sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 10:03:47 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	7b93108e7d	Favoring non-string specific boundaries in case of digit-like parameter values	2012-08-22 13:58:52 +02:00
Miroslav Stampar	25ee333e66	Minor language update	2012-08-22 12:00:17 +02:00
Miroslav Stampar	8a5042b6a4	Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)	2012-08-22 11:56:30 +02:00
Miroslav Stampar	7d0662da23	Update for an #161	2012-08-22 11:42:06 +02:00
Miroslav Stampar	61151447fe	Implementation of an Issue #161	2012-08-22 11:27:58 +02:00
Miroslav Stampar	6210ddfbd6	Minor refactoring	2012-08-22 11:00:39 +02:00
Miroslav Stampar	a927d94d39	Update for an Issue #155	2012-08-22 10:57:31 +02:00
Miroslav Stampar	32a36f1ff3	El Cosmeticado	2012-08-22 09:58:39 +02:00
Miroslav Stampar	2c66ca39f1	Wrong limit number has been used (MySQL LIMIT/OFFSET starts with 0)	2012-08-22 09:53:53 +02:00
Miroslav Stampar	ebab05cf7c	Fix for an Issue #158	2012-08-21 20:20:38 +02:00
Miroslav Stampar	ad59abe018	Cleaning leftover	2012-08-21 14:37:09 +02:00
Miroslav Stampar	1b86fffc6d	Fix for an Issue #157	2012-08-21 14:36:04 +02:00
Miroslav Stampar	d421f9a618	Fix for an Issue #157	2012-08-21 14:34:19 +02:00
Miroslav Stampar	1bcf5a6b88	Some more dict refactorings	2012-08-21 11:30:01 +02:00
Miroslav Stampar	01f481c332	Minor refactoring of dictionaries	2012-08-21 11:19:15 +02:00
Miroslav Stampar	b9c63eb908	Fix for an Issue #156	2012-08-21 10:46:29 +02:00
Miroslav Stampar	b7415d36df	Minor refactoring	2012-08-21 10:28:25 +02:00
Miroslav Stampar	7a8ace78f9	Removing redundant newline char as logger already adds it's own	2012-08-21 09:58:40 +02:00
Miroslav Stampar	233b9a3815	Fix for Issue #150 and Issue #151 (urllib2 is automatically adding those)	2012-08-20 22:17:39 +02:00
Miroslav Stampar	8ee9feafb9	Making payloads a bit shorter (removing redundant space after comma character - e.g. in inband queries)	2012-08-20 21:57:25 +02:00
Miroslav Stampar	6f450ac8bf	Implementation for an Issue #155	2012-08-20 12:14:01 +02:00
Miroslav Stampar	823dde73ab	Minor cleanup	2012-08-20 11:40:49 +02:00
Miroslav Stampar	2b6123c4f8	Minor style update	2012-08-20 11:29:23 +02:00
Miroslav Stampar	e0d9fa8666	Minor style update	2012-08-20 11:28:41 +02:00
Miroslav Stampar	76338add17	Fix for an Issue #152	2012-08-20 10:41:43 +02:00
Miroslav Stampar	59078bb1b8	Fix for an Issue #154	2012-08-20 10:05:13 +02:00
Miroslav Stampar	4649450603	Fix for an Issue #137	2012-08-16 22:20:24 +02:00
Miroslav Stampar	0d8fca30c9	Fix for an Issue #59	2012-08-16 11:31:43 +02:00
Miroslav Stampar	1af81c0de4	Implementation of an Issue #149	2012-08-15 22:31:25 +02:00
Miroslav Stampar	f358ab2e73	Implementation of an Issue #147	2012-08-15 16:37:18 +02:00
Miroslav Stampar	36b55cf209	Proper fix for an Issue #145	2012-08-14 22:28:42 +02:00
Miroslav Stampar	ab35ab4e2a	Fix for an Issue #145	2012-08-14 18:52:45 +02:00
