00:00
Bernardo Damele
7da3d8dbd1 minor layout adjustment 2011-06-08 13:01:33 +00:00
Miroslav Stampar
f65abdaae3 added switch --cookie-del by request 2011-06-08 08:27:24 +00:00
Miroslav Stampar
4eeeb3655e asking and skipping to the next google result page if no usable links found 2011-06-07 23:24:17 +00:00
Miroslav Stampar
26062ec71e minor update 2011-06-07 15:13:51 +00:00
Miroslav Stampar
50dde39e68 minor update 2011-06-07 10:32:18 +00:00
Miroslav Stampar
7a3cc38e3c refactoring and stabilization of multithreading 2011-06-07 09:50:00 +00:00
Miroslav Stampar
03c3f83893 minor fix 2011-06-06 13:34:49 +00:00
Miroslav Stampar
24ed99e5a3 fix for a bug reported by aboynes@gmail.com 2011-06-06 08:50:48 +00:00
Miroslav Stampar
f27181c628 minor improvement for blind based injections with reflected values 2011-06-03 14:41:36 +00:00
Miroslav Stampar
e9eafc2e94 minor update 2011-06-03 14:13:22 +00:00
Miroslav Stampar
64a862ed58 minor usability update 2011-06-03 14:04:02 +00:00
Miroslav Stampar
faf7814869 fix for a fuzz "bug" reported by daniele.rivetti@yahoo.com 2011-06-03 11:01:26 +00:00
Miroslav Stampar
08d6bb4f23 minor fix 2011-06-02 22:13:31 +00:00
Miroslav Stampar
8aa5625cd0 proper fix related to the last commit 2011-06-01 23:00:18 +00:00
Miroslav Stampar
63145236b9 minor fix 2011-05-31 21:53:29 +00:00
Miroslav Stampar
3c12799ff0 minor improvement 2011-05-30 20:34:34 +00:00
Miroslav Stampar
89559d1b0a better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it 2011-05-30 20:18:30 +00:00
Miroslav Stampar
20988e58ed warp 5 mr spock :) 2011-05-30 09:46:32 +00:00
Miroslav Stampar
001cbff2a9 speed up of 2 times for partial union technique 2011-05-30 09:07:48 +00:00
Miroslav Stampar
97820949f5 minor update 2011-05-30 08:33:01 +00:00
Miroslav Stampar
23d7820de7 minor update 2011-05-29 23:56:41 +00:00
Miroslav Stampar
86455ceb9c implementation of multithreading for UNION and ERROR techniques 2011-05-29 23:17:50 +00:00
Miroslav Stampar
d51efa679d typo update 2011-05-29 06:26:28 +00:00
Miroslav Stampar
f848cc779e adding legal disclaimer as latest situation (these days news headlines) seems out of control 2011-05-28 18:54:14 +00:00
Miroslav Stampar
eb9b84d1da type correction 2011-05-28 17:53:05 +00:00
Miroslav Stampar
03ef53f00a update regarding mysql function resolution and versionedkeywords 2011-05-28 17:34:43 +00:00
Miroslav Stampar
c11ea35d53 adding some user input for "refreshing" cases (like redirect ones) 2011-05-27 22:42:23 +00:00
Miroslav Stampar
8227298057 user friendliness uber 9000 2011-05-27 08:30:52 +00:00
Miroslav Stampar
45caadbd4a important update - finally found what was causing headache for UNION payloads in noticeable number of cases 2011-05-26 21:54:19 +00:00
Miroslav Stampar
4f46a5ab63 minor usability enhancement regarding warning for --text-only switch 2011-05-26 20:48:18 +00:00
Miroslav Stampar
ff030e4d24 minor cleanup of the leftover 2011-05-26 17:37:24 +00:00
Miroslav Stampar
bf2b58ba82 minor update 2011-05-26 15:23:28 +00:00
Miroslav Stampar
b6fe5b12a4 adding --schema to the wizard/Basic as it looks like a cool thingy to put there 2011-05-26 14:30:05 +00:00
Miroslav Stampar
f3ed61af5f bug fix when using inference and kb.pageEncoding is None (like in binary cases) 2011-05-25 21:12:12 +00:00
Miroslav Stampar
0e480a9921 adding SYS to the ORACLE_SYSTEM_DBS 2011-05-25 10:55:47 +00:00
Miroslav Stampar
2f456bee75 minor beautification 2011-05-25 08:14:39 +00:00
Miroslav Stampar
8b7a3c5a6b making it easier for totally dummy users 2011-05-24 17:24:01 +00:00
Miroslav Stampar
bec2c04671 helping dummy users 2011-05-24 17:15:25 +00:00
Miroslav Stampar
a3466ff79c serving everything for the users 2011-05-24 16:34:08 +00:00
Miroslav Stampar
69eb173eca minor just in case patch 2011-05-24 15:07:37 +00:00
Miroslav Stampar
f774d8fea0 proper Tor settings (reverted r3915 and implemented it the right way) 2011-05-24 11:06:58 +00:00
Miroslav Stampar
a536bf210f improved redirection mechanism 2011-05-23 23:20:03 +00:00
Miroslav Stampar
128a012121 this was causing that --suffix trouble 2011-05-23 19:59:07 +00:00
Miroslav Stampar
bfe8e51b7c minor fix for retrieving stuff like "SELECT * FROM testdb..users" 2011-05-23 19:45:40 +00:00
Miroslav Stampar
4542d4535f minor beautification 2011-05-23 14:28:05 +00:00
Miroslav Stampar
0ed03d474f now supporting "blank tables" - schema of the table will be preserved, even if it's empty - especially nice feature for --replicate 2011-05-23 11:09:44 +00:00
Miroslav Stampar
fb23beef6f most elegant way i could think of to deal with "collation incompatibilities" issue on some MySQL/UNION cases (affected about 5% of all targets tested) 2011-05-22 19:14:36 +00:00
Miroslav Stampar
9b2623514a one bug fix for Host header (value should be without port number); one improvement for --tables - when no tables ask user if he wants to brute force them; one tweak - adding kb.ignoreTimeout for --tables 2011-05-22 09:48:46 +00:00
Miroslav Stampar
2ea613b170 type correction and adding global flag kb.ignoreTimeout which could be useful 2011-05-22 08:24:13 +00:00
Miroslav Stampar
a58aaf2e1a better format for results file (easier for sorting when lots of files) 2011-05-22 07:02:36 +00:00
Miroslav Stampar
25fff8c135 changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux) 2011-05-21 11:46:57 +00:00
Miroslav Stampar
9e5856caf8 improvement for recognition of scalar vs multiple-row commands 2011-05-19 16:45:05 +00:00
Miroslav Stampar
db72428765 minor update 2011-05-19 15:57:29 +00:00
Miroslav Stampar
f40c6b2ce7 added --cookie for maskSensitiveData too 2011-05-19 15:42:59 +00:00
Miroslav Stampar
9832fc42d4 minor improvement for --tamper (now standard tamper scripts can be used like --tamper=randomcase) 2011-05-18 21:47:40 +00:00
Miroslav Stampar
3048e9f710 minor refactoring 2011-05-17 23:03:31 +00:00
Miroslav Stampar
cc07e5dc97 added --charset option to force charset encoding of the retrieved data (e.g. when the backend collation is different than the current web page charset) as requested by devon.mitchell1988@y​ahoo.com 2011-05-17 22:55:22 +00:00
Miroslav Stampar
dfe81cc66f minor yielding 2011-05-16 20:14:10 +00:00
Miroslav Stampar
a5ad4621c9 minor refactoring 2011-05-16 20:09:12 +00:00
Miroslav Stampar
faa74cd2bc introducing results file for multiple target mode 2011-05-15 22:21:38 +00:00
Miroslav Stampar
