Commit Graph

740 Commits

Author SHA1 Message Date
Miroslav Stampar
6608410320 Adding a question after WAF has been identified 2013-05-18 18:26:40 +02:00
stamparm
03732d2592 Minor fix 2013-05-17 16:04:05 +02:00
stamparm
76b4e1ccb9 Implementation for an Issue #450 2013-05-17 15:04:25 +02:00
stamparm
f1f34a65a2 Minor update 2013-05-15 13:38:26 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
stamparm
5dd2529b02 Minor language update 2013-03-26 14:18:37 +01:00
stamparm
4d2b77dde3 Minor language update 2013-03-26 14:15:40 +01:00
stamparm
3f8dafedae Minor text update 2013-03-26 14:08:35 +01:00
stamparm
7447773237 Update for consistency (all other enums are using _ in between words) 2013-03-20 11:10:24 +01:00
Miroslav Stampar
8acf033715 Code refactoring 2013-03-19 19:24:14 +01:00
Miroslav Stampar
a3d9a7b1ff Minor fix 2013-03-19 19:06:51 +01:00
Martin Bjerregaard Jepsen
d7a77c79ad Fixed incorrect call to checkBooleanExpression when testing for false positives 2013-03-01 22:51:34 +01:00
stamparm
3a3f9c5ea1 Trivial commit related to the last one 2013-03-01 12:09:03 +01:00
stamparm
440b484bf6 Minor update (one more just in case dummy request in false positive check for time-based injections - when DBMS could be unresponsive a bit due to previous heavy-queries) 2013-03-01 10:59:04 +01:00
Miroslav Stampar
e42350ddce Minor style update 2013-02-28 20:28:34 +01:00
Miroslav Stampar
0e89cc62a2 Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections 2013-02-28 20:20:08 +01:00
stamparm
af4762ace2 Minor style update 2013-02-26 11:16:09 +01:00
stamparm
f6b43b4b13 Minor update for an Issue #290 2013-02-26 11:08:06 +01:00
stamparm
68ce51bfd4 Changing from warn to info for no WAF found 2013-02-22 12:15:38 +01:00
stamparm
0bbbfc2eac Adding a small warning message (related to the Issue #407) 2013-02-22 11:12:41 +01:00
Miroslav Stampar
229e4e167b Minor cosmetics 2013-02-21 21:06:31 +01:00
stamparm
3a8c0cd3a2 Minor style update 2013-02-21 14:52:56 +01:00
stamparm
29ba43ee6c Unhidding switch '--identify-waf' (Issue #290) 2013-02-21 14:48:19 +01:00
stamparm
08f0670aca Minor refactoring for an Issue #290 2013-02-21 14:39:22 +01:00
stamparm
8e49872d7c Finalizing implementation for an Issue #290 2013-02-21 14:33:12 +01:00
stamparm
6b2981ef4e Update for an Issue #290 (adding tamper-like scripts into (new) directory waf) 2013-02-21 11:14:57 +01:00
Miroslav Stampar
5c099efccc Fix for an Issue #401 2013-02-18 11:38:18 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
1618086027 Minor fix 2013-02-05 10:58:02 +01:00
Miroslav Stampar
44579120b5 Cosmetics 2013-02-05 10:02:11 +01:00
Miroslav Stampar
e7b93b5b66 Implementation for an Issue #363 2013-02-01 17:24:04 +01:00
Miroslav Stampar
993372aae4 Bug fix (causing search problems) 2013-02-01 11:24:17 +01:00
Miroslav Stampar
f41460f8d8 Better naming 2013-01-29 20:53:11 +01:00
Miroslav Stampar
8c84a16cb7 Minor style update for an Issue #377 2013-01-25 12:52:31 +01:00
Miroslav Stampar
194a9e7b88 Implementation for an Issue #377 2013-01-25 12:34:57 +01:00
Miroslav Stampar
b4a55a809e Refactoring DBMS string escaping functions 2013-01-20 13:45:58 +01:00
Miroslav Stampar
ac7709204a Better fix for that page/headers/comparison --string candidate problem 2013-01-18 17:00:11 +01:00
Miroslav Stampar
8141d17985 Revert of previous commit (more care has to be done regarding headers dynamicity) 2013-01-18 16:49:35 +01:00
Miroslav Stampar
33094a118c Fix for an Issue where '--string' is being automatically picked not looking properly in headers too 2013-01-18 16:35:09 +01:00
Bernardo Damele
a43202f3c0 updated copyright 2013-01-18 14:07:51 +00:00
Bernardo Damele
542f6de72e typo fix 2013-01-16 01:31:03 +00:00
Miroslav Stampar
e4a3c015e5 Replacing old and deprecated raise Exception style (PEP8) 2013-01-03 23:20:55 +01:00
Bernardo Damele
