Miroslav Stampar
5bdb50c224
code review part 3
2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7
code reviewing part 2
2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c
code review of modules in lib/core directory
2011-01-15 12:13:45 +00:00
Miroslav Stampar
daf5662eab
update
2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d
Code cleanup
2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51
minor code refactoring
2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa
refactoring, code clearing and removal of obsolete switch --longest-common
2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc
Minor bug fix
2011-01-14 14:20:28 +00:00
Bernardo Damele
3c95d71ea5
Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase
2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7
Minor bug fix
2011-01-14 09:49:14 +00:00
Miroslav Stampar
676b95b30a
minor code refactoring
2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020
Minor bug fix
2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
b0fdbdb13b
minor update
2011-01-13 15:15:56 +00:00
Bernardo Damele
877ea31521
Verbose docstring
2011-01-13 12:05:14 +00:00
Miroslav Stampar
ac5b49f555
update
2011-01-13 11:24:03 +00:00
Bernardo Damele
af4ee81e62
Cosmetics
2011-01-13 11:23:07 +00:00
Miroslav Stampar
ece2eb31ca
minor update
2011-01-13 11:08:29 +00:00
Bernardo Damele
ca33728fbc
Minor fix to avoid query splitting/unpacking when the statement is EXISTS()
2011-01-13 10:00:40 +00:00
Bernardo Damele
be6e2d6a31
Important bug fix.
...
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
b3a0f38f3f
Minor code refactoring and added internal debug prints
2011-01-12 12:03:23 +00:00
Bernardo Damele
af9725214a
Properly deal with partial (single entry) UNION injections.
...
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
3cff42986f
Code cleanup
2011-01-12 01:17:04 +00:00
Bernardo Damele
8a67aea754
One more step to fully working UNION exploitation after merge into detection phase
2011-01-12 01:13:32 +00:00
Bernardo Damele
b5c6f7556f
Minor update
2011-01-12 00:53:48 +00:00
Bernardo Damele
8bdb7ec58c
Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet.
2011-01-12 00:47:39 +00:00
Bernardo Damele
c2e994e806
Minor adjustment
2011-01-11 23:56:04 +00:00
Bernardo Damele
5c7c3c76c3
Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
...
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
2f5995a7eb
Added generic and mysql UNION tests from 1 to 25 columns.
...
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c
First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
...
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Bernardo Damele
06230e4d92
Minor code refactoring and cosmetics
2011-01-11 21:46:21 +00:00
Miroslav Stampar
394b6bc029
reverting some changes
2011-01-11 12:11:33 +00:00
Miroslav Stampar
54e0ba935a
minor update
2011-01-11 12:08:36 +00:00
Miroslav Stampar
690281dce1
didn't know this to be honest
2011-01-11 10:17:22 +00:00
Miroslav Stampar
0676b38063
revert of one thing for Bernardo and minor update
2011-01-10 10:30:17 +00:00
Miroslav Stampar
77b51dae57
adding openFile method with an exception block around file opening part
2011-01-08 09:30:10 +00:00
Bernardo Damele
97ae7e330f
cosmetics
2011-01-07 17:10:58 +00:00
Bernardo Damele
e373dac1f2
Cosmetics
2011-01-07 16:50:39 +00:00
Miroslav Stampar
c17714c423
suppress session in case of brute methods
2011-01-07 16:47:46 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Miroslav Stampar
1a079c62cb
minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)
2011-01-07 16:08:01 +00:00
Bernardo Damele
1c86ec374e
Code refactoring and cosmetics
2011-01-07 15:41:09 +00:00
Miroslav Stampar
a8d660db54
fixes for bugs reported by pragmatk@gmail.com
2011-01-06 16:59:58 +00:00
Miroslav Stampar
cc9ca802bf
minor update
2011-01-06 08:54:50 +00:00
Miroslav Stampar
1297df66da
fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed)
2011-01-06 08:04:59 +00:00
Miroslav Stampar
694a65f6f1
minor fix/update