90e84c9a6d removing xmlcharrefreplace error handler as it seems that it wasn't such a good idea at the end 2011-05-15 21:43:38 +00:00
Miroslav Stampar
c3bb5a03e1 minor improvement 2011-05-14 20:09:37 +00:00
Miroslav Stampar
3484a4426b fix for a bug reported by itxx@qq.co​m (TypeError: encode() takes no keyword arguments) 2011-05-14 19:57:28 +00:00
Miroslav Stampar
a7d7be5ce0 bug fix ('Host' header was being set to the conf.hostname for all getPages causing problems in some cases when retrieved page was not coming from that same Host) 2011-05-13 01:01:53 +00:00
Miroslav Stampar
70688fb8b5 minor enhancement for dumping 'None' values (proper way should be empty string because None is too pythonic) 2011-05-12 12:00:17 +00:00
Miroslav Stampar
0b2da2f9f5 minor beautification for --tor switch 2011-05-12 05:46:17 +00:00
Miroslav Stampar
e05a9c0554 i was probably very tired or very stupid to do this 2011-05-11 13:13:46 +00:00
Miroslav Stampar
2ab9e30f7a bug fix 2011-05-11 12:54:33 +00:00
Miroslav Stampar
53065ee1fb adding ordered set for kb.targetUrls (now the order of appereance in multiple targets mode will be respected) 2011-05-11 08:55:48 +00:00
Miroslav Stampar
5ee07b90b9 added -m switch for bulk loading multiple targets 2011-05-11 08:46:40 +00:00
Miroslav Stampar
120b0d756e unfix 2011-05-10 21:33:06 +00:00
Miroslav Stampar
192c685bc8 changing conf attribute to a more proper name 2011-05-10 20:48:34 +00:00
Miroslav Stampar
deae534ee7 minor refactoring 2011-05-10 20:44:36 +00:00
Bernardo Damele
97bc816aeb layout 2011-05-10 16:24:09 +00:00
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Miroslav Stampar
707edc7b1a fix for a bug (previously --dbms="mysql 4" was ignored and abruptly terminated while the mechanism was here all along) 2011-05-10 13:28:07 +00:00
Miroslav Stampar
a64407d9db minor bug fix for multithreading and lots of connection retries 2011-05-10 12:40:01 +00:00
Miroslav Stampar
22a1870c2c adding some constraining to number of used threads on brute force switches together with a warning in case of connection exception(s) with --threads>1 2011-05-10 12:32:07 +00:00
Miroslav Stampar
ec4d9178f8 minor update related to the previous commit 2011-05-08 06:28:58 +00:00
Miroslav Stampar
4d6e7c738c minor update 2011-05-08 06:17:43 +00:00
Bernardo Damele
6653907700 forgot in last commit 2011-05-07 21:13:56 +00:00
Bernardo Damele
1151af52bb More fix for save/resume of --technique 2011-05-07 21:08:14 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
2011-05-06 10:27:43 +00:00
Miroslav Stampar
42bca80968 removing blank lines and adding newline at the end of files 2011-05-06 09:35:53 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Bernardo Damele
e96a533a04 Bug fix to resume of --technique 2011-05-05 15:18:33 +00:00
Bernardo Damele
c58dc4a6d8 isDbmsWithin() must stay like this, no getIdentifiedDbms() in there 2011-05-03 14:13:45 +00:00
Miroslav Stampar
742b0ef76e major improvement of ERROR data retrieval on MSSQL 2011-05-03 13:25:20 +00:00
Miroslav Stampar
2a7838928e minor fancier --replicate update 2011-05-03 11:48:04 +00:00
Miroslav Stampar
b202d73b46 bug fix for MSSQL identificators which were starting with d, b, o and . Thing is that .lstrip strips all occurances of the given chars :) (spotted ancidentally) 2011-05-03 11:09:30 +00:00
Miroslav Stampar
1840b0e43b fix for a bug reported by k1971@live.co.uk (OperationalError: unknown database dbo) 2011-05-03 10:22:38 +00:00
Miroslav Stampar
1e6c2fea74 update regarding warning for --random-agent during connection timeout in connection test phase 2011-05-03 10:05:42 +00:00
Miroslav Stampar
5e9620198c fix for a privately reported bug ("AttributeError: item is disabled") 2011-05-02 18:18:04 +00:00
Miroslav Stampar
93dee30895 better fix for the previous commit 2011-05-02 13:34:55 +00:00
Miroslav Stampar
20ad1c1f2f minor update to not confuse users when using -o 2011-05-02 13:24:35 +00:00
Bernardo Damele
ac2550535c Proper fix for --technique=U bug 2011-05-01 23:42:41 +00:00
Miroslav Stampar
900ee0ff93 fix for a major bug reported by k1971@live.co.uk (1..9 99..) 2011-05-01 15:47:00 +00:00
Miroslav Stampar
494503b334 proper way to deal with generic cases 2011-05-01 08:04:08 +00:00
Miroslav Stampar
fcd69ba9c7 fix for a --technique=U 2011-05-01 07:37:22 +00:00
Bernardo Damele
955dbc85e7 Minor variable rename 2011-04-30 15:29:59 +00:00
Bernardo Damele
00f14bec5f layout adjustment 2011-04-30 15:22:33 +00:00
Bernardo Damele
9a4ae7d9e2 More code refactoring of Backend class methods used 2011-04-30 14:54:29 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Miroslav Stampar
983546d6bf proper fix 2011-04-30 07:01:21 +00:00
Bernardo Damele
a5968fff3e Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided 2011-04-30 00:22:22 +00:00
Bernardo Damele
956e75e2b5 Minor adjustment to --mobile.
Bug fix to --random-agent.
2011-04-29 21:50:48 +00:00
Miroslav Stampar
46f96f3c4c removing Kindle from list as it's not really a smartphone 2011-04-29 19:32:30 +00:00
Miroslav Stampar
11124b21f9 implemented --mobile switch 2011-04-29 19:27:23 +00:00
Miroslav Stampar
6bb4dce3aa minor refactoring 2011-04-29 15:22:32 +00:00
Miroslav Stampar
a2bb0d72e8 fix for a bug reported by rdsears@mtu.edu (TypeError: expected string or buffer) 2011-04-29 14:40:28 +00:00
Bernardo Damele
edac0b2558 Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema 2011-04-28 23:59:00 +00:00
Bernardo Damele
e35f25b2cb Major recode of --os-pwn functionality. Now the Metasploit shellcode can not be run as a Metasploit generated payload stager anymore. Instead it can be run on the target system either via sys_bineval() (as it was before, anti-forensics mode, all the same) or via shellcodeexec executable. Advantages are that:
* It is stealthier as the shellcode itself does not touch the filesystem, it's an argument passed to shellcodeexec at runtime.
* shellcodeexec is not (yet) recognized as malicious by any (Avast excluded) AV product.
* shellcodeexec binary size is significantly smaller than a Metasploit payload stager (even when packed with UPX).
* UPX now is not needed anymore, so sqlmap package is also way smaller and less likely to be detected itself as malicious by your AV software.
shellcodeexec source code, compilation files and binaries are in extra/shellcodeexec/ folder now - copied over from https://github.com/inquisb/shellcodeexec.
Minor code refactoring.