3a11d36c66 minor bug fix 2013-01-02 21:49:15 +00:00
Miroslav Stampar
df0f08bc6a Cleaning some (web upload based) garbage 2012-12-13 13:19:47 +01:00
Miroslav Stampar
a54c261496 Minor update for Issues #292 & #293 (only single alert per target) 2012-12-11 14:44:43 +01:00
Miroslav Stampar
5c2451d83c Implementation for an Issue #293 2012-12-11 12:48:58 +01:00
Miroslav Stampar
562044577b Implementation for an Issue #292 2012-12-11 12:02:06 +01:00
Miroslav Stampar
42f4c2bac9 Minor fix when --dbms is enforced 2012-12-10 11:42:10 +01:00
Miroslav Stampar
974407396e Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods) 2012-12-06 14:14:19 +01:00
Miroslav Stampar
ab67344448 Removed unused imports and variables (pyflake-ing) 2012-12-06 11:15:05 +01:00
Miroslav Stampar
ca427af8b3 Minor refactoring/improvement 2012-10-28 01:42:08 +02:00
Miroslav Stampar
bcdba7b7bb Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details 2012-10-28 01:11:50 +02:00
Miroslav Stampar
c1b8226329 Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery) 2012-10-28 00:36:09 +02:00
Miroslav Stampar
235cc656b9 Fix for an Issue #224 2012-10-25 15:25:31 +02:00
Miroslav Stampar
bcf708f4b1 Minor update 2012-10-25 13:37:33 +02:00
Miroslav Stampar
fdcdd11cb9 Minor update for an Issue #222 2012-10-25 13:35:44 +02:00
Miroslav Stampar
8a5844a364 Implementation for an Issue #222 2012-10-25 13:21:32 +02:00
Miroslav Stampar
9ad58cb531 Implementation for an Issue #204 2012-10-16 10:24:05 +02:00
Miroslav Stampar
f71b937add Minor language cleanup 2012-10-04 18:28:36 +02:00
Miroslav Stampar
2fbd05c98f Minor language update 2012-10-04 18:04:55 +02:00
Miroslav Stampar
687f3991de Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g. 2012-09-26 11:27:43 +02:00
Miroslav Stampar
9ca7b3e20e Implementation for an Issue #194 2012-09-25 09:25:35 +02:00
Miroslav Stampar
c1c65a7167 Fix for an Issue #166 2012-08-29 20:21:45 +02:00
Miroslav Stampar
e9ae44c6fc Implementation for an #162 2012-08-22 16:50:01 +02:00
Miroslav Stampar
0ad3846451 Minor language update 2012-08-22 16:10:56 +02:00
Miroslav Stampar
a62a874d59 Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets) 2012-08-22 16:06:09 +02:00
Miroslav Stampar
4ab4fd1cb4 Minor update 2012-08-22 15:53:40 +02:00
Miroslav Stampar
52351e5d81 Update for an Issue #161 (now detecting format error messages too) 2012-08-22 15:51:47 +02:00
Miroslav Stampar
7b93108e7d Favoring non-string specific boundaries in case of digit-like parameter values 2012-08-22 13:58:52 +02:00
Miroslav Stampar
8a5042b6a4 Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case) 2012-08-22 11:56:30 +02:00
Miroslav Stampar
7d0662da23 Update for an #161 2012-08-22 11:42:06 +02:00
Miroslav Stampar
61151447fe Implementation of an Issue #161 2012-08-22 11:27:58 +02:00
Miroslav Stampar
6210ddfbd6 Minor refactoring 2012-08-22 11:00:39 +02:00
Miroslav Stampar
a927d94d39 Update for an Issue #155 2012-08-22 10:57:31 +02:00
Miroslav Stampar
6f450ac8bf Implementation for an Issue #155 2012-08-20 12:14:01 +02:00
Miroslav Stampar
823dde73ab Minor cleanup 2012-08-20 11:40:49 +02:00
Miroslav Stampar
76338add17 Fix for an Issue #152 2012-08-20 10:41:43 +02:00
Miroslav Stampar
6f529542e3 Making those --string tips (containing escaped characters) decodable by sqlmap 2012-07-31 11:32:53 +02:00
Miroslav Stampar
b3552494c4 Minor preparation for an Issue #48 2012-07-26 12:26:57 +02:00
Miroslav Stampar
30f8d09651 Implementation for an Issue #70 2012-07-26 12:06:02 +02:00
Miroslav Stampar
2b60e61d54 Minor update for #119 2012-07-25 10:57:19 +02:00
Miroslav Stampar
922ea9d1f4 Update for Issue #118 2012-07-24 15:43:29 +02:00
Bernardo Damele
318a01b867 minor typo fixes 2012-07-17 00:25:02 +01:00
Bernardo Damele
162da75a04 modified homepage address 2012-07-12 18:38:03 +01:00
Miroslav Stampar
e948e4d45b Some more refactoring 2012-07-06 17:18:22 +02:00