2011-01-05 13:32:40 +00:00
Miroslav Stampar
7ae5192070
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
2011-01-05 10:25:07 +00:00
Miroslav Stampar
c83e9f6ca5
foundation for filtering binary string values (for example, replacement of non readable chars with #)
2011-01-04 21:56:37 +00:00
Miroslav Stampar
aa81ed4033
implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)
2011-01-04 15:49:20 +00:00
Miroslav Stampar
fdc463d08b
fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)
2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e
important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)
2011-01-03 22:02:58 +00:00
Miroslav Stampar
92e4cdb241
raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic
2011-01-03 14:21:41 +00:00
Miroslav Stampar
d19a8d53e4
minor update
2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2
added one new quick check for multiple target(s) mode
2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254
code refactoring
2011-01-02 16:51:21 +00:00
Miroslav Stampar
f762f32de8
bug fix for proper --parse-errors on .aspx pages
2011-01-02 13:00:04 +00:00
Miroslav Stampar
dce9a762f1
important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode
2011-01-02 10:37:32 +00:00
Miroslav Stampar
6651ba05eb
another fix (OS was set to None at all previous sessions if there was no explicit OS testing done)
2011-01-02 08:08:38 +00:00
Miroslav Stampar
da138c46c1
added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)
2011-01-02 07:37:47 +00:00
Miroslav Stampar
428e817a32
some refactoring
2011-01-01 23:57:27 +00:00
Miroslav Stampar
212035e64d
user can now choose if he wants to skip non-heuristic based DBMS tests
2011-01-01 23:38:11 +00:00
Miroslav Stampar
0e815177c8
minor update
2011-01-01 19:07:40 +00:00
Miroslav Stampar
613242e298
bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)
2010-12-29 19:48:19 +00:00
Miroslav Stampar
8f32c740ff
code refactoring
2010-12-29 19:39:32 +00:00
Miroslav Stampar
93838fb155
"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)
2010-12-28 14:40:34 +00:00
Miroslav Stampar
9fb0e0fc85
resume of brute forced data is now available
2010-12-27 14:17:20 +00:00
Miroslav Stampar
51a492e17d
pretty important commit (now dumped tables are prone to dictionary attack)
2010-12-27 10:56:28 +00:00
Miroslav Stampar
269d6bde24
this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion)
2010-12-27 00:14:29 +00:00
Miroslav Stampar
89c2640d23
basic --search now works with MS Access
2010-12-26 23:50:16 +00:00
Miroslav Stampar
ceeb6374e8
bug fix (TypeError: object of type 'NoneType' has no len())
2010-12-26 13:27:24 +00:00
Miroslav Stampar
569e060aab
important improvement
2010-12-26 13:20:52 +00:00
Miroslav Stampar
a555d1ad68
minor improvement
2010-12-26 11:15:02 +00:00
Miroslav Stampar
562a6440d1
fix for a bug reported by nightman (same as http://bugs.python.org/issue8797 )
2010-12-26 09:33:04 +00:00
Miroslav Stampar
b472b96f92
bug fix, refactoring and improved extractErrorMessage capabilities
2010-12-25 10:16:20 +00:00
Miroslav Stampar
2c23a59ba5
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)
2010-12-24 12:13:48 +00:00
Miroslav Stampar
aab14fa2d3
minor refactoring/cosmetics
2010-12-24 11:06:57 +00:00
Miroslav Stampar
23dc408901
prioritization of tests based on DBMS error messages and some comments in common.py
2010-12-24 10:55:41 +00:00
Miroslav Stampar
d9f08e4aa3
randomization of user agents
2010-12-24 10:04:27 +00:00
Miroslav Stampar
d5eebb1cbf
fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6
2010-12-24 09:49:19 +00:00
Miroslav Stampar
017ea9e686
update
2010-12-23 14:06:22 +00:00
Miroslav Stampar
73f33c1999
bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)
2010-12-23 11:28:13 +00:00
Miroslav Stampar
7c06dbffc3
bug fix (AttributeError: 'unicode' object has no attribute 'sort')
2010-12-22 18:55:50 +00:00
Bernardo Damele
c1f2534e9a
More bug fixes to properly distinguish between full inband and single-entry inband sql injections
