Miroslav Stampar
daf5662eab
update
2011-01-14 15:33:49 +00:00
Miroslav Stampar
08f7e20c51
minor code refactoring
2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa
refactoring, code clearing and removal of obsolete switch --longest-common
2011-01-14 14:37:03 +00:00
Miroslav Stampar
676b95b30a
minor code refactoring
2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020
Minor bug fix
2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
ece2eb31ca
minor update
2011-01-13 11:08:29 +00:00
Bernardo Damele
be6e2d6a31
Important bug fix.
...
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
af9725214a
Properly deal with partial (single entry) UNION injections.
...
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
8bdb7ec58c
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
2011-01-12 00:47:39 +00:00
Bernardo Damele
5c7c3c76c3
Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
...
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
2f5995a7eb
Added generic and mysql UNION tests from 1 to 25 columns.
...
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Miroslav Stampar
cc9ca802bf
minor update
2011-01-06 08:54:50 +00:00
Miroslav Stampar
572f403069
update of one thing that was missing
2011-01-03 21:28:22 +00:00
Miroslav Stampar
92e4cdb241
raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic
2011-01-03 14:21:41 +00:00
Miroslav Stampar
3629c2737b
automatically turn on --text-only in case of heavily-dynamicity instead of critical exit
2011-01-03 11:06:49 +00:00
Miroslav Stampar
adc41181e6
some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one
2011-01-03 10:37:20 +00:00
Miroslav Stampar
5860b8942f
minor update
2011-01-03 09:16:42 +00:00
Miroslav Stampar
d19a8d53e4
minor update
2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2
added one new quick check for multiple target(s) mode
2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254
code refactoring
2011-01-02 16:51:21 +00:00
Miroslav Stampar
ec4440108b
minor cosmetics
2011-01-02 07:09:04 +00:00
Miroslav Stampar
428e817a32
some refactoring
2011-01-01 23:57:27 +00:00
Miroslav Stampar
212035e64d
user can now choose if he wants to skip non-heuristic based DBMS tests
2011-01-01 23:38:11 +00:00
Miroslav Stampar
942cbafba6
minor update
2011-01-01 20:19:55 +00:00
Miroslav Stampar
e4fd8b3f0c
(e) finally works as it should
2011-01-01 19:22:44 +00:00
Miroslav Stampar
91f665aaaa
bug fix for Ctrl+C
2010-12-31 15:00:19 +00:00
Miroslav Stampar
613242e298
bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)
2010-12-29 19:48:19 +00:00
Miroslav Stampar
8f32c740ff
code refactoring
2010-12-29 19:39:32 +00:00
Miroslav Stampar
6700cabc36
minor optimization
2010-12-29 19:01:29 +00:00
Miroslav Stampar
569e060aab
important improvement
2010-12-26 13:20:52 +00:00
Miroslav Stampar
96a06351a1
minor fix (in testing phase raise404 should be set to False)
2010-12-24 12:36:00 +00:00
Miroslav Stampar
2c23a59ba5
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)
2010-12-24 12:13:48 +00:00
Miroslav Stampar
aab14fa2d3
minor refactoring/cosmetics
2010-12-24 11:06:57 +00:00
Miroslav Stampar
23dc408901
prioritization of tests based on DBMS error messages and some comments in common.py
2010-12-24 10:55:41 +00:00
Miroslav Stampar
017ea9e686
update
2010-12-23 14:06:22 +00:00
Miroslav Stampar
8fc60215ed
lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.
2010-12-22 19:12:46 +00:00
Miroslav Stampar
08c88495d0
removed that ugly hack
2010-12-22 13:09:04 +00:00
Miroslav Stampar
d974a966b8
minor fix for end phase (Ctrl+C)
2010-12-21 23:55:55 +00:00
Miroslav Stampar
0e68248f60
minor update of heuristic check
2010-12-21 12:56:18 +00:00
Miroslav Stampar
16f1f4e13e
when doing dynamic checks there are cases when 404 can be raised (perfectly normal)
2010-12-21 11:04:49 +00:00
Bernardo Damele
ad6b528b33
Bit more verbose comment
2010-12-21 10:47:39 +00:00
Miroslav Stampar
e10670d9ac
added end detection phase choice into Ctrl+C list
2010-12-20 23:34:00 +00:00
Miroslav Stampar
b34fe5c334
no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout)
2010-12-20 22:49:48 +00:00
Miroslav Stampar
eaf8929085
more minor updates
2010-12-20 10:48:53 +00:00
Miroslav Stampar
e9f1ecb9e7
minor update
2010-12-20 10:32:58 +00:00
Miroslav Stampar
10a7a2dfb2
kids, don't use this at home
2010-12-20 10:13:14 +00:00
Miroslav Stampar
4cb83654dc
minor update
2010-12-18 16:28:21 +00:00
Miroslav Stampar
05c6d661e8
cosmetics
2010-12-18 10:49:49 +00:00
Miroslav Stampar
03220d34ba
added Ctrl+C check in detection phase
2010-12-18 10:42:09 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
323af45ce4
added one more time request payload to confirm test results
2010-12-17 07:53:58 +00:00
Miroslav Stampar
d5fb921154
removed debug print
2010-12-09 20:08:59 +00:00
Miroslav Stampar
0eb2c408a9
code refactoring
2010-12-09 16:49:02 +00:00
Bernardo Damele
df5f6bc1b7
Little precaution
2010-12-09 14:06:43 +00:00
Bernardo Damele
5fb04515d3
Added hidden (for the moment) switch --technique
2010-12-09 13:47:17 +00:00
Bernardo Damele
0c01be0eeb
Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).
