| 
							
							
								 Miroslav Stampar | 8aa5625cd0 | proper fix related to the last commit | 2011-06-01 23:00:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fd57aae779 | bug fix (until this moment we had UNION unfunctional for MSSQL) | 2011-06-01 22:47:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b7088440c2 | better sentence | 2011-05-30 22:47:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a8b58afdb2 | minor update | 2011-05-27 08:21:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 48f52d7697 | minor beautification | 2011-05-27 08:16:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 45caadbd4a | important update - finally found what was causing headache for UNION payloads in noticeable number of cases | 2011-05-26 21:54:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 97bd5355dd | minor update | 2011-05-26 21:18:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5d56e89cf5 | minor update | 2011-05-26 21:08:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 06108b6da6 | minor update related to the last commit | 2011-05-26 20:58:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4f46a5ab63 | minor usability enhancement regarding warning for --text-only switch | 2011-05-26 20:48:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a1fd2898a0 | added friendly tip message for url encoding GET and POST payloads | 2011-05-25 11:10:52 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bec2c04671 | helping dummy users | 2011-05-24 17:15:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | faa74cd2bc | introducing results file for multiple target mode | 2011-05-15 22:21:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f11d5c91e3 | minor update so that only one DNS request per scan is being done (before this commit there were two) | 2011-05-12 14:32:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 120b0d756e | unfix | 2011-05-10 21:33:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | deae534ee7 | minor refactoring | 2011-05-10 20:44:36 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3a8309c4b0 | Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches | 2011-05-10 15:34:54 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9955483052 | Major improvement for --dump. Minor improvement for --dump-all.
Minor bug fix for infinite loop | 2011-05-08 02:08:18 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 8179fd63c0 | Minor fix | 2011-05-07 23:48:03 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 1151af52bb | More fix for save/resume of --technique | 2011-05-07 21:08:14 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | aae140080e | SVN roll back, DB2 patch will be recommitted after testing: $ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 . | 2011-05-06 10:27:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6e392b6054 | applying contributed patch for DB2 | 2011-05-06 09:30:39 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 2d8408c885 | More fix for --technique resume | 2011-05-05 16:38:46 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6cff3e97f4 | cosmetics | 2011-05-02 21:48:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 06498796b9 | minor cosmetics | 2011-05-02 20:51:53 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 955dbc85e7 | Minor variable rename | 2011-04-30 15:29:59 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f56d135438 | Minor code restyling | 2011-04-30 13:20:05 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | a5968fff3e | Added --count switch to count the number of entries for a specific table (when -T is provided), all database's tables (when only -D is provided) or all databases' tables when neither -D nor -T are provided | 2011-04-30 00:22:22 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | a23ca952e4 | Actually brute-force switches make more sense just after their "normal" version. Also, getSchema() method is preferably to be called before getColumns(), see next commit for reason | 2011-04-29 21:09:07 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | edac0b2558 | Added switch --schema to enumerate DBMS schema and now --columns does not require a mandatory table (-T) anymore, instead it will act as an alias for --schema | 2011-04-28 23:59:00 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 441c288dd9 | cosmeticados | 2011-04-25 00:36:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7b3b9e6a87 | it seems that this was indeed not meant to be here | 2011-04-22 15:07:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 304500a2e8 | implemented checkFalsePositives method (simple Turing like tests) | 2011-04-22 12:24:16 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | eabb5a2ba7 | More adjustments to the error message when no sql injections are detected | 2011-04-21 22:04:20 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6d07dddf60 | updated doc and minor layout adjustments | 2011-04-21 21:53:35 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 770b1523ff | More verbose output when no SQL injections are detected | 2011-04-21 21:31:16 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | edc2d75702 | Cosmetics and major bug fix | 2011-04-21 21:15:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | df0331fe9b | some more refactoring | 2011-04-19 23:04:10 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9b0db33cc5 | initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model | 2011-04-19 08:55:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0387654166 | update of copyright string (until year) | 2011-04-15 12:33:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 21114d1748 | added IGNORE_PARAMETERS to skip testing of state/session web server parameters | 2011-04-13 19:01:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2db2e9b6a2 | now GET forms are also prone to "do you want to fill with random values" | 2011-04-11 11:38:41 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 5b21352656 | cosmeticados ;) | 2011-04-08 10:39:07 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c6b9d89d31 | Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly | 2011-04-07 11:10:35 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 05d12790f1 | closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message) | 2011-04-06 14:41:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bbd4c128b0 | minor update related to the last commit | 2011-04-01 22:19:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0916117447 | improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names | 2011-03-30 18:32:10 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dd01d66f13 | proper update regarding last commit | 2011-03-29 22:10:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4d78eac938 | revert of that thingy as