Miroslav Stampar
7ad6697446 Fix for Issue #57 2012-07-04 20:21:44 +02:00
jekil
c39e5a85ba Removed $id$ tags 2012-06-27 20:56:43 +02:00
Miroslav Stampar
302d782a0f minor style update 2012-06-19 08:33:51 +00:00
Miroslav Stampar
3da8f86e97 minor fix 2012-06-15 21:01:27 +00:00
Miroslav Stampar
76584ff0fa unhidding --test-filter 2012-06-14 14:36:53 +00:00
Miroslav Stampar
d2bbfa4aad minor style update 2012-05-28 14:04:17 +00:00
Miroslav Stampar
dc20bff1d0 minor update 2012-05-25 08:30:24 +00:00
Miroslav Stampar
7657bbeaf9 minor update 2012-05-24 22:32:06 +00:00
Miroslav Stampar
86fdad2bfa minor update 2012-05-24 22:07:50 +00:00
Miroslav Stampar
2538e2d5b4 fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring 2012-05-22 09:33:22 +00:00
Miroslav Stampar
80ee687b41 minor beauty patch 2012-05-07 13:51:31 +00:00
Miroslav Stampar
6f67dc85ee adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical 2012-04-25 20:29:07 +00:00
Miroslav Stampar
3532d23933 automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established) 2012-04-23 13:41:36 +00:00
Miroslav Stampar
54576ab3a6 making a random choice from candidates 2012-04-13 10:54:30 +00:00
Miroslav Stampar
bbbcc95fe5 use it only if page is stable 2012-04-13 10:19:26 +00:00
Miroslav Stampar
b45ae10da4 minor fixes 2012-04-11 21:36:37 +00:00
Miroslav Stampar
e33ea7c33a minor fix 2012-04-10 22:29:39 +00:00
Miroslav Stampar
a82206cec4 minor cosmetics 2012-04-10 21:57:00 +00:00
Miroslav Stampar
119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate 2012-04-10 21:48:34 +00:00
Miroslav Stampar
56638f9e95 making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection 2012-03-30 10:50:01 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
ce4c697bbd disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code 2012-03-29 13:39:12 +00:00
Miroslav Stampar
c9cac957bb adding one more case for false positive check (Generic tests without any DBMS knowledge) 2012-03-29 09:56:09 +00:00
Miroslav Stampar
3abcd6910a strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test 2012-03-22 00:06:50 +00:00
Miroslav Stampar
0fc4288a7c modifying redirection code for only two choices 2012-03-18 17:27:08 +00:00
Miroslav Stampar
577caac4de putting kb.negativeLogic setting to the safe place 2012-03-16 09:17:11 +00:00
Miroslav Stampar
7d313ac911 few more fixes for proper redirecting mechanism 2012-03-15 19:47:59 +00:00
Bernardo Damele
4520744b4d second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now 2012-03-15 16:25:26 +00:00
Miroslav Stampar
a7fbc55748 grammar fix 2012-03-13 22:03:23 +00:00
Miroslav Stampar
c878dd3e5a doing a dummy test for --os-shell in case of xp_cmdshell 2012-03-09 14:21:41 +00:00
Miroslav Stampar
a0b46963cb minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup) 2012-03-09 10:28:19 +00:00
Miroslav Stampar
0ead1fd87e minor update 2012-03-05 09:42:52 +00:00
Miroslav Stampar
1ec56f93ec minor update 2012-03-01 10:10:19 +00:00
Miroslav Stampar
f142c0f782 minor update 2012-02-28 14:04:13 +00:00
Miroslav Stampar
6e54cb171f minor code restyling 2012-02-22 15:53:36 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
844fc8addb minor cleanup 2012-02-16 10:19:36 +00:00
Miroslav Stampar
11af0b1bbc minor fix 2012-02-07 11:16:03 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
23117e72ca minor improvement 2012-01-13 20:56:06 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
1f085a0241 now [SLEEPTIME] is changeable properly in vivo 2012-01-05 14:45:05 +00:00
Miroslav Stampar
94d43a4135 minor bug fix 2011-12-30 14:20:06 +00:00
Miroslav Stampar
f622995a29 compatibility with partial union and error technique resumed data 2011-12-22 12:20:21 +00:00
Miroslav Stampar
6f8d8a15aa minor update 2011-12-22 11:55:02 +00:00
Miroslav Stampar
95cd9e2af3 adding support for scanning Host header values (-p host) 2011-12-20 12:52:41 +00:00
