sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,813 Commits 4 Branches 117 Tags 97 MiB
428e817a32
Commit Graph

1243 Commits

Author SHA1 Message Date
Miroslav Stampar
03220d34ba added Ctrl+C check in detection phase 2010-12-18 10:42:09 +00:00
Miroslav Stampar
e355f92f22 bug fix 2010-12-18 10:02:01 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
108a96c6b4 some fixes 2010-12-17 21:45:20 +00:00
Miroslav Stampar
a19cb2c13a code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") 2010-12-17 21:29:09 +00:00
Miroslav Stampar
b4450c6ddd added one more level of MSSQL version check (if first fails for some reason) 2010-12-17 21:01:14 +00:00
Miroslav Stampar
07609bfb53 minor fix 2010-12-17 19:33:20 +00:00
Miroslav Stampar
323af45ce4 added one more time request payload to confirm test results 2010-12-17 07:53:58 +00:00
Miroslav Stampar
e3fa3b0e8e fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint') 2010-12-17 07:48:32 +00:00
Miroslav Stampar
95b2c0803b minor fix 2010-12-15 20:51:29 +00:00
Miroslav Stampar
de54219571 code refactoring 2010-12-15 12:50:56 +00:00
Miroslav Stampar
cda00c7501 code refactoring 2010-12-15 12:43:56 +00:00
Miroslav Stampar
3f34b06a24 minor cosmetics 2010-12-15 12:34:14 +00:00
Miroslav Stampar
445cc3bf3c minor cosmetics 2010-12-15 12:15:43 +00:00
Miroslav Stampar
c1c525aaea quick fix of a fix 2010-12-15 12:10:33 +00:00
Miroslav Stampar
7cfeb5447b minor update 2010-12-15 11:46:28 +00:00
Miroslav Stampar
4dec24d056 quick fix for a bug reported by Andreas Constantinides (KeyError: 5) 2010-12-15 11:30:29 +00:00
Miroslav Stampar
f8a01ddaf8 minor update 2010-12-15 11:21:47 +00:00
Miroslav Stampar
63f5c35c23 bug fix 2010-12-15 10:02:58 +00:00
Miroslav Stampar
c3d0295d21 minor update (checking for --time-sec value) 2010-12-14 12:37:21 +00:00
Miroslav Stampar
b75d7fa348 minor cache based optimization 2010-12-14 12:22:17 +00:00
Miroslav Stampar
270ae0f080 just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False 2010-12-14 09:05:00 +00:00
Bernardo Damele
04caef6de0 Tuning 2010-12-13 23:04:26 +00:00
Bernardo Damele
cfcee6439e Cosmetics 2010-12-13 21:55:30 +00:00
Bernardo Damele
86690682c7 Minor bug fix to respect -v value in --common-tables and --common-columns 2010-12-13 21:37:12 +00:00
Bernardo Damele
4b79227b5a Minor bug fix to properly merge options from .conf file (-c) with command line switches 2010-12-13 21:36:23 +00:00
Bernardo Damele
db844c1785 No point in showing the error-based inject payload, it's same as the one showed in -v3 2010-12-13 21:35:20 +00:00
Bernardo Damele
698f30e65e Cosmetics 2010-12-13 21:34:35 +00:00
Bernardo Damele
a02dd6b55b Minor enhancement to speedup active dbms fingerprint (-f). 
Code cleanup and refactoring.