2010-12-22 15:47:52 +00:00
Miroslav Stampar
8212b7b745
bug fix
2010-12-22 12:16:04 +00:00
Miroslav Stampar
5be9c04e44
update regarding Sybase syntax
2010-12-22 10:39:56 +00:00
Miroslav Stampar
d974a966b8
minor fix for end phase (Ctrl+C)
2010-12-21 23:55:55 +00:00
Miroslav Stampar
fb75d0636b
minor update
2010-12-21 23:42:59 +00:00
Miroslav Stampar
09479c85dc
minor bug fix
2010-12-21 22:35:44 +00:00
Miroslav Stampar
7a525f28d4
cosmetics
2010-12-21 15:26:23 +00:00
Miroslav Stampar
b2e7f9484d
minor tuning (2 techniques MAX per value used)
2010-12-21 15:24:14 +00:00
Miroslav Stampar
6c1133c4d4
some code refactoring
2010-12-21 15:13:13 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Bernardo Damele
aca074b769
Removed unused outdated code
2010-12-21 10:49:52 +00:00
Miroslav Stampar
6b37ddada4
removed some blank trailing spaces (with extra/shutils/blanks.sh)
2010-12-21 10:31:56 +00:00
Bernardo Damele
1a3f57e5fe
Cosmetics
2010-12-21 09:23:00 +00:00
Miroslav Stampar
116c141dfa
another fix
2010-12-21 00:47:07 +00:00
Miroslav Stampar
8067365b93
fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident')
2010-12-20 23:47:53 +00:00
Miroslav Stampar
8fd3e7ba1f
thread based data added
2010-12-20 22:45:01 +00:00
Miroslav Stampar
c9e8aae8a2
we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads)
2010-12-20 19:34:41 +00:00
Miroslav Stampar
e09bc2406c
minor refactoring
2010-12-20 19:24:20 +00:00
Miroslav Stampar
5852bad963
some refactoring
2010-12-20 18:56:06 +00:00
Miroslav Stampar
19d8733e9a
this is strictly for educational purposes
2010-12-20 17:30:47 +00:00
Miroslav Stampar
13d5b2c0ff
code refactoring
2010-12-20 09:44:21 +00:00
Miroslav Stampar
36862e2efa
update
2010-12-18 15:57:47 +00:00
Miroslav Stampar
e355f92f22
bug fix
2010-12-18 10:02:01 +00:00
Miroslav Stampar
fe67d3827c
code refactoring and some fixes
2010-12-18 09:51:34 +00:00
Miroslav Stampar
a19cb2c13a
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
2010-12-17 21:29:09 +00:00
Miroslav Stampar
07609bfb53
minor fix
2010-12-17 19:33:20 +00:00
Miroslav Stampar
de54219571
code refactoring
2010-12-15 12:50:56 +00:00
Miroslav Stampar
c1c525aaea
quick fix of a fix
2010-12-15 12:10:33 +00:00
Miroslav Stampar
7cfeb5447b
minor update
2010-12-15 11:46:28 +00:00
Miroslav Stampar
4dec24d056
quick fix for a bug reported by Andreas Constantinides (KeyError: 5)
2010-12-15 11:30:29 +00:00
Miroslav Stampar
f8a01ddaf8
minor update
2010-12-15 11:21:47 +00:00
Miroslav Stampar
c3d0295d21
minor update (checking for --time-sec value)
2010-12-14 12:37:21 +00:00
Miroslav Stampar
b75d7fa348
minor cache based optimization
2010-12-14 12:22:17 +00:00
Bernardo Damele
04caef6de0
Tuning
2010-12-13 23:04:26 +00:00
Bernardo Damele
cfcee6439e
Cosmetics
2010-12-13 21:55:30 +00:00
Bernardo Damele
4b79227b5a
Minor bug fix to properly merge options from .conf file (-c) with command line switches
2010-12-13 21:36:23 +00:00
Bernardo Damele
698f30e65e
Cosmetics
2010-12-13 21:34:35 +00:00
Miroslav Stampar
d56f47d530
fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20')
2010-12-12 23:59:55 +00:00
Miroslav Stampar
e98d9c08e1
dumping table is now possible on Firebird too
2010-12-12 14:38:07 +00:00
Miroslav Stampar
c93634b6c7
blind dumping of tables in sqlite implemented
2010-12-11 22:13:19 +00:00
Miroslav Stampar
b1babeefe5
update regarding dumping of tables with blind on Sqlite
2010-12-11 22:00:16 +00:00
Miroslav Stampar
6a24048aa6
urllib2 doesn't play well with '\n' when non unescaped chars used
2010-12-11 21:17:54 +00:00
Miroslav Stampar
d2a3e8f44f
first time firebird error-based query success
2010-12-11 11:17:24 +00:00
Miroslav Stampar
f021548bd0
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
2010-12-11 10:52:04 +00:00
Miroslav Stampar
1fc9ed10a8
minor refactoring
2010-12-10 12:30:36 +00:00
Miroslav Stampar
fe2039f5ba
coollyy little commits
2010-12-10 11:32:46 +00:00
Miroslav Stampar
d5e7a8d305
update
2010-12-10 10:54:17 +00:00
Bernardo Damele
b6dcbcef5b
Minor fix