Miroslav Stampar
c57941c102 minor beautification 2011-12-15 23:33:44 +00:00
Miroslav Stampar
27d244b326 minor update 2011-12-15 23:29:11 +00:00
Miroslav Stampar
0f5d48ff20 minor update 2011-12-05 09:25:56 +00:00
Miroslav Stampar
2842c13d75 minor update 2011-11-29 16:59:06 +00:00
Miroslav Stampar
2ed3efba12 speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase) 2011-11-22 08:39:13 +00:00
Miroslav Stampar
49fddaf668 minor update (for cases with 404 original page - e.g. time based injections in some cases) 2011-11-20 23:11:18 +00:00
Miroslav Stampar
8c32b3653b minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means) 2011-11-20 20:27:30 +00:00
Miroslav Stampar
20ae1c2187 added switch --logic-negative 2011-10-24 00:40:06 +00:00
Miroslav Stampar
4989e8e6d3 minor update 2011-10-10 17:29:54 +00:00
Miroslav Stampar
b888a84764 minor update 2011-09-27 14:31:58 +00:00
Miroslav Stampar
88f1110c44 adding a new (for now) hidden switch --test-filter for filtering tests by their name 2011-09-27 14:09:25 +00:00
Miroslav Stampar
7e80274fac refactoring 2011-09-25 21:10:45 +00:00
Miroslav Stampar
f46baac70b bug fix (when comment is None this was errornous) 2011-08-17 10:58:29 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33 Search for --string and --regexp matches also in HTTP response headers 2011-08-12 15:33:37 +00:00
Miroslav Stampar
2ad267132a minor update for empty normal responses (like AJAX requests) 2011-08-05 10:55:21 +00:00
Miroslav Stampar
07afcd5440 fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no) 2011-08-02 18:20:21 +00:00
Bernardo Damele
6cbb927012 Partial fix for -o not resumed at following runs if missing from command line 2011-07-25 11:05:49 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
0d28c1e9e7 cosmetics 2011-07-06 20:41:13 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
8a8b94883b minor update (that default quit in --batch was bothering me - my original idea and it was bad :) 2011-06-27 14:14:49 +00:00
Miroslav Stampar
c4cb367e65 looks nicer (though --tor is implicitly converted into --proxy) 2011-06-24 19:00:53 +00:00
Miroslav Stampar
2de88bd90b minor update 2011-06-24 17:19:24 +00:00
Bernardo Damele
f8c32cf6b9 Moved folder 2011-06-18 12:34:41 +00:00
Miroslav Stampar
25b923bbc3 minor fixes and minor updates 2011-06-16 12:12:30 +00:00
Miroslav Stampar
4d51fa8155 minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails) 2011-06-15 17:37:28 +00:00
Miroslav Stampar
9331abb96f minor update 2011-06-11 08:33:36 +00:00
Bernardo Damele
d217cf71b2 Minor bug fix 2011-06-08 23:32:44 +00:00
Miroslav Stampar
d8155dfae9 change by request 2011-06-08 14:44:11 +00:00
Bernardo Damele
0d3e8a76d8 Cosmetics and a missing param 2011-06-08 14:40:42 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
1c633b7351 i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified 2011-06-07 22:14:18 +00:00
Miroslav Stampar
97d8c60c3f better language 2011-06-03 15:58:19 +00:00
Miroslav Stampar
0a620bf322 more info to the user 2011-06-03 15:43:50 +00:00
Miroslav Stampar
8aa5625cd0 proper fix related to the last commit 2011-06-01 23:00:18 +00:00
Miroslav Stampar
fd57aae779 bug fix (until this moment we had UNION unfunctional for MSSQL) 2011-06-01 22:47:54 +00:00
Miroslav Stampar
45caadbd4a important update - finally found what was causing headache for UNION payloads in noticeable number of cases 2011-05-26 21:54:19 +00:00
Miroslav Stampar
97bd5355dd minor update 2011-05-26 21:18:55 +00:00
Miroslav Stampar
4f46a5ab63 minor usability enhancement regarding warning for --text-only switch 2011-05-26 20:48:18 +00:00
Miroslav Stampar
f11d5c91e3 minor update so that only one DNS request per scan is being done (before this commit there were two) 2011-05-12 14:32:39 +00:00
Miroslav Stampar
120b0d756e unfix 2011-05-10 21:33:06 +00:00
