Miroslav Stampar
|
aa5d038f18
|
more code refactoring
|
2010-11-23 14:50:47 +00:00 |
|
Miroslav Stampar
|
3cae76627c
|
code refactoring regarding dictionary attack
|
2010-11-23 13:58:01 +00:00 |
|
Miroslav Stampar
|
ba4ea32603
|
first working version of dictionary attack
|
2010-11-23 13:24:02 +00:00 |
|
Miroslav Stampar
|
c471b815cc
|
fix for a bug reported by BugTrace (IndexError: list index out of range)
|
2010-11-22 10:58:08 +00:00 |
|
Bernardo Damele
|
99a23e23cf
|
Extra check on --union-cols value
|
2010-11-19 16:39:26 +00:00 |
|
Bernardo Damele
|
c23126547e
|
Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.
|
2010-11-19 15:48:24 +00:00 |
|
Bernardo Damele
|
ad17e9ed2a
|
Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)
|
2010-11-19 14:56:20 +00:00 |
|
Miroslav Stampar
|
d97e97d884
|
minor update :)
|
2010-11-19 09:02:44 +00:00 |
|
Bernardo Damele
|
4a9bd3a240
|
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
|
2010-11-18 17:55:43 +00:00 |
|
Bernardo Damele
|
544327379f
|
Little precaution
|
2010-11-18 14:32:52 +00:00 |
|
Bernardo Damele
|
f6a17cb1a8
|
Revert wrong fix
|
2010-11-18 10:41:06 +00:00 |
|
Bernardo Damele
|
17486e472a
|
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
|
2010-11-17 22:00:09 +00:00 |
|
Miroslav Stampar
|
ca5125bbe0
|
minor update related to r2401
|
2010-11-17 20:50:31 +00:00 |
|
Bernardo Damele
|
360aff7a4d
|
sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle
|
2010-11-17 17:20:32 +00:00 |
|
Miroslav Stampar
|
a0df36beda
|
when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared)
|
2010-11-17 15:33:07 +00:00 |
|
Miroslav Stampar
|
d757e4ae1c
|
bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs)
|
2010-11-17 09:46:04 +00:00 |
|
Miroslav Stampar
|
2a8e270bef
|
proper handling of carriage return character from Windows target machines
|
2010-11-16 15:11:03 +00:00 |
|
Miroslav Stampar
|
ab33651f96
|
minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior)
|
2010-11-16 15:02:22 +00:00 |
|
Miroslav Stampar
|
3487429eac
|
minor cosmetics
|
2010-11-16 14:41:46 +00:00 |
|
Miroslav Stampar
|
cccb565859
|
cosmetics
|
2010-11-16 14:11:32 +00:00 |
|
Miroslav Stampar
|
b9d9f18939
|
added General cmdline group
|
2010-11-16 14:09:09 +00:00 |
|
Miroslav Stampar
|
e7a66371f8
|
update regarding os shell-ing regarding JSP and ASPX
|
2010-11-16 13:46:46 +00:00 |
|
Miroslav Stampar
|
6ef3846400
|
update regarding error parsing (and reporting)
|
2010-11-16 10:42:42 +00:00 |
|
Miroslav Stampar
|
ff310475c8
|
some reporting update for --forms
|
2010-11-15 14:17:51 +00:00 |
|
Miroslav Stampar
|
20d6b9a5c1
|
minor fix
|
2010-11-15 12:24:32 +00:00 |
|
Miroslav Stampar
|
819085155e
|
minor update/fix
|
2010-11-15 12:07:13 +00:00 |
|
Miroslav Stampar
|
c25c017c08
|
cosmetics regarding --forms
|
2010-11-15 11:50:33 +00:00 |
|
Miroslav Stampar
|
36c544f440
|
update (--forms acts now more like -g switch)
|
2010-11-15 11:34:57 +00:00 |
|
Bernardo Damele
|
5f46a549ba
|
Cosmetics for --forms
|
2010-11-14 21:59:35 +00:00 |
|
Bernardo Damele
|
8d07272c82
|
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.
Now stores/resumes also the exact UNION payload to session file.
|
2010-11-13 23:24:41 +00:00 |
|
Bernardo Damele
|
a777d59870
|
Minor bug fix
|
2010-11-12 15:17:12 +00:00 |
|
Bernardo Damele
|
0a83a830d9
|
Properly handle both HTTPS and HTTP requests through proxy
|
2010-11-12 14:21:46 +00:00 |
|
Bernardo Damele
|
e1ef27f592
|
work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https
|
2010-11-12 12:25:02 +00:00 |
|
Bernardo Damele
|
9f53048ff4
|
Put a space always between the user's provided prefix and sqlmap payload
|
2010-11-12 11:48:26 +00:00 |
|
Miroslav Stampar
|
697b32554c
|
fix for a bug "ordinal not in range(128)" reported by bugtrace
|
2010-11-12 11:48:25 +00:00 |
|
Bernardo Damele
|
a34c1b287c
|
Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)
|
2010-11-12 11:33:11 +00:00 |
|
Bernardo Damele
|
8cec75656c
|
Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp)
|
2010-11-12 10:31:42 +00:00 |
|
Bernardo Damele
|
66c82d72e4
|
Typo fix
|
2010-11-12 10:02:02 +00:00 |
|
Miroslav Stampar
|
8aefd0bbf7
|
improvement of --common-tables and --common-columns
|
2010-11-11 20:37:25 +00:00 |
|
Miroslav Stampar
|
24238ccd0b
|
re-renaming of brute force switches. this way is better.
|
2010-11-11 07:57:44 +00:00 |
|
Miroslav Stampar
|
96d88877ba
|
bug fix (reported by ToR)
|
2010-11-10 19:44:51 +00:00 |
|
Miroslav Stampar
|
88c00e61d3
|
another update
|
2010-11-09 23:35:37 +00:00 |
|
Miroslav Stampar
|
5ebd5d935c
|
another name change
|
2010-11-09 22:49:31 +00:00 |
|
Miroslav Stampar
|
06f00cf8c1
|
name change
|
2010-11-09 22:48:22 +00:00 |
|
Miroslav Stampar
|
fef60d5cb7
|
some fixes :)
|
2010-11-09 22:32:05 +00:00 |
|
Miroslav Stampar
|
726825ca70
|
minor update
|
2010-11-09 16:59:36 +00:00 |
|
Miroslav Stampar
|
b43334165d
|
update regarding brute forcing
|
2010-11-09 16:53:33 +00:00 |
|
Miroslav Stampar
|
a7fa8d4975
|
update regarding brute force retrieval of table names and table column names
|
2010-11-09 16:15:55 +00:00 |
|
Miroslav Stampar
|
7752b5efe9
|
minor update
|
2010-11-09 09:51:54 +00:00 |
|
Miroslav Stampar
|
221f976fbd
|
minor update
|
2010-11-09 01:23:54 +00:00 |
|