2010-12-10 10:52:55 +00:00
Miroslav Stampar
bbffea2cbc
bug fix
2010-12-09 17:10:22 +00:00
Miroslav Stampar
0eb2c408a9
code refactoring
2010-12-09 16:49:02 +00:00
Bernardo Damele
5fb04515d3
Added hidden (for the moment) switch --technique
2010-12-09 13:47:17 +00:00
Miroslav Stampar
ec5c08ca7a
cosmetics
2010-12-09 09:24:20 +00:00
Miroslav Stampar
db39dc32fc
minor update
2010-12-09 00:59:39 +00:00
Bernardo Damele
9c61adb21d
Cosmetics
2010-12-09 00:26:06 +00:00
Miroslav Stampar
258e9fb50e
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
2010-12-08 21:16:18 +00:00
Miroslav Stampar
81c16926c1
code refactoring some more
2010-12-08 14:46:07 +00:00
Miroslav Stampar
95b48746a6
cosmetics
2010-12-08 14:29:09 +00:00
Miroslav Stampar
01cf1394a4
code refactoring
2010-12-08 14:26:40 +00:00
Miroslav Stampar
af22679605
minor update
2010-12-08 13:09:27 +00:00
Miroslav Stampar
6223f25dd9
code beautification
2010-12-08 13:04:48 +00:00
Miroslav Stampar
64cc2588f1
now resume is available for time-based blinds too
2010-12-08 12:49:26 +00:00
Miroslav Stampar
293ce18fed
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
2010-12-07 23:32:33 +00:00
Miroslav Stampar
b21eb88905
minor update
2010-12-07 22:45:38 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Bernardo Damele
5f97312f29
Minor fix
2010-12-07 17:17:38 +00:00
Miroslav Stampar
ecd4a5a532
added standard deviation check in time based tests
2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
add6235b16
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f
code refactoring
2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8
Added counter of total HTTP(s) requests done during detection phase
2010-12-07 12:33:47 +00:00
Bernardo Damele
effd2ca0e3
Cosmetics
2010-12-07 12:32:58 +00:00
Miroslav Stampar
2af8835a94
fix for a bug reported by ToR (origValue = paramDict[kb.injection.parameter] -> KeyError in resume with missing injection parameter)
2010-12-07 10:57:32 +00:00
Miroslav Stampar
3d87489de5
minor update
2010-12-07 08:05:03 +00:00
Miroslav Stampar
61f82fd274
introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic
2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6
removed ERROR_SPACE
2010-12-06 22:40:07 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Miroslav Stampar
27ee9a5ccf
minor refactoring
2010-12-06 15:50:19 +00:00
Miroslav Stampar
a43d252ae9
minor update
2010-12-06 00:14:08 +00:00
Bernardo Damele
17449754fe
Got rid of UNION false cond
2010-12-05 16:16:15 +00:00
Bernardo Damele
41e1b95c6c
Minor code refactoring and finally make exploitation work also on OR boolean-based injections
2010-12-05 11:25:44 +00:00
Miroslav Stampar
9e5f933ace
some updates
2010-12-04 15:47:02 +00:00
Miroslav Stampar
3f9450b9dc
minor fix
2010-12-04 14:43:35 +00:00
Miroslav Stampar
1f795622b3
some fine tuning of dynamicity removing engine
2010-12-04 13:39:35 +00:00
Miroslav Stampar
eeb199375b
usage of compiled regexes in case of dynamic markings and other refactoring
2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8
code refactoring
2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
2010-12-04 10:05:18 +00:00
Miroslav Stampar
b3a094b9d6
fix for a bug reported by ToR (when resuming: queries[kb.dbms] -> KeyError: u'mysql')
2010-12-03 22:44:29 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Bernardo Damele
5d37df6104
Ugly code to set the cookies when got them from a 302 redirect too
2010-12-03 17:41:10 +00:00
Bernardo Damele
9d55c4da87
Done with support for injection in ORDER BY and GROUP BY (hopefully)
2010-12-03 16:12:47 +00:00
Bernardo Damele
91c3cf8fd0
Minor improvement
2010-12-03 16:11:57 +00:00
Bernardo Damele
126a1479d8
Bug fix for --union-test
2010-12-03 14:57:30 +00:00
Bernardo Damele
b824826a89
Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses
2010-12-03 14:39:51 +00:00
Miroslav Stampar
612ee08a0b
added response time kb attribute
2010-12-03 13:19:34 +00:00
Bernardo Damele
4dec049c22
Major bug fix for test on ORDER BY and GROUP BY clauses.