2011-04-24 23:01:21 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
f88aa4b165 implemented suppressResumeInfo mechanism (huge slowdown on large tables) 2011-04-22 19:58:10 +00:00
Bernardo Damele
06a00fe85e For development version, print also the revision number in the banner 2011-04-21 21:34:57 +00:00
Bernardo Damele
edc2d75702 Cosmetics and major bug fix 2011-04-21 21:15:23 +00:00
Bernardo Damele
b667c50588 store/resume info on xp_cmd available in session file 2011-04-21 14:25:04 +00:00
Bernardo Damele
a313df4d37 Allow user to force temporary folder with --tmp-path even if it has been saved one in the session file 2011-04-21 14:05:37 +00:00
Miroslav Stampar
e1a8d268d8 fix for UPX linux/macos 2011-04-21 10:52:34 +00:00
Bernardo Damele
11ecd16099 cosmetics 2011-04-21 10:08:38 +00:00
Miroslav Stampar
9ccf720c05 removing funny remark 2011-04-21 10:06:13 +00:00
Bernardo Damele
a91e6a8440 layout 2011-04-21 10:03:18 +00:00
Miroslav Stampar
cbfe743bad added a comment 2011-04-21 10:01:58 +00:00
Miroslav Stampar
3b133303bf refactoring 2011-04-19 22:54:13 +00:00
Miroslav Stampar
de2479b864 dealing with http://bugs.python.org/issue1602 2011-04-19 22:33:03 +00:00
Miroslav Stampar
44bbef42f8 minor cosmetics 2011-04-19 20:23:08 +00:00
Miroslav Stampar
13f8c001a7 minor update 2011-04-19 11:13:53 +00:00
Miroslav Stampar
7a06af9a92 added "lagging" critical message 2011-04-19 10:37:20 +00:00
Miroslav Stampar
a7c26366b4 doing that auto default value for --time-sec only for --tor 2011-04-19 08:43:29 +00:00
Miroslav Stampar
4d48ac54dc automatically increasing default --time-sec value when --tor/--proxy used (not touching anything if explicit --time-sec set) 2011-04-19 08:34:21 +00:00
Miroslav Stampar
b79d4f70f3 cleaner solution for the problem solved with last commit 2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6 little hack for --time-sec 2011-04-18 14:46:18 +00:00
Miroslav Stampar
354a2ce249 'chardet' heuristic engine added to the project 2011-04-18 13:38:46 +00:00
Miroslav Stampar
6fab44d635 minor refactoring and improving of used regex 2011-04-17 22:37:00 +00:00
Miroslav Stampar
76d1f09b0a minor cosmetics 2011-04-17 22:25:25 +00:00
Miroslav Stampar
9aae447553 minor update for matching SOAP messages 2011-04-17 22:21:32 +00:00
Miroslav Stampar
a7366bf710 SOAP refactoring 2011-04-17 21:39:00 +00:00
Miroslav Stampar
c7ff5dcbeb minor update 2011-04-17 08:48:13 +00:00
Miroslav Stampar
ee88ccf0ac well, this could be important :) 2011-04-17 08:33:46 +00:00
Miroslav Stampar
29ee760021 improving time based data retrieval mechanism 2011-04-17 07:24:18 +00:00
Miroslav Stampar
c461fdca54 some refactoring 2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation 2011-04-15 11:53:20 +00:00
Miroslav Stampar
467d1a50b3 removed debug message that could cause confusion 2011-04-15 11:28:01 +00:00
Miroslav Stampar
8c6f7c7d5f explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay 2011-04-15 08:52:53 +00:00
Miroslav Stampar
3efd9e3959 improved htmlunescape (great for localized html escape codes) 2011-04-14 21:36:13 +00:00
Miroslav Stampar
ded28442fb minor fixes and refactoring regarding safecharencoding 2011-04-14 15:54:00 +00:00
Miroslav Stampar
866cdb4cf7 speed of --replicate is now vastly improved 2011-04-14 14:34:12 +00:00
Miroslav Stampar
eafab03d99 safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars) 2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638 minor fix 2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7 More cookies to ignore 2011-04-14 12:46:14 +00:00
Miroslav Stampar
8426d48e2e minor refactoring 2011-04-14 10:14:46 +00:00
Miroslav Stampar
930262f573 minor update related to the last commit 2011-04-14 10:12:07 +00:00
Miroslav Stampar
1c5427baf8 minor fix 2011-04-14 09:54:29 +00:00
Miroslav Stampar
bb99bd2fbe one more commit related to the issue with displaying of garbled characters 2011-04-14 09:43:36 +00:00
Miroslav Stampar
04986be4b9 update regarding safe character output together with a small fix for newlines 2011-04-14 09:31:45 +00:00
Miroslav Stampar
5dfb55effc revert of the last commit because of this http://osvdb.org/show/osvdb/26582 2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a minor update 2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748 added IGNORE_PARAMETERS to skip testing of state/session web server parameters 2011-04-13 19:01:02 +00:00
Miroslav Stampar
58a93c5b1f better beep for MacOSX 2011-04-13 18:32:47 +00:00
Miroslav Stampar
d06ae9cd47 implemented retrieved items info for partial union too 2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc minor cosmetics for partial inband retrieval 2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be just in case update to prevent gibberish "retrieved: " outputs 2011-04-12 23:07:50 +00:00
Miroslav Stampar
5346ecbb56 fix for a "accept certificate first time for svn" 2011-04-12 14:25:17 +00:00
Miroslav Stampar
941daa1645 just in case to prevent "object of type 'NoneType' has no len()" error reports 2011-04-11 11:59:02 +00:00
Miroslav Stampar
08d14886fd added new dev version string 2011-04-11 09:44:44 +00:00
Bernardo Damele
07d6b18c4e cutting for 0.9 stable 2011-04-11 00:24:51 +00:00
Miroslav Stampar
8597409d9e lowering the value 2011-04-10 22:57:17 +00:00
Bernardo Damele
14219a3dac Minor bug fix 2011-04-10 22:44:08 +00:00
Miroslav Stampar
940c225d7c few fixes 2011-04-10 20:53:27 +00:00
Bernardo Damele
d324704844 Removed unused code 2011-04-10 20:39:15 +00:00
Miroslav Stampar
decab6642d fix for that @chunk bug 2011-04-10 16:46:33 +00:00
Miroslav Stampar
723a7447b2 minor refactoring 2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421 added support for handling binary data values (no more garbish chars) 2011-04-09 23:13:16 +00:00
Miroslav Stampar
4ad73f9263 added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics 2011-04-09 22:39:03 +00:00
Miroslav Stampar
c4c40308c6 no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one) 2011-04-08 22:42:07 +00:00
Miroslav Stampar
83feb097ef greater flexibility for --batch when default is None 2011-04-08 22:29:50 +00:00
Miroslav Stampar
228cc68747 fix for those ugly DEBUG messages in brute mode 2011-04-08 11:02:21 +00:00
Miroslav Stampar
be11e2535e one more minor update 2011-04-08 00:05:44 +00:00
Miroslav Stampar
3435d549a9 minor update regarding the last commit 2011-04-07 23:35:51 +00:00
Miroslav Stampar
726155383d higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0]) 2011-04-07 23:32:07 +00:00
Miroslav Stampar
b288e5ef57 implemented DNS caching mechanism 2011-04-07 21:39:18 +00:00
Miroslav Stampar
ae4ea0af45 fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace') 2011-04-07 13:57:07 +00:00
Miroslav Stampar
6a8a5db9aa minor code restyling 2011-04-07 13:27:29 +00:00
Bernardo Damele
9e8c933333 cosmetics 2011-04-07 10:40:58 +00:00
Miroslav Stampar
68828d68a5 removed integers from --technique 2011-04-07 10:37:48 +00:00
Miroslav Stampar
fced81b6be minor update 2011-04-07 10:32:39 +00:00
Miroslav Stampar
845533e92f minor refactoring 2011-04-07 10:27:22 +00:00
Bernardo Damele
1880f18367 Minor layout adjustments 2011-04-07 10:07:52 +00:00
Bernardo Damele
17844eb87c Refactoring to --technique 2011-04-07 10:00:47 +00:00
Bernardo Damele
05d12790f1 closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message) 2011-04-06 14:41:44 +00:00
Miroslav Stampar
a379463213 cosmeticado 2011-04-06 08:40:06 +00:00
Miroslav Stampar
b327bbcd9b minor fix (it was quite ... to have this check at the later stage) 2011-04-06 08:39:24 +00:00
Bernardo Damele
81034140c0 Reduced number of threads to 3 when -o is provided 2011-04-06 08:15:20 +00:00
Miroslav Stampar
2c01fc56e6 minor update regarding misusage of --proxy and --ignore-proxy switches 2011-04-04 09:19:43 +00:00
Miroslav Stampar
305115a68b important improvement of data handling (POST data and header values) 2011-04-03 15:02:52 +00:00
Miroslav Stampar
bbd4c128b0 minor update related to the last commit 2011-04-01 22:19:42 +00:00
Miroslav Stampar
cd7e4f5afc improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form) 2011-04-01 22:12:24 +00:00
Bernardo Damele
