Miroslav Stampar
293ce18fed
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
2010-12-07 23:32:33 +00:00
Miroslav Stampar
dc651d59ec
little mathematics here and there (used "Rules for normally distributed data")
2010-12-07 19:19:12 +00:00
Miroslav Stampar
ecd4a5a532
added standard deviation check in time based tests
2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec
more advanced time technique(s)
2010-12-07 16:04:53 +00:00
Miroslav Stampar
add6235b16
removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session
2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f
code refactoring
2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8
Added counter of total HTTP(s) requests done during detection phase
2010-12-07 12:33:47 +00:00
Miroslav Stampar
d77ddbee47
OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)
2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe
Got rid of UNION false cond
2010-12-05 16:16:15 +00:00
Miroslav Stampar
9e5f933ace
some updates
2010-12-04 15:47:02 +00:00
Miroslav Stampar
1f795622b3
some fine tuning of dynamicity removing engine
2010-12-04 13:39:35 +00:00
Miroslav Stampar
04714374f9
now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))
2010-12-04 10:05:18 +00:00
Bernardo Damele
5d37df6104
Ugly code to set the cookies when got them from a 302 redirect too
2010-12-03 17:41:10 +00:00
Miroslav Stampar
612ee08a0b
added response time kb attribute
2010-12-03 13:19:34 +00:00
Bernardo Damele
22de82634a
Important update to parse correctly the <where> tag during exploitation phase.
...
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Bernardo Damele
09b265a1ea
Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check
2010-12-01 23:32:02 +00:00
Bernardo Damele
8b9706656e
Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now.
...
Minor code refactoring too.
2010-11-29 17:18:38 +00:00
Miroslav Stampar
e735f2960a
minor update
2010-11-29 15:25:45 +00:00
Bernardo Damele
2efb3b78ea
Consider also --dbms value during the detection phase
2010-11-29 14:48:07 +00:00
Bernardo Damele
76ce9cc888
Minor bug fix for --forms
2010-11-29 12:46:18 +00:00
Bernardo Damele
9d7087e2ff
Proper saving and resuming when more than a parameter are injectable.
...
Minor bug fix to --stacked-test
Minor code refactoring.
2010-11-29 01:04:42 +00:00
Bernardo Damele
472f4465a6
Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
...
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Miroslav Stampar
c471b815cc
fix for a bug reported by BugTrace (IndexError: list index out of range)
2010-11-22 10:58:08 +00:00
Bernardo Damele
99a23e23cf
Extra check on --union-cols value
2010-11-19 16:39:26 +00:00
Bernardo Damele
c23126547e
Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.
2010-11-19 15:48:24 +00:00
Bernardo Damele
ad17e9ed2a
Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)
2010-11-19 14:56:20 +00:00
Miroslav Stampar
ff310475c8
some reporting update for --forms
2010-11-15 14:17:51 +00:00
Miroslav Stampar
20d6b9a5c1
minor fix
2010-11-15 12:24:32 +00:00
Miroslav Stampar
819085155e
minor update/fix
2010-11-15 12:07:13 +00:00
Miroslav Stampar
c25c017c08
cosmetics regarding --forms
2010-11-15 11:50:33 +00:00
Miroslav Stampar
36c544f440
update (--forms acts now more like -g switch)
2010-11-15 11:34:57 +00:00
Bernardo Damele
0a83a830d9
Properly handle both HTTPS and HTTP requests through proxy
2010-11-12 14:21:46 +00:00
Bernardo Damele
e1ef27f592
work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https
2010-11-12 12:25:02 +00:00
Bernardo Damele
45ec8c169a
Consistency between --*-test switches/output
2010-11-08 16:46:25 +00:00
Miroslav Stampar
fda8752dca
revert of some HTTP headers handling
2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483
More replacements for refactoring.
...
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
2010-11-08 12:36:48 +00:00
Miroslav Stampar
eb999de0f1
added Range handler (dealing with 206 HTTP messages)
2010-11-08 12:26:13 +00:00
Miroslav Stampar
a3de10e3a2
new option -t
2010-11-08 11:22:47 +00:00
Miroslav Stampar
d551423379
further enum refactoring
2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Bernardo Damele
73e85bfc75
Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now
2010-11-07 16:24:44 +00:00
Miroslav Stampar
afba26a53f
tiny winy update
2010-11-07 09:00:45 +00:00
Miroslav Stampar
2b8c942b4a
more update
2010-11-07 08:58:24 +00:00
Miroslav Stampar
16f52ab7ba
cosmetic fix
2010-11-07 08:13:20 +00:00
Miroslav Stampar
8d93bdfa4b
minor update (optimization) regarding -a switch
2010-11-07 08:11:56 +00:00
Miroslav Stampar
e1cec8c02b
fix for all that stable, dynamic mambo jambo :)
2010-11-04 16:44:34 +00:00
Miroslav Stampar
18aea251b3
added concept of tamper script priority
2010-11-04 10:29:40 +00:00
Miroslav Stampar
6adee3792a
removed all trailing spaces from blank lines
2010-11-03 10:08:27 +00:00