...
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
2010-12-03 12:00:03 +00:00
Bernardo Damele
827a0aea05
Minor bug fix
2010-12-03 11:15:11 +00:00
Bernardo Damele
7690aa85ce
Added a comment needed to understand this hack when looking at the code in a month or so ;)
2010-12-03 11:00:41 +00:00
Bernardo Damele
a9d4b37987
Code cleanup and minor refactoring
2010-12-03 10:51:27 +00:00
Bernardo Damele
22de82634a
Important update to parse correctly the <where> tag during exploitation phase.
...
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Miroslav Stampar
2cc167a42e
fix for a bug reported by ToR: "AttributeError: 'NoneType' object has no attribute 'isdigit'"
2010-12-02 18:57:43 +00:00
Bernardo Damele
283a04e29a
On my way to properly parse test's <where> tag in exploitation phase
2010-12-01 23:32:58 +00:00
Bernardo Damele
09b265a1ea
Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check
2010-12-01 23:32:02 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
c00ea7f5e5
Store and resume also UNION char to session file (--union-char)
2010-12-01 10:59:58 +00:00
Bernardo Damele
2708aad504
Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.
2010-12-01 10:31:50 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
8b9706656e
Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.
...
Minor code refactoring too.
2010-11-29 17:18:38 +00:00
Miroslav Stampar
e735f2960a
minor update
2010-11-29 15:25:45 +00:00
Miroslav Stampar
70e87d959e
update of dynamicity engine
2010-11-29 15:14:49 +00:00
Bernardo Damele
2efb3b78ea
Consider also --dbms value during the detection phase
2010-11-29 14:48:07 +00:00
Bernardo Damele
76ce9cc888
Minor bug fix for --forms
2010-11-29 12:46:18 +00:00
Bernardo Damele
c22338ce90
Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).
2010-11-29 11:47:58 +00:00
Bernardo Damele
e8c6c01e27
precaution
2010-11-29 09:54:30 +00:00
Bernardo Damele
9d7087e2ff
Proper saving and resuming when more than a parameter are injectable.
...
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Bernardo Damele
472f4465a6
Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
...
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
6712f4da55
some refactoring and one less request for aspx maintanance during --os-shell
2010-11-24 14:20:43 +00:00
Bernardo Damele
253eafb643
paranoid cosmetics
2010-11-24 12:03:01 +00:00
Miroslav Stampar
b2b521fc8a
gready regex bastard :)
2010-11-24 12:01:36 +00:00
Miroslav Stampar
9579a97039
now ASPX works too for --os-shell
2010-11-24 11:38:27 +00:00
Miroslav Stampar
f9f076ba97
code refactoring
2010-11-23 21:00:42 +00:00
Miroslav Stampar
7877a931d5
more cosmetics regarding dictionary attack
2010-11-23 20:54:40 +00:00
Miroslav Stampar
c4414df594
minor update
2010-11-23 15:33:13 +00:00
Miroslav Stampar
78024eafe0
little precaution
2010-11-23 15:31:23 +00:00
Miroslav Stampar
aa5d038f18
more code refactoring
2010-11-23 14:50:47 +00:00
Miroslav Stampar
3cae76627c
code refactoring regarding dictionary attack
2010-11-23 13:58:01 +00:00
Miroslav Stampar
ba4ea32603
first working version of dictionary attack
2010-11-23 13:24:02 +00:00
Miroslav Stampar
c471b815cc
fix for a bug reported by BugTrace (IndexError: list index out of range)
2010-11-22 10:58:08 +00:00
Bernardo Damele
99a23e23cf
Extra check on --union-cols value
2010-11-19 16:39:26 +00:00
Bernardo Damele
c23126547e
Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.