c3b54cc222 Cosmetics 2011-04-01 16:40:28 +00:00
Miroslav Stampar
e27afef6be minor update regarding --current-db on Oracle 2011-04-01 15:56:11 +00:00
Bernardo Damele
eb99f68a7a Minor improvement to --wizard. This does not mean I like the kiddie feature though ;) 2011-04-01 14:55:39 +00:00
Miroslav Stampar
de4e0c7346 minor update related to the problem with request files reported by jorge_a_santos@hotmail.com 2011-04-01 12:09:11 +00:00
Miroslav Stampar
ee15988878 another minor update related to previous commit 2011-03-31 17:34:07 +00:00
Miroslav Stampar
156d24203f speed optimization 2011-03-31 17:16:26 +00:00
Miroslav Stampar
220366b6e8 minor update (ip addresses will not be confused any more for crypt_generic hashes) 2011-03-31 16:56:26 +00:00
Miroslav Stampar
c5de903eab minor improvement ("quick defense against substr fields") 2011-03-31 09:35:09 +00:00
Miroslav Stampar
ce51326bff quick fix 2011-03-31 08:43:17 +00:00
Miroslav Stampar
dd01d66f13 proper update regarding last commit 2011-03-29 22:10:08 +00:00
Miroslav Stampar
b6af80bab3 refactoring, cleanup and improvement 2011-03-29 21:54:15 +00:00
Miroslav Stampar
adfbfef8c1 minor refactoring 2011-03-29 21:01:47 +00:00
Miroslav Stampar
12f3024c8a removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header) 2011-03-29 20:45:21 +00:00
Miroslav Stampar
d0861a00e2 minor improvement 2011-03-29 15:37:57 +00:00
Miroslav Stampar
d28ca5809b adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page) 2011-03-29 14:16:28 +00:00
Miroslav Stampar
7cf4ba83dc minor refactoring and comment update 2011-03-29 12:08:07 +00:00
Miroslav Stampar
5560196648 minor fix 2011-03-29 11:50:12 +00:00
Miroslav Stampar
e20d460809 Bernardo will kill me (added --wizard for total beginners) 2011-03-29 11:42:55 +00:00
Miroslav Stampar
86f93713d3 fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update 2011-03-29 06:25:17 +00:00
Miroslav Stampar
bf0e3c4662 improvement for --forms with empty fields 2011-03-28 22:48:00 +00:00
Miroslav Stampar
1e22ff45de minor update regarding testing of GET parameters if --data and/or --forms is used 2011-03-28 16:14:08 +00:00
Miroslav Stampar
625f124263 little info message 2011-03-28 12:13:17 +00:00
Miroslav Stampar
47924fb92e fix for a bug reported by malice.anon@gmail.co​m (AttributeError: 'unicode' object has no attribute 'geturl') 2011-03-27 13:41:54 +00:00
Miroslav Stampar
76b7e3517d minor update 2011-03-27 07:58:15 +00:00
Miroslav Stampar
afe2be6a9f implementation of Standard DES hashing (crypt) 2011-03-26 20:46:25 +00:00
Miroslav Stampar
c5b6d377fb fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages) 2011-03-25 12:14:19 +00:00
Miroslav Stampar
af5342c495 fix for partial inband queries on MSSQL 2011-03-25 11:19:15 +00:00
Miroslav Stampar
e80c9e08d8 minor update regarding --live-test 2011-03-25 09:03:08 +00:00
Miroslav Stampar
1f1c4c0e61 better update related to the last commit 2011-03-24 20:04:20 +00:00
Miroslav Stampar
c0cc5d1dad minor update 2011-03-24 17:18:03 +00:00
Miroslav Stampar
f3858a5fcf another fix related to the bug reported by Alone Shell 2011-03-24 17:08:14 +00:00
Miroslav Stampar
e42cdfd138 adding possibility to run only one live test (e.g. --run-case=8) 2011-03-24 12:07:47 +00:00
Miroslav Stampar
2b15ad57c2 basic live tests against 3 major DBMSes 2011-03-24 11:47:01 +00:00
Miroslav Stampar
ecbbfeba6e introduction of --fresh-queries 2011-03-24 10:08:47 +00:00
Miroslav Stampar
d79fae724c minor refactoring 2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2 fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file 2011-03-24 08:43:40 +00:00
Miroslav Stampar
bd75fd26e9 implementing a --page-rank switch as requested by l0rda@l0rda.biz 2011-03-23 11:57:57 +00:00
Miroslav Stampar
5a1aaecf16 minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION') 2011-03-22 13:07:37 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
3ca5cddca7 massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL) 2011-03-20 23:54:56 +00:00
Miroslav Stampar
088c815567 minor update (exposing --tor switch) 2011-03-19 18:28:51 +00:00
Miroslav Stampar
2cc91b8470 minor fix 2011-03-19 17:44:34 +00:00
Miroslav Stampar
7c2b3afafb minor fix (-r required Content-Length which is a part of Burp log and as we share the parsing logic this was a headache for -r) 2011-03-19 17:37:26 +00:00
Miroslav Stampar
139448eeb9 little stabilization regarding POST url(de/en)coding 2011-03-19 16:53:14 +00:00
Miroslav Stampar
0fcd999e51 fix for a bug reported by malice 2011-03-18 16:52:46 +00:00
Miroslav Stampar
58e9a074d3 masking some more command line arguments 2011-03-18 16:47:18 +00:00
Miroslav Stampar
36233fac42 update regarding a feature request from andyroyalbattle@yahoo.it 2011-03-18 16:35:30 +00:00
Miroslav Stampar
00b9d85ffc fix regarding bug report from andyroyalbattle@yahoo.it 2011-03-18 16:26:39 +00:00
Miroslav Stampar
4e300baaf2 minor cosmetics 2011-03-18 14:09:18 +00:00
Miroslav Stampar
3628887110 los cosmeticados 2011-03-18 14:08:36 +00:00
Miroslav Stampar
75c0e09f43 little refactoring 2011-03-18 13:46:51 +00:00
Miroslav Stampar
c301b245a9 adding default value for referer in case --referer was not defined and --level>=3 used (so it could be tested with default value) 2011-03-18 13:39:51 +00:00
Miroslav Stampar
b53c9a2599 minor fix and some refactoring 2011-03-18 00:24:02 +00:00
Miroslav Stampar
fbd0cfda29 minor update toward the implementation of request from Santiago 2011-03-17 06:39:05 +00:00
Bernardo Damele
f00aff5303 -v 0 shows both error, critical and raw_input messages 2011-03-11 22:02:38 +00:00
Bernardo Damele
d7d47b6257 Minor bug fix (revert) 2011-03-11 21:56:45 +00:00
Miroslav Stampar
e64f225e65 minor refactoring 2011-03-11 20:16:34 +00:00
Miroslav Stampar
6cc745f789 removal of deprecated piece of code (replaced later with that getCurrentThreadData().disableStdOut) 2011-03-11 20:04:15 +00:00
Miroslav Stampar
5eae525010 this was bothering me for some time (POST and/or GET payloads needs to be urlencoded throughly) 2011-03-11 19:57:44 +00:00
Bernardo Damele
3cb0ca4b63 Minor bug fix for --privileges on PgSQL with error-based SQL inj technique 2011-03-11 15:24:25 +00:00
Bernardo Damele
5af7410cb1 Another bug fix for --privileges on PgSQL with UNION query technique 2011-03-11 15:13:09 +00:00
Bernardo Damele
74ef1e53c7 Minor bug fixes to --privileges for PostgreSQL query (corner case) 2011-03-11 14:54:41 +00:00
Miroslav Stampar
eb1cda7065 minor refactoring (more consistent) 2011-03-09 12:06:32 +00:00
Miroslav Stampar
62e3510387 minor refactoring 2011-03-09 11:37:37 +00:00
Miroslav Stampar
5c97f9a496 improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries) 2011-03-09 09:36:56 +00:00
Miroslav Stampar
9b2962ff1c now when we don't urlencode whole URI using : and \ as safe chars is not a good idea 2011-03-09 08:56:29 +00:00
Miroslav Stampar
30619c599b minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...) 2011-03-08 11:53:59 +00:00
Miroslav Stampar
cc0306044c adding SVN revision number support for non SVN client platforms 2011-03-07 21:54:30 +00:00
Miroslav Stampar
16b286982d fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split') 2011-03-07 09:50:43 +00:00
Miroslav Stampar
8edc3b3302 further update regarding last commit 2011-03-03 10:39:04 +00:00
Miroslav Stampar
bc50387a17 possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms) 2011-03-03 09:42:50 +00:00
Miroslav Stampar
f27f05308a minor update for masking sensitive data in error report (added aCred too) 2011-03-02 10:09:17 +00:00
Miroslav Stampar
ad2e4002ea minor improvement 2011-03-01 10:38:27 +00:00
Miroslav Stampar
0f3cc153a3 fix for --technique 2011-03-01 09:54:06 +00:00
Miroslav Stampar
2bf212ffa9 minor minor update 2011-02-27 20:43:38 +00:00
Miroslav Stampar
7036190e8e minor improvement of regular expression 2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90 further reflective value handling improvement 2011-02-27 17:43:41 +00:00
Bernardo Damele
6e8ebd35f4 Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable 2011-02-27 12:17:41 +00:00
Miroslav Stampar
88faedc0fe fix for a bug reported by -insane- 2011-02-26 17:48:19 +00:00
Miroslav Stampar