Miroslav Stampar	432b567584	Fix for an Issue #141	2012-08-08 00:03:58 +02:00
Miroslav Stampar	31ceb0cb6c	Fix for an Issue #140	2012-08-07 10:57:29 +02:00
Miroslav Stampar	fec8a5cc9d	Fix for an Issue #139	2012-08-07 00:50:58 +02:00
Miroslav Stampar	f797a6d813	Fix for an Issue #125	2012-07-31 13:06:45 +02:00
Miroslav Stampar	6f529542e3	Making those --string tips (containing escaped characters) decodable by sqlmap	2012-07-31 11:32:53 +02:00
Miroslav Stampar	142fc887f1	Fix for an Issue #129	2012-07-31 11:03:44 +02:00
Miroslav Stampar	bdbe8ff9d9	Fix for an Issue #132	2012-07-30 22:39:45 +02:00
Miroslav Stampar	47073f4afd	Implementation of an Issue #131	2012-07-30 21:50:46 +02:00
Miroslav Stampar	93d35fe522	Minor update regarding Issue #129	2012-07-30 21:43:32 +02:00
Miroslav Stampar	b9ac50faef	Minor bug fix	2012-07-30 12:09:20 +02:00
Miroslav Stampar	a86f9798b2	Minor refactoring together with a wider support for html entities	2012-07-30 11:21:32 +02:00
Miroslav Stampar	20a66567a3	Minor refactoring	2012-07-30 10:06:14 +02:00
Miroslav Stampar	cc2a916716	Fix for an Issue #126	2012-07-29 17:33:08 +02:00
Miroslav Stampar	1669c6bdb4	Another update for an Issue #28	2012-07-27 17:05:21 +02:00
Miroslav Stampar	6ffc5665d0	Update for Issue #28	2012-07-27 16:29:33 +02:00
Miroslav Stampar	07738004cc	Fix for an Issue #123	2012-07-27 10:02:47 +02:00
Miroslav Stampar	a5062c1e4f	Adding a warn message when --dns-domain is ignored (because of faster techniques)	2012-07-27 09:48:48 +02:00
Bernardo Damele	92c2b3bd4c	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-26 23:11:11 +01:00
Bernardo Damele	d492291744	working on issue #12	2012-07-26 23:11:07 +01:00
Miroslav Stampar	cba387a0a0	Minor speed up	2012-07-26 15:42:04 +02:00
Miroslav Stampar	efa99c4519	Implementation for an Issue #4	2012-07-26 14:07:05 +02:00
Miroslav Stampar	b3552494c4	Minor preparation for an Issue #48	2012-07-26 12:26:57 +02:00
Miroslav Stampar	3e9f1fe410	Minor style update	2012-07-26 12:13:16 +02:00
Miroslav Stampar	30f8d09651	Implementation for an Issue #70	2012-07-26 12:06:02 +02:00
Miroslav Stampar	231f0f76b5	Fix for an Issue #119	2012-07-26 00:49:51 +02:00
Miroslav Stampar	cba77410a9	Minor style update	2012-07-26 00:08:49 +02:00
Miroslav Stampar	18b1d1efd6	Fix for an Issue #121	2012-07-26 00:02:38 +02:00
Miroslav Stampar	2b60e61d54	Minor update for #119	2012-07-25 10:57:19 +02:00
Miroslav Stampar	922ea9d1f4	Update for Issue #118	2012-07-24 15:43:29 +02:00
Miroslav Stampar	f8c9868cb6	Implementation for an Issue #118	2012-07-24 15:34:50 +02:00
Miroslav Stampar	42f518b2d6	Minor update for letting unhandledExceptionMessage() do it's job if kb has not yet been initialized	2012-07-24 14:44:44 +02:00
Miroslav Stampar	b820975217	Improvement of decodeIntToUnicode()	2012-07-23 19:31:06 +02:00
Miroslav Stampar	1153b4563c	Minor update for an Issue #111	2012-07-23 18:44:50 +02:00
Miroslav Stampar	fccd69721e	Update for an Issue #111	2012-07-23 18:38:46 +02:00