2010-12-09 00:34:02 +00:00
Bernardo Damele
9c61adb21d
Cosmetics
2010-12-09 00:26:06 +00:00
Bernardo Damele
10ef2b5de8
Minor bug fix
2010-12-08 23:09:42 +00:00
Miroslav Stampar
81c16926c1
code refactoring some more
2010-12-08 14:46:07 +00:00
Miroslav Stampar
ed09c53ee4
minor minor update
2010-12-08 14:27:37 +00:00
Miroslav Stampar
1ae2fa7f1a
update regarding time based payloads
2010-12-08 11:26:54 +00:00
Miroslav Stampar
a4a63f5b1e
minor update
2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
2010-12-07 23:32:33 +00:00
Miroslav Stampar
575e50673b
minor update
2010-12-07 19:27:01 +00:00
Miroslav Stampar
398b82644a
little explanation
2010-12-07 19:25:26 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Bernardo Damele
ee72838231
Removed debug print
2010-12-07 17:19:29 +00:00
Bernardo Damele
5f97312f29
Minor fix
2010-12-07 17:17:38 +00:00
Miroslav Stampar
ecd4a5a532
added standard deviation check in time based tests
2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
4959da3ce6
it's a must to double check time based payloads
2010-12-07 14:59:11 +00:00
Miroslav Stampar
e53fef546e
update regarding session page templates
2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f
code refactoring
2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8
Added counter of total HTTP(s) requests done during detection phase
2010-12-07 12:33:47 +00:00
Miroslav Stampar
3d87489de5
minor update
2010-12-07 08:05:03 +00:00
Miroslav Stampar
0da1ebde7d
introducing PostgreSQL time based blind
2010-12-07 00:51:14 +00:00
Miroslav Stampar
61f82fd274
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6
removed ERROR_SPACE
2010-12-06 22:40:07 +00:00
Miroslav Stampar
9ccc8f90a3
minor cosmetic update ("heuristics shows" is not grammatically correct)
2010-12-06 18:47:22 +00:00
Miroslav Stampar
d336f1df23
minor update
2010-12-06 18:44:42 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Miroslav Stampar
27ee9a5ccf
minor refactoring
2010-12-06 15:50:19 +00:00
Miroslav Stampar
5189f138d7
increasing socket timeout in case of time based checks
2010-12-05 23:18:16 +00:00
Miroslav Stampar
7a5cd3b35f
minor comment update
2010-12-05 11:15:09 +00:00
Bernardo Damele
618b3b0211
Cosmetics
2010-12-05 11:05:57 +00:00
Miroslav Stampar
9e5f933ace
some updates
2010-12-04 15:47:02 +00:00
Miroslav Stampar
1f795622b3
some fine tuning of dynamicity removing engine
2010-12-04 13:39:35 +00:00
Miroslav Stampar
eeb199375b
usage of compiled regexes in case of dynamic markings and other refactoring
2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8
code refactoring
2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
2010-12-04 10:05:18 +00:00
Bernardo Damele
11058667e4
Better naming
2010-12-03 14:45:13 +00:00
Bernardo Damele
b824826a89
Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses
2010-12-03 14:39:51 +00:00
Bernardo Damele
bb40ab9fb0
Major bug fix for default boolean-based vector still work and minor adjustments
2010-12-03 14:31:11 +00:00
Miroslav Stampar
612ee08a0b
added response time kb attribute
2010-12-03 13:19:34 +00:00
Bernardo Damele
4dec049c22
Major bug fix for test on ORDER BY and GROUP BY clauses.
...