11996ce12e bug fix for international encoded letters 2011-02-25 22:43:01 +00:00
Miroslav Stampar
2bbbc9a41e few updates 2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1 incorporation of method for neutralization of reflective values 2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608 added protection mechanism against reflected values 2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e If no Accept header field is present, then it is assumed that the client accepts all media types. 2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068 adding experimental for --group-concat 2011-02-22 14:35:38 +00:00
Miroslav Stampar
3f8eadf4fe minor refactoring 2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe minor refactoring 2011-02-22 12:54:22 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Miroslav Stampar
aac817935a further improvement of MaxDB support 2011-02-20 22:41:42 +00:00
Miroslav Stampar
70449eb01b minor bug fix 2011-02-20 21:35:28 +00:00
Miroslav Stampar
345df5968d minor update 2011-02-20 21:27:38 +00:00
Bernardo Damele
8e60acae5d Added support for --scope also in WebScarab logs (-l) 2011-02-19 21:03:55 +00:00
Miroslav Stampar
b71bb321dd some more Sybase updates 2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac some progress regarding SYBASE 2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab minor update regarding Sybase support 2011-02-19 14:07:08 +00:00
Miroslav Stampar
df58bcaf95 minor improvement 2011-02-18 14:27:02 +00:00
Miroslav Stampar
6cdf08b81c minor fix 2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217 --technique can now be something like 123 which includes both techniques 1, 2 and 3 2011-02-17 21:39:16 +00:00
Miroslav Stampar
199f14df46 implementation of MySQL GROUP_CONCAT technique 2011-02-15 00:28:27 +00:00
Bernardo Damele
2ea828e416 Proper fix for r3307 (file-write on MySQL via UNION query tech) 2011-02-13 22:48:01 +00:00
Miroslav Stampar
417b311475 minor update 2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d update regarding explicit testing of ua and referer when using -p 2011-02-13 21:58:48 +00:00
Miroslav Stampar
5fb11fd173 update regarding multiple DBMS payloads 2011-02-13 21:20:21 +00:00
Miroslav Stampar
9f7d666451 removing --method per request of buawig 2011-02-12 19:50:27 +00:00
Bernardo Damele
7253362114 Minor bug fix so that --file-write on MySQL via UNION query now works again 2011-02-11 23:35:45 +00:00
Miroslav Stampar
535eb9f3eb implementation of referer feature 2011-02-11 23:07:03 +00:00
Miroslav Stampar
4295a78c5f minor update 2011-02-10 19:51:34 +00:00
Bernardo Damele
c078de894f Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA 2011-02-10 14:24:04 +00:00
Bernardo Damele
864eade744 Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase 2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba More fixes for --common-columns to work against MSSQL too 2011-02-09 17:22:07 +00:00
Miroslav Stampar
7d9be18789 added one comment 2011-02-09 14:34:18 +00:00
Miroslav Stampar
bafc8a1b0f another update 2011-02-09 13:29:52 +00:00
Miroslav Stampar
600f729139 fix for a bug reported by skysbsb@gmail.com (double ORDER BY) 2011-02-09 12:43:09 +00:00
Miroslav Stampar
5b57a69f3e fix 2011-02-09 11:20:03 +00:00
Miroslav Stampar
37f7001143 first commit with mysql/error/substringing 2011-02-08 16:23:33 +00:00
Bernardo Damele
c3eb82e60b Proper fix 2011-02-08 10:08:48 +00:00
Miroslav Stampar
dba2f74588 revert of r3274 2011-02-08 09:44:34 +00:00
Bernardo Damele
cfe2da0195 Minor fix 2011-02-08 00:13:39 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Miroslav Stampar
771020abd6 one more related commit 2011-02-07 16:32:08 +00:00
Miroslav Stampar
265e7ca272 fix for that MSSQL limit/top problem 2011-02-07 16:24:23 +00:00
Miroslav Stampar
99e9412f74 minor update 2011-02-07 12:34:23 +00:00
Miroslav Stampar
e023e0d233 proper fix 2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85 Minor fixes to checking/re-enabling of xp_cmdshell procedure 2011-02-07 12:17:19 +00:00
Miroslav Stampar
096efea282 added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] 2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4 More statements to exclude from unescap'ing 2011-02-07 00:33:54 +00:00
Bernardo Damele
3719f085ae Added back-end dbms' OS based methods to Backend object - will be used for refactoring 2011-02-07 00:21:17 +00:00
Bernardo Damele
2e00656235 Minor fix 2011-02-07 00:20:23 +00:00
Bernardo Damele
bf5ca4bd9a No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') 2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
6a71629575 Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
Bernardo Damele
0800d9e49b Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() 2011-02-06 22:58:12 +00:00
Bernardo Damele
f3d6be7868 Code cleanup 2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
c4c2cf1d58 can't stay as it is right now. temporary disabling. 2011-02-06 21:17:41 +00:00
Bernardo Damele
6191a7f26f Major fix for a silent bug 2011-02-06 15:53:43 +00:00
Miroslav Stampar
4df8a03c04 using OrderedDict to store parameters in order of appearance 2011-02-04 18:07:21 +00:00
Miroslav Stampar
acb986ae80 minor refactoring 2011-02-04 17:40:55 +00:00
Bernardo Damele
fec88f6a6d Minor fix 2011-02-04 15:57:53 +00:00
Miroslav Stampar
09e88cfb19 fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len()) 2011-02-04 14:05:47 +00:00
Miroslav Stampar
f83f1a1e06 minor just in case update 2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e minor refactoring 2011-02-04 13:04:19 +00:00
Miroslav Stampar
accf4e6ce0 one important fix (URI injection parameter '*' now can go anywhere) 2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1 little clean up 2011-02-04 12:25:14 +00:00
Miroslav Stampar
c229efba05 revert 2011-02-04 11:33:21 +00:00
Miroslav Stampar
d211def899 minor adjustment (accepting strange new looking uri formats) 2011-02-04 10:55:03 +00:00
Miroslav Stampar
e4933f0c92 refactoring 2011-02-03 23:25:56 +00:00
Miroslav Stampar
9a1a28c804 adding comments to filtering function 2011-02-03 23:09:08 +00:00
Miroslav Stampar
e5f54644f0 minor "statistical" update 2011-02-03 16:59:49 +00:00
Miroslav Stampar
b56a77e573 removing obsolete switches (--threshold, --excl-reg, --excl-str) 2011-02-03 15:55:19 +00:00
Miroslav Stampar
1b9850b73a revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) ) 2011-02-03 12:21:29 +00:00
Miroslav Stampar
5edba2ffbc minor change (conf.updateAll to conf.update) 2011-02-03 11:13:39 +00:00
Miroslav Stampar
5f49e20cc8 adding --random-agent and removing -a 2011-02-02 14:51:12 +00:00
Miroslav Stampar
2dae57a56d cosmetics 2011-02-02 14:35:21 +00:00
Miroslav Stampar
6c87bd1c63 added maskSensitiveData function 2011-02-02 14:25:16 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
e73a147fb5 minor update 2011-02-02 11:49:59 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f minor refactoring 2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS) 2011-02-02 09:24:37 +00:00
Miroslav Stampar
af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) 2011-02-01 22:45:38 +00:00
Bernardo Damele
2619e4895f Properly handle --technique at save/resume phase 2011-02-01 22:05:48 +00:00
Bernardo Damele
3d966bd569 You never know.. 2011-02-01 22:05:12 +00:00
Miroslav Stampar
705d45f4db minor cosmetics 2011-02-01 11:10:23 +00:00
Miroslav Stampar
196e2d35b2 maybe we could ask user "are you willing to import local data content into error report" and use this function respectably 2011-02-01 11:06:56 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Miroslav Stampar
25c175a9a5 minor bug fix 2011-01-31 22:34:57 +00:00
Bernardo Damele
b04e1a0313 More detailed message for unhandled exception 2011-01-31 21:23:40 +00:00
Bernardo Damele
ec9ebb3479 Set threads to 4 when optimization switch is provided, -o 2011-01-31 21:21:13 +00:00
Bernardo Damele
8397c526d8 Minor adjustment 2011-01-31 21:20:23 +00:00
Miroslav Stampar
fa58a9c86b update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) 2011-01-31 20:36:01 +00:00
Miroslav Stampar