Miroslav Stampar	ab9cb80602	Implementing Issue #111	2012-07-23 15:14:52 +02:00
Miroslav Stampar	6809449e31	Minor style update	2012-07-23 15:06:49 +02:00
Miroslav Stampar	63bf99ce77	Minor just in case update for an Issue #117	2012-07-23 14:46:43 +02:00
Miroslav Stampar	c6b724489b	Minor style update	2012-07-23 14:26:42 +02:00
Miroslav Stampar	a7d1a0c250	Implementation for an Issue #117	2012-07-23 14:14:22 +02:00
Miroslav Stampar	3279ce53a8	Minor style update	2012-07-23 13:57:38 +02:00
Miroslav Stampar	534eccc9aa	Fix for an Issue #115	2012-07-23 10:16:47 +02:00
Miroslav Stampar	1b6cb9442f	Fix for an Issue #114	2012-07-21 23:31:36 +02:00
Bernardo Damele	0a4b6431a8	minor bug fix - issue #112	2012-07-21 16:51:01 +01:00
Miroslav Stampar	95e0d46e3e	Fix for an Issue #110	2012-07-21 09:15:54 +02:00
Bernardo Damele	dba0a96c2e	fall-back to UNION technique if web file stager was not uploaded with LIMIT	2012-07-20 17:11:22 +01:00
Bernardo Damele	cbe8f41746	minor code refactoring preparing for #96	2012-07-20 16:20:17 +01:00
Miroslav Stampar	f336afa913	Implementation for Issue #108	2012-07-20 09:48:09 +02:00
Miroslav Stampar	dcf8a27f12	Implementation for an Issue #67	2012-07-18 14:24:10 +02:00
Miroslav Stampar	4fc462c4d9	Minor update for an Issue #105	2012-07-18 14:09:04 +02:00
Miroslav Stampar	655dd55a6f	Implementation of an Issue #105	2012-07-18 13:32:34 +02:00
Miroslav Stampar	08244c7ebf	Fix for an Issue #104	2012-07-17 15:05:50 +02:00
Miroslav Stampar	e30646a54f	Fix for an Issue #103	2012-07-17 10:36:22 +02:00
Miroslav Stampar	41d16e55cb	Typo fix (#102 )	2012-07-17 09:13:19 +02:00
Bernardo Damele	7198e3185b	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-17 00:25:08 +01:00
Bernardo Damele	318a01b867	minor typo fixes	2012-07-17 00:25:02 +01:00
Miroslav Stampar	d6ceb7af5e	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-17 00:19:52 +02:00
Miroslav Stampar	81d15e5051	Fix for an Issue #101	2012-07-17 00:19:33 +02:00
Bernardo Damele	5f876bdbbe	minor adjustments	2012-07-16 22:50:29 +01:00
Miroslav Stampar	c96e44b30c	Fix for an Issue #100	2012-07-16 23:28:01 +02:00
Miroslav Stampar	ffbbb10abb	Support for dotted identificator names	2012-07-16 23:13:21 +02:00
Miroslav Stampar	0e21cb54de	Minor fix related to Issue #94	2012-07-16 16:06:39 +02:00
Miroslav Stampar	0f64e1e6c1	Minor update for Issue #94 (not fixing it)	2012-07-16 15:43:02 +02:00
Miroslav Stampar	0eff977c63	Refactoring for Issue #91	2012-07-16 12:24:54 +02:00
Miroslav Stampar	4d759984b2	Implementation for Issue #91	2012-07-16 12:12:52 +02:00
Miroslav Stampar	c1a14257a4	Removing --disable... switches and making changes in default choice(s) for respectable sections	2012-07-16 11:31:51 +02:00
Miroslav Stampar	07a85874fe	Implementation for Issue #92	2012-07-16 11:07:47 +02:00
Miroslav Stampar	87ecf205cb	More work for Issue #66	2012-07-14 17:01:04 +02:00
Miroslav Stampar	38d82771be	Minor style update	2012-07-14 11:23:22 +02:00