 2010-12-13 21:33:42 +00:00
Miroslav Stampar
d56f47d530 fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20') 2010-12-12 23:59:55 +00:00
Miroslav Stampar
6a3c4485e6 minor update (removing extra ()) 2010-12-12 14:44:39 +00:00
Miroslav Stampar
e98d9c08e1 dumping table is now possible on Firebird too 2010-12-12 14:38:07 +00:00
Miroslav Stampar
c93634b6c7 blind dumping of tables in sqlite implemented 2010-12-11 22:13:19 +00:00
Miroslav Stampar
b1babeefe5 update regarding dumping of tables with blind on Sqlite 2010-12-11 22:00:16 +00:00
Miroslav Stampar
f7344a5fc3 update 2010-12-11 21:28:11 +00:00
Miroslav Stampar
6a24048aa6 urllib2 doesn't play well with '\n' when non unescaped chars used 2010-12-11 21:17:54 +00:00
Miroslav Stampar
e6c66fa37c update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available 2010-12-11 17:55:28 +00:00
Miroslav Stampar
e32fa9df43 further update regarding bugtrace's report 2010-12-11 17:32:15 +00:00
Miroslav Stampar
5d18c98ec2 quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment) 2010-12-11 17:20:39 +00:00
Miroslav Stampar
03447acc1d avoiding some trashy match ratios 2010-12-11 17:12:19 +00:00
Miroslav Stampar
d2a3e8f44f first time firebird error-based query success 2010-12-11 11:17:24 +00:00
Miroslav Stampar
f021548bd0 added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use) 2010-12-11 10:52:04 +00:00
Miroslav Stampar
c17f444aab minor fix 2010-12-11 10:22:18 +00:00
Miroslav Stampar
3dc0a51d34 major bug fix with boolean expressions 2010-12-11 08:46:19 +00:00
Miroslav Stampar
ac9080c07b update 2010-12-11 08:24:29 +00:00
Miroslav Stampar
66db80804d fix 2010-12-10 16:03:32 +00:00
Miroslav Stampar
435f48b8cc polite cosmetics 2010-12-10 15:28:56 +00:00
Miroslav Stampar
977988c0ab cosmetics 2010-12-10 15:24:25 +00:00
Miroslav Stampar
fa8d378e80 another update 2010-12-10 15:18:15 +00:00
Miroslav Stampar
1ef44cfe60 fix 2010-12-10 15:06:53 +00:00
Miroslav Stampar
fe186cde55 proper fix 2010-12-10 13:26:31 +00:00
Miroslav Stampar
9957881040 you won't believe commit 2010-12-10 13:20:59 +00:00
Miroslav Stampar
1fc9ed10a8 minor refactoring 2010-12-10 12:30:36 +00:00
Miroslav Stampar
4d8628e8fb fix for booleans 2010-12-10 12:26:01 +00:00
Miroslav Stampar
fe2039f5ba coollyy little commits 2010-12-10 11:32:46 +00:00
Miroslav Stampar
d5e7a8d305 update 2010-12-10 10:54:17 +00:00
Bernardo Damele
b6dcbcef5b Minor fix 2010-12-10 10:52:55 +00:00
Miroslav Stampar
471d9ccd65 another fix of my lala 2010-12-10 10:11:25 +00:00
Miroslav Stampar
029a6abba2 quick fix 2010-12-10 09:54:25 +00:00
Miroslav Stampar
441fc8dbd9 update regarding boolean based expressions 2010-12-09 21:15:18 +00:00
Miroslav Stampar
d5fb921154 removed debug print 2010-12-09 20:08:59 +00:00
Miroslav Stampar
1492823de0 it wasn't pretty, now it's pretty 2010-12-09 20:06:20 +00:00
Miroslav Stampar
bbffea2cbc bug fix 2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9 code refactoring 2010-12-09 16:49:02 +00:00
Bernardo Damele
df5f6bc1b7 Little precaution 2010-12-09 14:06:43 +00:00
Bernardo Damele
9230877d98 cosmetics 2010-12-09 13:57:38 +00:00
Bernardo Damele
5fb04515d3 Added hidden (for the moment) switch --technique 2010-12-09 13:47:17 +00:00
Miroslav Stampar
cdff29ada7 update 2010-12-09 11:23:44 +00:00
Miroslav Stampar
196131bbca minor cosmetics 2010-12-09 10:42:00 +00:00
Miroslav Stampar
ec5c08ca7a cosmetics 2010-12-09 09:24:20 +00:00
Miroslav Stampar
3fd1c37d53 update 2010-12-09 07:49:18 +00:00