b1dc928e68 implemented validation for time-based inference 2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c fix for a bug (--predict-output) noticed by Bernardo 2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Miroslav Stampar
fb3513650d adding ID properties 2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8 refactoring of MSSQL XML banner parsing 2011-01-31 11:38:00 +00:00
Miroslav Stampar
7175efcae1 another minor cosmetic update 2011-01-31 10:59:51 +00:00
Miroslav Stampar
97328c3104 minor fix 2011-01-31 10:54:13 +00:00
Miroslav Stampar
5e768be509 minor bug fix 2011-01-31 09:34:54 +00:00
Miroslav Stampar
f7feebe0df fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments) 2011-01-31 09:28:16 +00:00
Miroslav Stampar
fc9c626f9e minor refactoring (removed URL_ENCODE_PAYLOAD) 2011-01-30 17:03:06 +00:00
Bernardo Damele
21e7223779 perhaps this is better english 2011-01-30 16:34:13 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d added some more info to unhandled exception message(s) 2011-01-28 16:15:45 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Miroslav Stampar
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) 2011-01-27 18:36:28 +00:00
Miroslav Stampar
03413bd5e0 minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload) 2011-01-27 16:55:58 +00:00
Miroslav Stampar
bb6e36fb02 minor updates 2011-01-27 12:38:39 +00:00
Miroslav Stampar
6cc69f5e16 now --technique is appliable also after the injections have been identified 2011-01-24 16:47:24 +00:00
Miroslav Stampar
81011be0d7 minor update of parseTargetUrl method 2011-01-24 14:52:50 +00:00
Bernardo Damele
e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads 2011-01-24 12:25:45 +00:00
Miroslav Stampar
4441e11f68 fix for case -r with no params and cookie available 2011-01-24 11:26:51 +00:00
Miroslav Stampar
a3e3387113 fix for proper Firebird resume of version 2011-01-24 11:04:32 +00:00
Miroslav Stampar
c1145c244e fix for user-agent injections 2011-01-23 23:23:30 +00:00
Miroslav Stampar
b18397fbc7 major revisit of --os-shell methods 2011-01-23 20:47:06 +00:00
Miroslav Stampar
f5ff78d40c revert 2011-01-23 11:21:27 +00:00
Miroslav Stampar
3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) 2011-01-23 10:12:01 +00:00
Miroslav Stampar
30cd877c4a fix for URI based injections 2011-01-22 16:23:33 +00:00
Bernardo Damele
f1b402b103 Proper handling of CASE in Oracle, finally 2011-01-20 21:58:50 +00:00
Bernardo Damele
4128b2c87f Enforce that when --prefix is provided, --suffix is too and viceversa. 2011-01-20 21:57:54 +00:00
Bernardo Damele
7d1c704575 Moved little precaution from checks.py to common.py.
Initial refactoring of kb.os* get/set.
2011-01-20 21:56:10 +00:00
Bernardo Damele
9770db597e Centralization of unescape() 2011-01-20 21:55:13 +00:00
Miroslav Stampar
dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode 2011-01-20 17:53:49 +00:00
Miroslav Stampar
ad12242151 LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) 2011-01-20 16:27:59 +00:00
Miroslav Stampar
e8c037de1a minor update 2011-01-20 16:17:38 +00:00
Miroslav Stampar
4e5f0da1ae minor update 2011-01-20 16:07:08 +00:00
Miroslav Stampar
2fa066f892 added support for WebScarab logs 2011-01-20 15:55:50 +00:00
Miroslav Stampar
345e2288e1 important fix regarding encoding stuff 2011-01-20 13:54:18 +00:00
Miroslav Stampar
f6f4b5e9dd bug fix for charset used in inference for pages retrieved with --null-connection 2011-01-20 11:01:01 +00:00
Bernardo Damele
701947490b Two major bug fixes related to UNION technique query forging 2011-01-19 23:46:39 +00:00
Miroslav Stampar
7a060e756d dummy fix for SQLite schema retrieval (lots of spaces inside) 2011-01-19 23:16:22 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Miroslav Stampar
c106dc829a more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run) 2011-01-19 22:08:56 +00:00
Miroslav Stampar
7ad41f9b19 bug fix (UnboundLocalError: local variable 'colType' referenced before assignment) 2011-01-19 21:46:43 +00:00
Miroslav Stampar
aea43a1e43 minor refactoring 2011-01-19 15:26:57 +00:00
Miroslav Stampar
eadaf680de fuck yea 2011-01-19 15:25:48 +00:00
Miroslav Stampar
89e0fd0709 back to roots 2011-01-19 14:06:26 +00:00
Bernardo Damele
33485198e1 Code cleanup 2011-01-18 23:05:32 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
2011-01-18 23:02:11 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
35fb50a6ee Major bug fix 2011-01-17 22:56:04 +00:00
Bernardo Damele
47565f9459 Minor code refactoring 2011-01-17 21:13:59 +00:00
Miroslav Stampar
041abb56e2 you can't believe how much man can learn when having good testing points 2011-01-17 13:59:22 +00:00
Miroslav Stampar
d225c5c9aa was wrong about this one (just now tested on a real site) 2011-01-17 11:00:09 +00:00
Miroslav Stampar
ac0b5e6dbc proper way to handle this (console output has totally different encoding than the page one) 2011-01-17 10:27:36 +00:00
Miroslav Stampar
34d13be0d3 minor update regarding default page encoding 2011-01-17 10:23:37 +00:00
Miroslav Stampar
5c857779c1 important fix for unicode based character inference 2011-01-17 10:15:19 +00:00
Miroslav Stampar
0fcca671bd information update regarding common password suffixes 2011-01-17 09:28:25 +00:00
Miroslav Stampar
a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') 2011-01-17 00:17:31 +00:00
Miroslav Stampar
2041361695 minor cosmetics 2011-01-16 23:20:52 +00:00
Miroslav Stampar
e2c821eb81 minor cosmetics 2011-01-16 22:35:54 +00:00
Miroslav Stampar
e881465a9f minor improvement 2011-01-16 20:55:07 +00:00
Miroslav Stampar
a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) 2011-01-16 19:25:10 +00:00
Miroslav Stampar
5476a8a27e russian sites are great for testing :) 2011-01-16 19:00:19 +00:00
Miroslav Stampar
19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) 2011-01-16 18:25:18 +00:00
Miroslav Stampar
30d6791968 update regarding time based data retrieval 2011-01-16 17:52:42 +00:00
Miroslav Stampar
2001bad7e1 automatic adjustment of timeSec for delayed queries 2011-01-16 12:04:32 +00:00
Miroslav Stampar
71391874eb slightly faster and thread safer inference 2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix.
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Miroslav Stampar
29ea0950b6 now False is also affected (along with None and "") 2011-01-15 23:43:26 +00:00
Bernardo Damele
558f3894f4 Minor improvement 2011-01-15 23:20:52 +00:00
Bernardo Damele
d3a28124b1 More code cleanup 2011-01-15 23:11:36 +00:00
Miroslav Stampar
3873d204bb important update for dictionary attack 2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c code review of modules in lib/core directory 2011-01-15 12:13:45 +00:00
Miroslav Stampar
daf5662eab update 2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d Code cleanup 2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51 minor code refactoring 2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc Minor bug fix 2011-01-14 14:20:28 +00:00
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7 Minor bug fix 2011-01-14 09:49:14 +00:00
Miroslav Stampar
676b95b30a minor code refactoring 2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020 Minor bug fix 2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
b0fdbdb13b minor update 2011-01-13 15:15:56 +00:00
Bernardo Damele
877ea31521 Verbose docstring 2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555 update 2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62 Cosmetics 2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca minor update 2011-01-13 11:08:29 +00:00
Bernardo Damele
ca33728fbc Minor fix to avoid query splitting/unpacking when the statement is EXISTS() 2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix.
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f Minor code refactoring and added internal debug prints 2011-01-12 12:03:23 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
3cff42986f Code cleanup 2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
b5c6f7556f Minor update 2011-01-12 00:53:48 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
c2e994e806 Minor adjustment 2011-01-11 23:56:04 +00:00
Bernardo Damele
5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns.