Miroslav Stampar	805120ac52	Minor refactoring	2012-07-14 11:01:30 +02:00
Miroslav Stampar	9a7fc24ec2	Minor style update	2012-07-13 15:22:08 +02:00
Miroslav Stampar	ddb9caeef1	Revert of the previous commit	2012-07-13 15:05:19 +02:00
Miroslav Stampar	d165d5d5fe	To not be confused with heuristic method in SQLi	2012-07-13 15:03:43 +02:00
Miroslav Stampar	32b700f130	Minor style update	2012-07-13 15:02:11 +02:00
Miroslav Stampar	fbb5db00ba	Minor style update	2012-07-13 15:00:39 +02:00
Miroslav Stampar	786686da60	Minor language update	2012-07-13 14:53:42 +02:00
Miroslav Stampar	9ff9c951bc	Language update	2012-07-13 14:33:16 +02:00
Miroslav Stampar	6677da63cd	Fix for an Issue #88	2012-07-13 14:25:39 +02:00
Miroslav Stampar	3c81f74823	Minor style update	2012-07-13 12:22:37 +02:00
Miroslav Stampar	6ade007aec	Minor update of language	2012-07-13 12:13:04 +02:00
Miroslav Stampar	c5ecc8b8db	Closing work on Issue #83	2012-07-13 11:23:21 +02:00
Miroslav Stampar	48f68bd076	First commit for Issue #83	2012-07-13 10:35:22 +02:00
Miroslav Stampar	d834e8debf	Minor update	2012-07-13 10:28:03 +02:00
Miroslav Stampar	b11fd8b9f7	Fix for an Issue #87	2012-07-13 10:11:16 +02:00
Bernardo Damele	162da75a04	modified homepage address	2012-07-12 18:38:03 +01:00
Miroslav Stampar	a49d685eb8	Hidding --beep (Issue #84 )	2012-07-12 17:03:24 +02:00
Bernardo Damele	ea9c66108e	cleanup for issue #68	2012-07-12 15:38:43 +01:00
Miroslav Stampar	569c9214bf	Adding support for boldifying important logging messages	2012-07-12 16:30:35 +02:00
Miroslav Stampar	b2fe1c30f8	Minority report	2012-07-12 16:04:01 +02:00
Miroslav Stampar	8e18514e56	Minor refactoring for all that stickyness	2012-07-12 15:58:45 +02:00
Miroslav Stampar	fe61bdce75	Minor update	2012-07-12 15:25:26 +02:00
Miroslav Stampar	dbbca16c69	Minor renaming	2012-07-12 15:24:40 +02:00
Miroslav Stampar	9bc24cea6b	Dealing with kb.currentMessage issue	2012-07-12 15:23:35 +02:00
Miroslav Stampar	b320dc118d	Minor fix (recognizing if it's colorizing handler or not)	2012-07-12 14:55:54 +02:00
Miroslav Stampar	cba2a26b68	Finishing Issue #75 (inference dumping)	2012-07-12 14:46:57 +02:00
Miroslav Stampar	65639cdda6	First update for Issue #75 (error-based dumping)	2012-07-12 14:31:28 +02:00
Miroslav Stampar	3fd5119f3f	Redesigning for Issue #75	2012-07-12 13:42:22 +02:00
Bernardo Damele	3d66e2dfb1	minor bug fix	2012-07-12 10:47:51 +01:00
Bernardo Damele	33cbbed4a8	I think we should not resume checkBooleanExpression() calls if --fresh-queries or --flush-session is provided	2012-07-12 01:39:15 +01:00
Bernardo Damele	f704a46341	silly blank line added	2012-07-12 01:38:29 +01:00
Bernardo Damele	ee3aeb8dcf	actual implementation of issue #75 , still some work to do	2012-07-12 01:16:00 +01:00
Bernardo Damele	3a94953ae2	leftover from previous commit	2012-07-12 01:15:34 +01:00
Bernardo Damele	a5924739f6	minor code refactoring in preparation of ticket #75	2012-07-12 01:12:30 +01:00