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Bernardo Damele
1151af52bb More fix for save/resume of --technique 2011-05-07 21:08:14 +00:00
Bernardo Damele
2d8408c885 More fix for --technique resume 2011-05-05 16:38:46 +00:00
Bernardo Damele
6cff3e97f4 cosmetics 2011-05-02 21:48:08 +00:00
Miroslav Stampar
06498796b9 minor cosmetics 2011-05-02 20:51:53 +00:00
Bernardo Damele
955dbc85e7 Minor variable rename 2011-04-30 15:29:59 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
441c288dd9 cosmeticados 2011-04-25 00:36:09 +00:00
Miroslav Stampar
304500a2e8 implemented checkFalsePositives method (simple Turing like tests) 2011-04-22 12:24:16 +00:00
Miroslav Stampar
df0331fe9b some more refactoring 2011-04-19 23:04:10 +00:00
Miroslav Stampar
9b0db33cc5 initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model 2011-04-19 08:55:38 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
5b21352656 cosmeticados ;) 2011-04-08 10:39:07 +00:00
Bernardo Damele
c6b9d89d31 Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly 2011-04-07 11:10:35 +00:00
Bernardo Damele
05d12790f1 closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message) 2011-04-06 14:41:44 +00:00
Miroslav Stampar
0916117447 improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names 2011-03-30 18:32:10 +00:00
Miroslav Stampar
dd01d66f13 proper update regarding last commit 2011-03-29 22:10:08 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
970cde5a8a minor update regarding last commit 2011-03-17 09:23:46 +00:00
Miroslav Stampar
e64f225e65 minor refactoring 2011-03-11 20:16:34 +00:00
Miroslav Stampar
90582ed7dc minor change 2011-02-21 11:35:21 +00:00
Miroslav Stampar
6cdf08b81c minor fix 2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217 --technique can now be something like 123 which includes both techniques 1, 2 and 3 2011-02-17 21:39:16 +00:00
Miroslav Stampar
7ebc1ab90a minor cosmetics 2011-02-17 08:59:14 +00:00
Miroslav Stampar
5fb11fd173 update regarding multiple DBMS payloads 2011-02-13 21:20:21 +00:00
Miroslav Stampar
521635c84d quick fix for UA and Referer 2011-02-11 23:36:23 +00:00
Miroslav Stampar
535eb9f3eb implementation of referer feature 2011-02-11 23:07:03 +00:00
Miroslav Stampar
a6ab24e0b5 just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed 2011-02-10 22:47:43 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Miroslav Stampar
2c4f6d2e99 fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too 2011-02-07 21:53:05 +00:00
Miroslav Stampar
a577d0e9a5 restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary) 2011-02-07 21:18:01 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
0800d9e49b Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() 2011-02-06 22:58:12 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
d2b96a66a2 one more update regarding last few "unescape" related commits 2011-02-06 20:23:23 +00:00
Bernardo Damele
c44978862e Minor reordering of what gets saved into the injection object 2011-02-06 15:20:44 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Bernardo Damele
d875d848ce Better sort 2011-02-01 22:04:48 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Bernardo Damele
8278d821ac Another layout adjustment 2011-01-30 16:23:19 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Miroslav Stampar
10b723f196 minor fix for a bug reported by yonnym@googlemail.com 2011-01-25 22:26:28 +00:00
Bernardo Damele
e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads 2011-01-24 12:25:45 +00:00
Miroslav Stampar
7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) 2011-01-21 18:32:10 +00:00
Bernardo Damele
9770db597e Centralization of unescape() 2011-01-20 21:55:13 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Bernardo Damele
eda0b41859 Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase.