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Miroslav Stampar
394b6bc029 reverting some changes 2011-01-11 12:11:33 +00:00
Miroslav Stampar
54e0ba935a minor update 2011-01-11 12:08:36 +00:00
Miroslav Stampar
690281dce1 didn't know this to be honest 2011-01-11 10:17:22 +00:00
Miroslav Stampar
0676b38063 revert of one thing for Bernardo and minor update 2011-01-10 10:30:17 +00:00
Miroslav Stampar
77b51dae57 adding openFile method with an exception block around file opening part 2011-01-08 09:30:10 +00:00
Bernardo Damele
97ae7e330f cosmetics 2011-01-07 17:10:58 +00:00
Bernardo Damele
e373dac1f2 Cosmetics 2011-01-07 16:50:39 +00:00
Miroslav Stampar
c17714c423 suppress session in case of brute methods 2011-01-07 16:47:46 +00:00
Miroslav Stampar
b313a20a3f some fixes 2011-01-07 16:39:47 +00:00
Miroslav Stampar
1a079c62cb minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones) 2011-01-07 16:08:01 +00:00
Bernardo Damele
1c86ec374e Code refactoring and cosmetics 2011-01-07 15:41:09 +00:00
Miroslav Stampar
a8d660db54 fixes for bugs reported by pragmatk@gmail.com 2011-01-06 16:59:58 +00:00
Miroslav Stampar
cc9ca802bf minor update 2011-01-06 08:54:50 +00:00
Miroslav Stampar
1297df66da fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed) 2011-01-06 08:04:59 +00:00
Miroslav Stampar
694a65f6f1 minor fix/update 2011-01-05 13:32:40 +00:00
Miroslav Stampar
7ae5192070 adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data) 2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5 foundation for filtering binary string values (for example, replacement of non readable chars with #) 2011-01-04 21:56:37 +00:00
Miroslav Stampar
aa81ed4033 implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers) 2011-01-04 15:49:20 +00:00
Miroslav Stampar
fdc463d08b fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range) 2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
92e4cdb241 raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic 2011-01-03 14:21:41 +00:00
Miroslav Stampar
d19a8d53e4 minor update 2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2 added one new quick check for multiple target(s) mode 2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254 code refactoring 2011-01-02 16:51:21 +00:00
Miroslav Stampar
f762f32de8 bug fix for proper --parse-errors on .aspx pages 2011-01-02 13:00:04 +00:00
Miroslav Stampar
dce9a762f1 important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode 2011-01-02 10:37:32 +00:00
Miroslav Stampar
6651ba05eb another fix (OS was set to None at all previous sessions if there was no explicit OS testing done) 2011-01-02 08:08:38 +00:00
Miroslav Stampar
da138c46c1 added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly) 2011-01-02 07:37:47 +00:00
Miroslav Stampar
428e817a32 some refactoring 2011-01-01 23:57:27 +00:00
Miroslav Stampar
212035e64d user can now choose if he wants to skip non-heuristic based DBMS tests 2011-01-01 23:38:11 +00:00
Miroslav Stampar
0e815177c8 minor update 2011-01-01 19:07:40 +00:00
Miroslav Stampar
613242e298 bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved) 2010-12-29 19:48:19 +00:00
Miroslav Stampar
8f32c740ff code refactoring 2010-12-29 19:39:32 +00:00
Miroslav Stampar
93838fb155 "patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError) 2010-12-28 14:40:34 +00:00
Miroslav Stampar
9fb0e0fc85 resume of brute forced data is now available 2010-12-27 14:17:20 +00:00
Miroslav Stampar
51a492e17d pretty important commit (now dumped tables are prone to dictionary attack) 2010-12-27 10:56:28 +00:00
Miroslav Stampar
269d6bde24 this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion) 2010-12-27 00:14:29 +00:00
Miroslav Stampar
89c2640d23 basic --search now works with MS Access 2010-12-26 23:50:16 +00:00
Miroslav Stampar
ceeb6374e8 bug fix (TypeError: object of type 'NoneType' has no len()) 2010-12-26 13:27:24 +00:00
Miroslav Stampar
569e060aab important improvement 2010-12-26 13:20:52 +00:00
Miroslav Stampar
a555d1ad68 minor improvement 2010-12-26 11:15:02 +00:00
Miroslav Stampar
562a6440d1 fix for a bug reported by nightman (same as http://bugs.python.org/issue8797) 2010-12-26 09:33:04 +00:00
Miroslav Stampar
b472b96f92 bug fix, refactoring and improved extractErrorMessage capabilities 2010-12-25 10:16:20 +00:00
Miroslav Stampar
2c23a59ba5 fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 12:13:48 +00:00
Miroslav Stampar
aab14fa2d3 minor refactoring/cosmetics 2010-12-24 11:06:57 +00:00
Miroslav Stampar
23dc408901 prioritization of tests based on DBMS error messages and some comments in common.py 2010-12-24 10:55:41 +00:00
Miroslav Stampar
d9f08e4aa3 randomization of user agents 2010-12-24 10:04:27 +00:00
Miroslav Stampar
d5eebb1cbf fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6 2010-12-24 09:49:19 +00:00
Miroslav Stampar
017ea9e686 update 2010-12-23 14:06:22 +00:00
Miroslav Stampar
73f33c1999 bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped) 2010-12-23 11:28:13 +00:00
Miroslav Stampar
7c06dbffc3 bug fix (AttributeError: 'unicode' object has no attribute 'sort') 2010-12-22 18:55:50 +00:00
Bernardo Damele
c1f2534e9a More bug fixes to properly distinguish between full inband and single-entry inband sql injections 2010-12-22 15:47:52 +00:00
Miroslav Stampar
8212b7b745 bug fix 2010-12-22 12:16:04 +00:00
Miroslav Stampar
5be9c04e44 update regarding Sybase syntax 2010-12-22 10:39:56 +00:00
Miroslav Stampar
d974a966b8 minor fix for end phase (Ctrl+C) 2010-12-21 23:55:55 +00:00
Miroslav Stampar
fb75d0636b minor update 2010-12-21 23:42:59 +00:00
Miroslav Stampar
09479c85dc minor bug fix 2010-12-21 22:35:44 +00:00
Miroslav Stampar
7a525f28d4 cosmetics 2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d minor tuning (2 techniques MAX per value used) 2010-12-21 15:24:14 +00:00
Miroslav Stampar
6c1133c4d4 some code refactoring 2010-12-21 15:13:13 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Bernardo Damele
aca074b769 Removed unused outdated code 2010-12-21 10:49:52 +00:00
Miroslav Stampar
6b37ddada4 removed some blank trailing spaces (with extra/shutils/blanks.sh) 2010-12-21 10:31:56 +00:00
Bernardo Damele
1a3f57e5fe Cosmetics 2010-12-21 09:23:00 +00:00
Miroslav Stampar
116c141dfa another fix 2010-12-21 00:47:07 +00:00
Miroslav Stampar
8067365b93 fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident') 2010-12-20 23:47:53 +00:00
Miroslav Stampar
8fd3e7ba1f thread based data added 2010-12-20 22:45:01 +00:00
Miroslav Stampar
c9e8aae8a2 we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads) 2010-12-20 19:34:41 +00:00
Miroslav Stampar
e09bc2406c minor refactoring 2010-12-20 19:24:20 +00:00
Miroslav Stampar
5852bad963 some refactoring 2010-12-20 18:56:06 +00:00
Miroslav Stampar
19d8733e9a this is strictly for educational purposes 2010-12-20 17:30:47 +00:00
Miroslav Stampar
13d5b2c0ff code refactoring 2010-12-20 09:44:21 +00:00
Miroslav Stampar
36862e2efa update 2010-12-18 15:57:47 +00:00
Miroslav Stampar
e355f92f22 bug fix 2010-12-18 10:02:01 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
a19cb2c13a code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") 2010-12-17 21:29:09 +00:00
Miroslav Stampar
07609bfb53 minor fix 2010-12-17 19:33:20 +00:00
Miroslav Stampar
de54219571 code refactoring 2010-12-15 12:50:56 +00:00
Miroslav Stampar
c1c525aaea quick fix of a fix 2010-12-15 12:10:33 +00:00
Miroslav Stampar
7cfeb5447b minor update 2010-12-15 11:46:28 +00:00
Miroslav Stampar
4dec24d056 quick fix for a bug reported by Andreas Constantinides (KeyError: 5) 2010-12-15 11:30:29 +00:00
Miroslav Stampar
f8a01ddaf8 minor update 2010-12-15 11:21:47 +00:00
Miroslav Stampar