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
2010-12-03 12:00:03 +00:00
Bernardo Damele
7d6f51f758
Avoid blank space between prefix and test's payload if it's a stacked queries test
2010-12-03 10:42:46 +00:00
Bernardo Damele
283a04e29a
On my way to properly parse test's <where> tag in exploitation phase
2010-12-01 23:32:58 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
56d2b2f322
Avoid storing to session file also payload delimiters
2010-12-01 10:55:59 +00:00
Bernardo Damele
8d84dcc5dc
More sense
2010-12-01 09:17:17 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Miroslav Stampar
47a7708950
minor improvement of dynamic content detection/removal part
2010-11-30 12:45:42 +00:00
Miroslav Stampar
e735f2960a
minor update
2010-11-29 15:25:45 +00:00
Miroslav Stampar
70e87d959e
update of dynamicity engine
2010-11-29 15:14:49 +00:00
Bernardo Damele
ee4e04ebca
Minor adjustment
2010-11-29 15:09:40 +00:00
Bernardo Damele
2efb3b78ea
Consider also --dbms value during the detection phase
2010-11-29 14:48:07 +00:00
Miroslav Stampar
be6df7abd9
improvement of dynamicity engine
2010-11-29 14:30:57 +00:00
Bernardo Damele
6525e08d6b
Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values
2010-11-29 12:13:42 +00:00
Bernardo Damele
9d7087e2ff
Proper saving and resuming when more than a parameter are injectable.
...
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Bernardo Damele
75f7df75b6
Minor fix
2010-11-28 23:33:51 +00:00
Bernardo Damele
472f4465a6
Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
...
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Miroslav Stampar
6232397129
minor update
2010-11-16 10:52:49 +00:00
Miroslav Stampar
6ef3846400
update regarding error parsing (and reporting)
2010-11-16 10:42:42 +00:00
Miroslav Stampar
b3ad63b71e
major bug fix (haven't applied dynamic content removal to the original comparison (conf.seqMatcher.a) page)
2010-11-15 14:59:37 +00:00
Miroslav Stampar
39c6c9f386
minor update
2010-11-15 12:19:22 +00:00
Miroslav Stampar
84849316b3
improvement of heuristic check (now original value is included too)
2010-11-12 23:06:01 +00:00
Miroslav Stampar
0d66f101da
fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)
2010-11-12 22:29:33 +00:00
Miroslav Stampar
96d88877ba
bug fix (reported by ToR)
2010-11-10 19:44:51 +00:00
Miroslav Stampar
6807fb04cc
minor update
2010-11-09 22:44:23 +00:00
Miroslav Stampar
fef60d5cb7
some fixes :)
2010-11-09 22:32:05 +00:00
Bernardo Damele
2205099a5e
Python stylish
2010-11-09 21:39:05 +00:00
Miroslav Stampar
cee888b613
tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)
2010-11-09 19:14:55 +00:00
Miroslav Stampar
fda8752dca
revert of some HTTP headers handling
2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483
More replacements for refactoring.
...
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
0d0e2a2228
minor update
2010-11-08 09:49:57 +00:00
Miroslav Stampar
4f346eab33
fix for resume from session
2010-11-07 23:25:53 +00:00
Bernardo Damele
9669dbdae1
Minor cosmetics and adjustments
2010-11-07 15:34:52 +00:00
Miroslav Stampar
2b8c942b4a
more update
2010-11-07 08:58:24 +00:00
Miroslav Stampar
00dfd55830
added powerful switch --longest-common for dealing with heavy dynamicity
2010-11-07 08:52:09 +00:00
Miroslav Stampar
508b9cc763
dynamicity engine update
2010-11-07 00:12:00 +00:00
Miroslav Stampar
3619fc5127
minor update
2010-11-06 08:31:11 +00:00
Miroslav Stampar
0e895fa512
update of dynamicity testing and few misc fixes
2010-11-05 13:14:12 +00:00
Miroslav Stampar
e1cec8c02b
fix for all that stable, dynamic mambo jambo :)
2010-11-04 16:44:34 +00:00
Miroslav Stampar
efe75aa8a3
added some debug messages
2010-11-04 09:18:32 +00:00
Miroslav Stampar
71d0b1bcd7
several bug fixes
2010-11-03 21:51:36 +00:00
Miroslav Stampar
13e93f564a
one bug fix in dynamic content engine and some code refactoring
2010-11-02 07:32:08 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Miroslav Stampar
5cc1bd8a12
major fix for heuristic check
2010-10-27 08:27:31 +00:00
Miroslav Stampar
73eea81b3a
minor cosmetics
2010-10-25 19:45:53 +00:00
Miroslav Stampar
d7bf94d4d6
fix for --beep
2010-10-25 19:16:42 +00:00
Miroslav Stampar
24c5d7b313
code refactoring
2010-10-25 14:06:56 +00:00
Miroslav Stampar
9c94a233a1
conf.md5hash thrown out
2010-10-25 13:52:21 +00:00
Miroslav Stampar
8df7c88174
implementation of a new dynamic content removal engine
2010-10-25 10:41:37 +00:00
Miroslav Stampar
52f910f752
added --beep (tested on Windows and Linux; for now turned off) switch
2010-10-23 09:38:46 +00:00
Bernardo Damele
0817d1b78d
Cosmetics
2010-10-19 23:09:30 +00:00