2010-11-19 15:48:24 +00:00
Bernardo Damele
ad17e9ed2a
Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)
2010-11-19 14:56:20 +00:00
Miroslav Stampar
d97e97d884
minor update :)
2010-11-19 09:02:44 +00:00
Bernardo Damele
4a9bd3a240
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
2010-11-18 17:55:43 +00:00
Bernardo Damele
544327379f
Little precaution
2010-11-18 14:32:52 +00:00
Bernardo Damele
f6a17cb1a8
Revert wrong fix
2010-11-18 10:41:06 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Miroslav Stampar
ca5125bbe0
minor update related to r2401
2010-11-17 20:50:31 +00:00
Bernardo Damele
360aff7a4d
sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle
2010-11-17 17:20:32 +00:00
Miroslav Stampar
a0df36beda
when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared)
2010-11-17 15:33:07 +00:00
Miroslav Stampar
d757e4ae1c
bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs)
2010-11-17 09:46:04 +00:00
Miroslav Stampar
2a8e270bef
proper handling of carriage return character from Windows target machines
2010-11-16 15:11:03 +00:00
Miroslav Stampar
ab33651f96
minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior)
2010-11-16 15:02:22 +00:00
Miroslav Stampar
3487429eac
minor cosmetics
2010-11-16 14:41:46 +00:00
Miroslav Stampar
cccb565859
cosmetics
2010-11-16 14:11:32 +00:00
Miroslav Stampar
b9d9f18939
added General cmdline group
2010-11-16 14:09:09 +00:00
Miroslav Stampar
e7a66371f8
update regarding os shell-ing regarding JSP and ASPX
2010-11-16 13:46:46 +00:00
Miroslav Stampar
6ef3846400
update regarding error parsing (and reporting)
2010-11-16 10:42:42 +00:00
Miroslav Stampar
ff310475c8
some reporting update for --forms
2010-11-15 14:17:51 +00:00
Miroslav Stampar
20d6b9a5c1
minor fix
2010-11-15 12:24:32 +00:00
Miroslav Stampar
819085155e
minor update/fix
2010-11-15 12:07:13 +00:00
Miroslav Stampar
c25c017c08
cosmetics regarding --forms
2010-11-15 11:50:33 +00:00
Miroslav Stampar
36c544f440
update (--forms acts now more like -g switch)
2010-11-15 11:34:57 +00:00
Bernardo Damele
5f46a549ba
Cosmetics for --forms
2010-11-14 21:59:35 +00:00
Bernardo Damele
8d07272c82
Added --union-cols switch to specify the max number of columns to test for UNION query sql injection.
...
Now stores/resumes also the exact UNION payload to session file.
2010-11-13 23:24:41 +00:00
Bernardo Damele
a777d59870
Minor bug fix
2010-11-12 15:17:12 +00:00
Bernardo Damele
0a83a830d9
Properly handle both HTTPS and HTTP requests through proxy
2010-11-12 14:21:46 +00:00
Bernardo Damele
e1ef27f592
work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https
2010-11-12 12:25:02 +00:00
Bernardo Damele
9f53048ff4
Put a space always between the user's provided prefix and sqlmap payload
2010-11-12 11:48:26 +00:00
Miroslav Stampar
697b32554c
fix for a bug "ordinal not in range(128)" reported by bugtrace
2010-11-12 11:48:25 +00:00
Bernardo Damele
a34c1b287c
Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)
2010-11-12 11:33:11 +00:00
Bernardo Damele
8cec75656c
Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp)
2010-11-12 10:31:42 +00:00
Bernardo Damele
66c82d72e4
Typo fix
2010-11-12 10:02:02 +00:00
Miroslav Stampar
8aefd0bbf7
improvement of --common-tables and --common-columns
2010-11-11 20:37:25 +00:00
Miroslav Stampar
24238ccd0b
re-renaming of brute force switches. this way is better.
2010-11-11 07:57:44 +00:00
Miroslav Stampar
96d88877ba
bug fix (reported by ToR)
2010-11-10 19:44:51 +00:00
Miroslav Stampar
88c00e61d3
another update
2010-11-09 23:35:37 +00:00
Miroslav Stampar
5ebd5d935c
another name change
2010-11-09 22:49:31 +00:00