c3d0295d21 minor update (checking for --time-sec value) 2010-12-14 12:37:21 +00:00
Miroslav Stampar
b75d7fa348 minor cache based optimization 2010-12-14 12:22:17 +00:00
Bernardo Damele
04caef6de0 Tuning 2010-12-13 23:04:26 +00:00
Bernardo Damele
cfcee6439e Cosmetics 2010-12-13 21:55:30 +00:00
Bernardo Damele
4b79227b5a Minor bug fix to properly merge options from .conf file (-c) with command line switches 2010-12-13 21:36:23 +00:00
Bernardo Damele
698f30e65e Cosmetics 2010-12-13 21:34:35 +00:00
Miroslav Stampar
d56f47d530 fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20') 2010-12-12 23:59:55 +00:00
Miroslav Stampar
e98d9c08e1 dumping table is now possible on Firebird too 2010-12-12 14:38:07 +00:00
Miroslav Stampar
c93634b6c7 blind dumping of tables in sqlite implemented 2010-12-11 22:13:19 +00:00
Miroslav Stampar
b1babeefe5 update regarding dumping of tables with blind on Sqlite 2010-12-11 22:00:16 +00:00
Miroslav Stampar
6a24048aa6 urllib2 doesn't play well with '\n' when non unescaped chars used 2010-12-11 21:17:54 +00:00
Miroslav Stampar
d2a3e8f44f first time firebird error-based query success 2010-12-11 11:17:24 +00:00
Miroslav Stampar
f021548bd0 added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use) 2010-12-11 10:52:04 +00:00
Miroslav Stampar
1fc9ed10a8 minor refactoring 2010-12-10 12:30:36 +00:00
Miroslav Stampar
fe2039f5ba coollyy little commits 2010-12-10 11:32:46 +00:00
Miroslav Stampar
d5e7a8d305 update 2010-12-10 10:54:17 +00:00
Bernardo Damele
b6dcbcef5b Minor fix 2010-12-10 10:52:55 +00:00
Miroslav Stampar
bbffea2cbc bug fix 2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9 code refactoring 2010-12-09 16:49:02 +00:00
Bernardo Damele
5fb04515d3 Added hidden (for the moment) switch --technique 2010-12-09 13:47:17 +00:00
Miroslav Stampar
ec5c08ca7a cosmetics 2010-12-09 09:24:20 +00:00
Miroslav Stampar
db39dc32fc minor update 2010-12-09 00:59:39 +00:00
Bernardo Damele
9c61adb21d Cosmetics 2010-12-09 00:26:06 +00:00
Miroslav Stampar
258e9fb50e fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied) 2010-12-08 21:16:18 +00:00
Miroslav Stampar
81c16926c1 code refactoring some more 2010-12-08 14:46:07 +00:00
Miroslav Stampar
95b48746a6 cosmetics 2010-12-08 14:29:09 +00:00
Miroslav Stampar
01cf1394a4 code refactoring 2010-12-08 14:26:40 +00:00
Miroslav Stampar
af22679605 minor update 2010-12-08 13:09:27 +00:00
Miroslav Stampar
6223f25dd9 code beautification 2010-12-08 13:04:48 +00:00
Miroslav Stampar
64cc2588f1 now resume is available for time-based blinds too 2010-12-08 12:49:26 +00:00
Miroslav Stampar
293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) 2010-12-07 23:32:33 +00:00
Miroslav Stampar
b21eb88905 minor update 2010-12-07 22:45:38 +00:00
Miroslav Stampar
dc651d59ec little mathematics here and there (used "Rules for normally distributed data") 2010-12-07 19:19:12 +00:00
Bernardo Damele
5f97312f29 Minor fix 2010-12-07 17:17:38 +00:00
Miroslav Stampar
ecd4a5a532 added standard deviation check in time based tests 2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec more advanced time technique(s) 2010-12-07 16:04:53 +00:00
Miroslav Stampar
add6235b16 removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session 2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f code refactoring 2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8 Added counter of total HTTP(s) requests done during detection phase 2010-12-07 12:33:47 +00:00
Bernardo Damele
effd2ca0e3 Cosmetics 2010-12-07 12:32:58 +00:00
Miroslav Stampar
2af8835a94 fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter) 2010-12-07 10:57:32 +00:00
Miroslav Stampar
3d87489de5 minor update 2010-12-07 08:05:03 +00:00
Miroslav Stampar
61f82fd274 introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic 2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6 removed ERROR_SPACE 2010-12-06 22:40:07 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Miroslav Stampar
27ee9a5ccf minor refactoring 2010-12-06 15:50:19 +00:00
Miroslav Stampar
a43d252ae9 minor update 2010-12-06 00:14:08 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Bernardo Damele
41e1b95c6c Minor code refactoring and finally make exploitation work also on OR boolean-based injections 2010-12-05 11:25:44 +00:00
Miroslav Stampar
9e5f933ace some updates 2010-12-04 15:47:02 +00:00
Miroslav Stampar
3f9450b9dc minor fix 2010-12-04 14:43:35 +00:00
Miroslav Stampar
1f795622b3 some fine tuning of dynamicity removing engine 2010-12-04 13:39:35 +00:00
Miroslav Stampar
eeb199375b usage of compiled regexes in case of dynamic markings and other refactoring 2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8 code refactoring 2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9 now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s)) 2010-12-04 10:05:18 +00:00
Miroslav Stampar
b3a094b9d6 fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql') 2010-12-03 22:44:29 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
5d37df6104 Ugly code to set the cookies when got them from a 302 redirect too 2010-12-03 17:41:10 +00:00
Bernardo Damele
9d55c4da87 Done with support for injection in ORDER BY and GROUP BY (hopefully) 2010-12-03 16:12:47 +00:00
Bernardo Damele
91c3cf8fd0 Minor improvement 2010-12-03 16:11:57 +00:00
Bernardo Damele
126a1479d8 Bug fix for --union-test 2010-12-03 14:57:30 +00:00
Bernardo Damele
b824826a89 Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses 2010-12-03 14:39:51 +00:00
Miroslav Stampar
612ee08a0b added response time kb attribute 2010-12-03 13:19:34 +00:00
Bernardo Damele
4dec049c22 Major bug fix for test on ORDER BY and GROUP BY clauses.
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
2010-12-03 12:00:03 +00:00
Bernardo Damele
827a0aea05 Minor bug fix 2010-12-03 11:15:11 +00:00
Bernardo Damele
7690aa85ce Added a comment needed to understand this hack when looking at the code in a month or so ;) 2010-12-03 11:00:41 +00:00
Bernardo Damele
a9d4b37987 Code cleanup and minor refactoring 2010-12-03 10:51:27 +00:00
Bernardo Damele
22de82634a Important update to parse correctly the <where> tag during exploitation phase.
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Miroslav Stampar
2cc167a42e fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'" 2010-12-02 18:57:43 +00:00
Bernardo Damele
283a04e29a On my way to properly parse test's <where> tag in exploitation phase 2010-12-01 23:32:58 +00:00
Bernardo Damele
09b265a1ea Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check 2010-12-01 23:32:02 +00:00
Bernardo Damele
089c16a1b8 Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
c00ea7f5e5 Store and resume also UNION char to session file (--union-char) 2010-12-01 10:59:58 +00:00
Bernardo Damele
2708aad504 Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests. 2010-12-01 10:31:50 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
8b9706656e Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.
Minor code refactoring too.
2010-11-29 17:18:38 +00:00
Miroslav Stampar
e735f2960a minor update 2010-11-29 15:25:45 +00:00
Miroslav Stampar
70e87d959e update of dynamicity engine 2010-11-29 15:14:49 +00:00
Bernardo Damele
2efb3b78ea Consider also --dbms value during the detection phase 2010-11-29 14:48:07 +00:00
Bernardo Damele
76ce9cc888 Minor bug fix for --forms 2010-11-29 12:46:18 +00:00
Bernardo Damele
c22338ce90 Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more). 2010-11-29 11:47:58 +00:00
Bernardo Damele
e8c6c01e27 precaution 2010-11-29 09:54:30 +00:00
Bernardo Damele
9d7087e2ff Proper saving and resuming when more than a parameter are injectable.
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00