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
2011-01-18 23:03:50 +00:00
Bernardo Damele
c2a358561f Proper support for --union-cols 2011-01-17 22:57:33 +00:00
Bernardo Damele
47565f9459 Minor code refactoring 2011-01-17 21:13:59 +00:00
Miroslav Stampar
f5e36876e7 removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency 2011-01-16 19:29:06 +00:00
Miroslav Stampar
ec1ab3cd2a removing timeSec from injection configuration attributes as it highly depends on current connection "variables" 2011-01-16 12:12:01 +00:00
Miroslav Stampar
71391874eb slightly faster and thread safer inference 2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix.
Minor code refactoring.
2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99 More refactoring and cleanup 2011-01-16 00:15:30 +00:00
Bernardo Damele
d3a28124b1 More code cleanup 2011-01-15 23:11:36 +00:00
Bernardo Damele
4a35f598b8 Minor refactoring 2011-01-15 22:09:53 +00:00
Miroslav Stampar
0f565c941e bug fix and proper warning message 2011-01-15 16:59:53 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Miroslav Stampar
bff989d348 minor update 2011-01-14 15:43:53 +00:00
Miroslav Stampar
daf5662eab update 2011-01-14 15:33:49 +00:00
Miroslav Stampar
08f7e20c51 minor code refactoring 2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Miroslav Stampar
676b95b30a minor code refactoring 2011-01-14 09:44:56 +00:00
Bernardo Damele
f8c04ce020 Minor bug fix 2011-01-13 20:59:13 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
ece2eb31ca minor update 2011-01-13 11:08:29 +00:00
Bernardo Damele
be6e2d6a31 Important bug fix.
Minor code restyling.
2011-01-13 09:41:55 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections.
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
2011-01-12 12:01:32 +00:00
Bernardo Damele
8bdb7ec58c Ahead with UNION exploitation after UNION test moved to detection phase - a lot to do yet. 2011-01-12 00:47:39 +00:00
Bernardo Damele
5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase.
Added minor support to escape quotes in UNION payloads during detection phase.
2011-01-11 23:47:32 +00:00
Bernardo Damele
2f5995a7eb Added generic and mysql UNION tests from 1 to 25 columns.
Adapted config file and command line removing now outdated --union-test switch.
Minor bug fix.
Minor code refactoring.
Got rid of some debug messages, standardized logging of UNION tests.
2011-01-11 22:56:21 +00:00
Bernardo Damele
300128042c First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.
Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY.
2011-01-11 22:18:47 +00:00
Miroslav Stampar
cc9ca802bf minor update 2011-01-06 08:54:50 +00:00
Miroslav Stampar
572f403069 update of one thing that was missing 2011-01-03 21:28:22 +00:00
Miroslav Stampar
92e4cdb241 raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic 2011-01-03 14:21:41 +00:00
Miroslav Stampar
3629c2737b automatically turn on --text-only in case of heavily-dynamicity instead of critical exit 2011-01-03 11:06:49 +00:00
Miroslav Stampar
adc41181e6 some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one 2011-01-03 10:37:20 +00:00
Miroslav Stampar
5860b8942f minor update 2011-01-03 09:16:42 +00:00
Miroslav Stampar
d19a8d53e4 minor update 2011-01-03 08:46:20 +00:00
Miroslav Stampar
8625494ff2 added one new quick check for multiple target(s) mode 2011-01-03 08:32:06 +00:00
Miroslav Stampar
5f9b6b2254 code refactoring 2011-01-02 16:51:21 +00:00
Miroslav Stampar
ec4440108b minor cosmetics 2011-01-02 07:09:04 +00:00
Miroslav Stampar
428e817a32 some refactoring 2011-01-01 23:57:27 +00:00
Miroslav Stampar
212035e64d user can now choose if he wants to skip non-heuristic based DBMS tests 2011-01-01 23:38:11 +00:00
Miroslav Stampar
942cbafba6 minor update 2011-01-01 20:19:55 +00:00
Miroslav Stampar
e4fd8b3f0c (e) finally works as it should 2011-01-01 19:22:44 +00:00
Miroslav Stampar