Miroslav Stampar
db39dc32fc minor update 2010-12-09 00:59:39 +00:00
Bernardo Damele
0c01be0eeb Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work). 2010-12-09 00:34:02 +00:00
Bernardo Damele
9c61adb21d Cosmetics 2010-12-09 00:26:06 +00:00
Bernardo Damele
b5c6527c72 Minor fix 2010-12-09 00:25:48 +00:00
Bernardo Damele
f5ce739bdf Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet. 2010-12-08 23:52:31 +00:00
Bernardo Damele
10ef2b5de8 Minor bug fix 2010-12-08 23:09:42 +00:00
Miroslav Stampar
54f6673609 update 2010-12-08 22:38:26 +00:00
Miroslav Stampar
d6077273e0 update 2010-12-08 22:14:42 +00:00
Miroslav Stampar
258e9fb50e fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied) 2010-12-08 21:16:18 +00:00
Miroslav Stampar
81c16926c1 code refactoring some more 2010-12-08 14:46:07 +00:00
Miroslav Stampar
40fadf2f35 minor update 2010-12-08 14:33:10 +00:00
Miroslav Stampar
95b48746a6 cosmetics 2010-12-08 14:29:09 +00:00
Miroslav Stampar
ed09c53ee4 minor minor update 2010-12-08 14:27:37 +00:00
Miroslav Stampar
01cf1394a4 code refactoring 2010-12-08 14:26:40 +00:00
Miroslav Stampar
af22679605 minor update 2010-12-08 13:09:27 +00:00
Miroslav Stampar
6223f25dd9 code beautification 2010-12-08 13:04:48 +00:00
Miroslav Stampar
64cc2588f1 now resume is available for time-based blinds too 2010-12-08 12:49:26 +00:00
Miroslav Stampar
537b619165 removing junk 2010-12-08 12:30:25 +00:00
Miroslav Stampar
b5e45939e3 sqlmap premiere of blind time based query/bisection 2010-12-08 12:28:54 +00:00
Miroslav Stampar
47bb31fb47 code refactoring 2010-12-08 11:30:25 +00:00
Miroslav Stampar
1ae2fa7f1a update regarding time based payloads 2010-12-08 11:26:54 +00:00
Miroslav Stampar
bdff4aba6a switching to quick_ratio 2010-12-07 23:57:43 +00:00
Miroslav Stampar
c1b82cf09c ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results 2010-12-07 23:53:44 +00:00
Miroslav Stampar
a4a63f5b1e minor update 2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) 2010-12-07 23:32:33 +00:00
Miroslav Stampar
b21eb88905 minor update 2010-12-07 22:45:38 +00:00
Miroslav Stampar
575e50673b minor update 2010-12-07 19:27:01 +00:00
Miroslav Stampar
398b82644a little explanation 2010-12-07 19:25:26 +00:00
Miroslav Stampar
dc651d59ec little mathematics here and there (used "Rules for normally distributed data") 2010-12-07 19:19:12 +00:00
Bernardo Damele
ee72838231 Removed debug print 2010-12-07 17:19:29 +00:00
Bernardo Damele
5f97312f29 Minor fix 2010-12-07 17:17:38 +00:00
Bernardo Damele
81e7465ed2 Cosmetics 2010-12-07 17:16:21 +00:00
Miroslav Stampar
ecd4a5a532 added standard deviation check in time based tests 2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec more advanced time technique(s) 2010-12-07 16:04:53 +00:00
Miroslav Stampar
4959da3ce6 it's a must to double check time based payloads 2010-12-07 14:59:11 +00:00
Miroslav Stampar
e53fef546e update regarding session page templates 2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16 removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session 2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f code refactoring 2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8 Added counter of total HTTP(s) requests done during detection phase 2010-12-07 12:33:47 +00:00
Bernardo Damele
effd2ca0e3 Cosmetics 2010-12-07 12:32:58 +00:00
Miroslav Stampar
2af8835a94 fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter) 2010-12-07 10:57:32 +00:00
Miroslav Stampar