requested by Bernardo | 2011-03-29 10:06:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e8debbe724 | minor cosmetics and one minor fix (|= is a nono with None) | 2011-03-29 06:38:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 86f93713d3 | fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update | 2011-03-29 06:25:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bf0e3c4662 | improvement for --forms with empty fields | 2011-03-28 22:48:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1e22ff45de | minor update regarding testing of GET parameters if --data and/or --forms is used | 2011-03-28 16:14:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bd75fd26e9 | implementing a --page-rank switch as requested by l0rda@l0rda.biz | 2011-03-23 11:57:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b5c9ccb755 | Oracle XML based error payload has problems with char $ as with space | 2011-03-21 13:13:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 970cde5a8a | minor update regarding last commit | 2011-03-17 09:23:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e64f225e65 | minor refactoring | 2011-03-11 20:16:34 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8edc3b3302 | further update regarding last commit | 2011-03-03 10:39:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 90582ed7dc | minor change | 2011-02-21 11:35:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6cdf08b81c | minor fix | 2011-02-17 21:51:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 22cd49a217 | --technique can now be something like 123 which includes both techniques 1, 2 and 3 | 2011-02-17 21:39:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7ebc1ab90a | minor cosmetics | 2011-02-17 08:59:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 50d25c3b4d | update regarding explicit testing of ua and referer when using -p | 2011-02-13 21:58:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5fb11fd173 | update regarding multiple DBMS payloads | 2011-02-13 21:20:21 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 45a005737d | Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2 | 2011-02-13 21:08:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 521635c84d | quick fix for UA and Referer | 2011-02-11 23:36:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 535eb9f3eb | implementation of referer feature | 2011-02-11 23:07:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a6ab24e0b5 | just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed | 2011-02-10 22:47:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0a81415f2f | Minor code cleanup | 2011-02-08 00:02:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2c4f6d2e99 | fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too | 2011-02-07 21:53:05 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a577d0e9a5 | restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary) | 2011-02-07 21:18:01 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 061f56daf9 | More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload. | 2011-02-06 23:27:56 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0800d9e49b | Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() | 2011-02-06 22:58:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 078a2207cc | few reverts | 2011-02-06 22:10:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b9b2fe0e7c | little cleanup | 2011-02-06 21:52:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d2b96a66a2 | one more update regarding last few "unescape" related commits | 2011-02-06 20:23:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c44978862e | Minor reordering of what gets saved into the injection object | 2011-02-06 15:20:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b56a77e573 | removing obsolete switches (--threshold, --excl-reg, --excl-str) | 2011-02-03 15:55:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8134c2154a | adding WHERE enum for payloads | 2011-02-02 13:34:09 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | d875d848ce | Better sort | 2011-02-01 22:04:48 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6761933f75 | Just.. cosmetics ;) | 2011-01-31 22:51:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fa58a9c86b | update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) | 2011-01-31 20:36:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8ef47307db | added checking of header values for GREP (error); still UNION to do | 2011-01-31 12:21:17 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 8278d821ac | Another layout adjustment | 2011-01-30 16:23:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 367d0639f0 | refactoring (class names should always be Capital cased) | 2011-01-28 16:36:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8e74c571bc | centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels | 2011-01-27 19:44:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 10b723f196 | minor fix for a bug reported by yonnym@googlemail.com | 2011-01-25 22:26:28 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | e1db2700f0 | Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads | 2011-01-24 12:25:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7c4c79477d | world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) | 2011-01-21 18:32:10 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9770db597e | Centralization of unescape() | 2011-01-20 21:55:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 496a84c356 | minor update | 2011-01-20 18:32:04 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | bade0e3124 | Major code refactoring - centralized all kb.dbms* info for both retrieval and set. | 2011-01-19 23:06:15 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | eda0b41859 | Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup | 2011-01-18 23:03:50 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c2a358561f | Proper support for --union-cols | 2011-01-17 22:57:33 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 47565f9459 | Minor code refactoring | 2011-01-17 21:13:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f5e36876e7 | removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency | 2011-01-16 19:29:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 718eef8753 | minor fix | 2011-01-16 18:11:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ec1ab3cd2a | removing timeSec from injection configuration attributes as it highly depends on current connection "variables" | 2011-01-16 12:12:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 71391874eb | slightly faster and thread safer inference | 2011-01-16 10:52:42 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0fc4ebdc1b | Major bug fix. Minor code refactoring. | 2011-01-16 01:17:09 +00:00 |  |