91f665aaaa bug fix for Ctrl+C 2010-12-31 15:00:19 +00:00
Miroslav Stampar
613242e298 bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved) 2010-12-29 19:48:19 +00:00
Miroslav Stampar
8f32c740ff code refactoring 2010-12-29 19:39:32 +00:00
Miroslav Stampar
6700cabc36 minor optimization 2010-12-29 19:01:29 +00:00
Miroslav Stampar
569e060aab important improvement 2010-12-26 13:20:52 +00:00
Miroslav Stampar
96a06351a1 minor fix (in testing phase raise404 should be set to False) 2010-12-24 12:36:00 +00:00
Miroslav Stampar
2c23a59ba5 fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 12:13:48 +00:00
Miroslav Stampar
aab14fa2d3 minor refactoring/cosmetics 2010-12-24 11:06:57 +00:00
Miroslav Stampar
23dc408901 prioritization of tests based on DBMS error messages and some comments in common.py 2010-12-24 10:55:41 +00:00
Miroslav Stampar
017ea9e686 update 2010-12-23 14:06:22 +00:00
Miroslav Stampar
8fc60215ed lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called. 2010-12-22 19:12:46 +00:00
Miroslav Stampar
08c88495d0 removed that ugly hack 2010-12-22 13:09:04 +00:00
Miroslav Stampar
d974a966b8 minor fix for end phase (Ctrl+C) 2010-12-21 23:55:55 +00:00
Miroslav Stampar
0e68248f60 minor update of heuristic check 2010-12-21 12:56:18 +00:00
Miroslav Stampar
16f1f4e13e when doing dynamic checks there are cases when 404 can be raised (perfectly normal) 2010-12-21 11:04:49 +00:00
Bernardo Damele
ad6b528b33 Bit more verbose comment 2010-12-21 10:47:39 +00:00
Miroslav Stampar
e10670d9ac added end detection phase choice into Ctrl+C list 2010-12-20 23:34:00 +00:00
Miroslav Stampar
b34fe5c334 no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout) 2010-12-20 22:49:48 +00:00
Miroslav Stampar
eaf8929085 more minor updates 2010-12-20 10:48:53 +00:00
Miroslav Stampar
e9f1ecb9e7 minor update 2010-12-20 10:32:58 +00:00
Miroslav Stampar
10a7a2dfb2 kids, don't use this at home 2010-12-20 10:13:14 +00:00
Miroslav Stampar
4cb83654dc minor update 2010-12-18 16:28:21 +00:00
Miroslav Stampar
05c6d661e8 cosmetics 2010-12-18 10:49:49 +00:00
Miroslav Stampar
03220d34ba added Ctrl+C check in detection phase 2010-12-18 10:42:09 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
323af45ce4 added one more time request payload to confirm test results 2010-12-17 07:53:58 +00:00
Miroslav Stampar
d5fb921154 removed debug print 2010-12-09 20:08:59 +00:00
Miroslav Stampar
0eb2c408a9 code refactoring 2010-12-09 16:49:02 +00:00
Bernardo Damele
df5f6bc1b7 Little precaution 2010-12-09 14:06:43 +00:00
Bernardo Damele
5fb04515d3 Added hidden (for the moment) switch --technique 2010-12-09 13:47:17 +00:00
Bernardo Damele
0c01be0eeb Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work). 2010-12-09 00:34:02 +00:00
Bernardo Damele
9c61adb21d Cosmetics 2010-12-09 00:26:06 +00:00
Bernardo Damele
10ef2b5de8 Minor bug fix 2010-12-08 23:09:42 +00:00
Miroslav Stampar
81c16926c1 code refactoring some more 2010-12-08 14:46:07 +00:00
Miroslav Stampar
ed09c53ee4 minor minor update 2010-12-08 14:27:37 +00:00
Miroslav Stampar
1ae2fa7f1a update regarding time based payloads 2010-12-08 11:26:54 +00:00
Miroslav Stampar
a4a63f5b1e minor update 2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) 2010-12-07 23:32:33 +00:00
Miroslav Stampar
575e50673b minor update 2010-12-07 19:27:01 +00:00
Miroslav Stampar
398b82644a little explanation 2010-12-07 19:25:26 +00:00
Miroslav Stampar
dc651d59ec little mathematics here and there (used "Rules for normally distributed data") 2010-12-07 19:19:12 +00:00
Bernardo Damele
ee72838231 Removed debug print 2010-12-07 17:19:29 +00:00
Bernardo Damele
5f97312f29 Minor fix 2010-12-07 17:17:38 +00:00
Miroslav Stampar
ecd4a5a532 added standard deviation check in time based tests 2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec more advanced time technique(s) 2010-12-07 16:04:53 +00:00
Miroslav Stampar
4959da3ce6 it's a must to double check time based payloads 2010-12-07 14:59:11 +00:00