3d87489de5 minor update 2010-12-07 08:05:03 +00:00
Miroslav Stampar
0da1ebde7d introducing PostgreSQL time based blind 2010-12-07 00:51:14 +00:00
Miroslav Stampar
61f82fd274 introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic 2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6 removed ERROR_SPACE 2010-12-06 22:40:07 +00:00
Miroslav Stampar
9ccc8f90a3 minor cosmetic update ("heuristics shows" is not grammatically correct) 2010-12-06 18:47:22 +00:00
Miroslav Stampar
d336f1df23 minor update 2010-12-06 18:44:42 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Miroslav Stampar
27ee9a5ccf minor refactoring 2010-12-06 15:50:19 +00:00
Miroslav Stampar
e8be14e00a minor refactoring 2010-12-06 07:48:14 +00:00
Miroslav Stampar
a43d252ae9 minor update 2010-12-06 00:14:08 +00:00
Miroslav Stampar
5189f138d7 increasing socket timeout in case of time based checks 2010-12-05 23:18:16 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Bernardo Damele
da3fd17fc3 Adjustment to make it work also in OR based injection 2010-12-05 12:24:23 +00:00
Bernardo Damele
41e1b95c6c Minor code refactoring and finally make exploitation work also on OR boolean-based injections 2010-12-05 11:25:44 +00:00
Miroslav Stampar
7a5cd3b35f minor comment update 2010-12-05 11:15:09 +00:00
Bernardo Damele
618b3b0211 Cosmetics 2010-12-05 11:05:57 +00:00
Miroslav Stampar
9e5f933ace some updates 2010-12-04 15:47:02 +00:00
Miroslav Stampar
3f9450b9dc minor fix 2010-12-04 14:43:35 +00:00
Miroslav Stampar
1f795622b3 some fine tuning of dynamicity removing engine 2010-12-04 13:39:35 +00:00
Miroslav Stampar
eeb199375b usage of compiled regexes in case of dynamic markings and other refactoring 2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8 code refactoring 2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9 now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s)) 2010-12-04 10:05:18 +00:00
Miroslav Stampar
b3a094b9d6 fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql') 2010-12-03 22:44:29 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
5d37df6104 Ugly code to set the cookies when got them from a 302 redirect too 2010-12-03 17:41:10 +00:00
Bernardo Damele
9d55c4da87 Done with support for injection in ORDER BY and GROUP BY (hopefully) 2010-12-03 16:12:47 +00:00
Bernardo Damele
91c3cf8fd0 Minor improvement 2010-12-03 16:11:57 +00:00
Bernardo Damele
0e6359ab6e Minor layout adjustment 2010-12-03 16:11:35 +00:00
Bernardo Damele
6e73adec47 Get rid of one useless attribute 2010-12-03 16:11:13 +00:00
Bernardo Damele
126a1479d8 Bug fix for --union-test 2010-12-03 14:57:30 +00:00
Bernardo Damele
11058667e4 Better naming 2010-12-03 14:45:13 +00:00
Bernardo Damele
b824826a89 Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses 2010-12-03 14:39:51 +00:00
Bernardo Damele
bb40ab9fb0 Major bug fix for default boolean-based vector still work and minor adjustments 2010-12-03 14:31:11 +00:00
Miroslav Stampar
612ee08a0b added response time kb attribute 2010-12-03 13:19:34 +00:00
Bernardo Damele
4dec049c22 Major bug fix for test on ORDER BY and GROUP BY clauses. 
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
 2010-12-03 12:00:03 +00:00
Bernardo Damele
827a0aea05 Minor bug fix 2010-12-03 11:15:11 +00:00
Bernardo Damele
7690aa85ce Added a comment needed to understand this hack when looking at the code in a month or so ;) 2010-12-03 11:00:41 +00:00
Bernardo Damele
a9d4b37987 Code cleanup and minor refactoring 2010-12-03 10:51:27 +00:00