Miroslav Stampar
e53fef546e update regarding session page templates 2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16 removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session 2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f code refactoring 2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8 Added counter of total HTTP(s) requests done during detection phase 2010-12-07 12:33:47 +00:00
Miroslav Stampar
3d87489de5 minor update 2010-12-07 08:05:03 +00:00
Miroslav Stampar
0da1ebde7d introducing PostgreSQL time based blind 2010-12-07 00:51:14 +00:00
Miroslav Stampar
61f82fd274 introducing [DELAYED] for heavy query time based payloads when response time is non-deterministic 2010-12-07 00:27:26 +00:00
Miroslav Stampar
2735848ab6 removed ERROR_SPACE 2010-12-06 22:40:07 +00:00
Miroslav Stampar
9ccc8f90a3 minor cosmetic update ("heuristics shows" is not grammatically correct) 2010-12-06 18:47:22 +00:00
Miroslav Stampar
d336f1df23 minor update 2010-12-06 18:44:42 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Miroslav Stampar
27ee9a5ccf minor refactoring 2010-12-06 15:50:19 +00:00
Miroslav Stampar
5189f138d7 increasing socket timeout in case of time based checks 2010-12-05 23:18:16 +00:00
Miroslav Stampar
7a5cd3b35f minor comment update 2010-12-05 11:15:09 +00:00
Bernardo Damele
618b3b0211 Cosmetics 2010-12-05 11:05:57 +00:00
Miroslav Stampar
9e5f933ace some updates 2010-12-04 15:47:02 +00:00
Miroslav Stampar
1f795622b3 some fine tuning of dynamicity removing engine 2010-12-04 13:39:35 +00:00
Miroslav Stampar
eeb199375b usage of compiled regexes in case of dynamic markings and other refactoring 2010-12-04 13:23:28 +00:00
Miroslav Stampar
0fc7a8f9e8 code refactoring 2010-12-04 10:13:18 +00:00
Miroslav Stampar
04714374f9 now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s)) 2010-12-04 10:05:18 +00:00
Bernardo Damele
11058667e4 Better naming 2010-12-03 14:45:13 +00:00
Bernardo Damele
b824826a89 Minor enhancement to prefix payload in ORDER BY and GROUP BY clauses 2010-12-03 14:39:51 +00:00
Bernardo Damele
bb40ab9fb0 Major bug fix for default boolean-based vector still work and minor adjustments 2010-12-03 14:31:11 +00:00
Miroslav Stampar
612ee08a0b added response time kb attribute 2010-12-03 13:19:34 +00:00
Bernardo Damele
4dec049c22 Major bug fix for test on ORDER BY and GROUP BY clauses.
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
2010-12-03 12:00:03 +00:00
Bernardo Damele
7d6f51f758 Avoid blank space between prefix and test's payload if it's a stacked queries test 2010-12-03 10:42:46 +00:00
Bernardo Damele
283a04e29a On my way to properly parse test's <where> tag in exploitation phase 2010-12-01 23:32:58 +00:00
Bernardo Damele
089c16a1b8 Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
56d2b2f322 Avoid storing to session file also payload delimiters 2010-12-01 10:55:59 +00:00
Bernardo Damele
8d84dcc5dc More sense 2010-12-01 09:17:17 +00:00
Bernardo Damele
c8f943f5e4 Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Miroslav Stampar
47a7708950 minor improvement of dynamic content detection/removal part 2010-11-30 12:45:42 +00:00
Miroslav Stampar
e735f2960a minor update 2010-11-29 15:25:45 +00:00
Miroslav Stampar
70e87d959e update of dynamicity engine 2010-11-29 15:14:49 +00:00
Bernardo Damele
ee4e04ebca Minor adjustment 2010-11-29 15:09:40 +00:00
Bernardo Damele
2efb3b78ea Consider also --dbms value during the detection phase 2010-11-29 14:48:07 +00:00
Miroslav Stampar
be6df7abd9 improvement of dynamicity engine 2010-11-29 14:30:57 +00:00
Bernardo Damele
6525e08d6b Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values 2010-11-29 12:13:42 +00:00
Bernardo Damele
9d7087e2ff Proper saving and resuming when more than a parameter are injectable.
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Bernardo Damele
75f7df75b6 Minor fix 2010-11-28 23:33:51 +00:00