Bernardo Damele	53c0336b48	added --hostname switch to retrieve DBMS server hostname - closes issue #69	2012-07-12 00:01:57 +01:00
Bernardo Damele	4e64c1126d	restored bold on questions to users (calls from readInput()) - issue #77	2012-07-11 22:56:11 +01:00
Bernardo Damele	247f95e051	restored kb.currentMessage - needed in cases where we send to dataToStdout() strings like "." (e.g. "creation in progres ..... done")	2012-07-11 22:48:27 +01:00
Bernardo Damele	2b3ea3e3b7	fixed colouring for PAYLOAD (-v 3) - issue #77	2012-07-11 22:40:52 +01:00
Miroslav Stampar	15ee5310d9	Adding traffic in and out to color_map	2012-07-11 20:42:18 +02:00
Miroslav Stampar	43cac2212b	Fix for a case when ColorizingStreamHandler is not used	2012-07-11 20:36:32 +02:00
Miroslav Stampar	72378d4f61	Some more refactoring	2012-07-11 20:29:48 +02:00
Miroslav Stampar	c6464b44be	Some more refactoring	2012-07-11 20:13:23 +02:00
Miroslav Stampar	d7926b8aac	Minor refactoring	2012-07-11 19:54:21 +02:00
Bernardo Damele	53ccd09ca4	now also readInput() uses colouring	2012-07-11 17:53:32 +01:00
Bernardo Damele	02ec25b4b8	code refactoring	2012-07-11 17:44:23 +01:00
Bernardo Damele	77b275f1a6	conf->kb	2012-07-11 17:32:12 +01:00
Bernardo Damele	1d2c87e24e	leftover	2012-07-11 17:22:01 +01:00
Bernardo Damele	105ac8ea77	deleted unnecessary hg file	2012-07-11 17:06:56 +01:00
Bernardo Damele	fa2f6f9a39	colourize manually crafter "logging" messages	2012-07-11 16:48:30 +01:00
Miroslav Stampar	295a7a8e5e	Another update for Issue #80	2012-07-11 16:14:20 +02:00
Miroslav Stampar	9a4f8d5f45	Fix for Issue #80	2012-07-11 16:01:25 +02:00
Bernardo Damele	0702dd70b5	verify also that the web backdoor has been successfully uploaded	2012-07-11 14:08:51 +01:00
Bernardo Damele	31571e6e2d	minor refactoring	2012-07-11 11:55:05 +01:00
Miroslav Stampar	9c4a62f725	Some work on Issue #68	2012-07-11 11:58:47 +02:00
Bernardo Damele	f219b39980	minor fix in case ctypes is not installed on Windows	2012-07-10 13:08:37 +01:00
Miroslav Stampar	8caffac4bc	conf.unescape->kb.unescape	2012-07-10 10:55:04 +02:00
Miroslav Stampar	e7f78bf04f	Fix for an issue where False value was displayed for --is.. switches	2012-07-10 10:31:14 +02:00
Bernardo Damele	ea77e7d9d1	added missing file - issue #77	2012-07-10 03:00:21 +01:00
Bernardo Damele	eb7ffb8f91	setup for implementing logging colouring - issue #77	2012-07-10 02:54:37 +01:00
Bernardo Damele	0a3899858d	missed in previous commit	2012-07-10 01:37:53 +01:00
Bernardo Damele	a27f50ed1d	added conf.unescape global variable to control whether or not the injected statements should be unescaped	2012-07-10 01:37:16 +01:00
Bernardo Damele	f645ac6040	dealing with variables in SQL procs - issue #33	2012-07-10 01:05:03 +01:00
Bernardo Damele	2527554f8e	more work on #33	2012-07-10 00:53:07 +01:00
Bernardo Damele	c4af7b9aa0	initial work for issue #33	2012-07-10 00:27:08 +01:00
Bernardo Damele	d3da3f5c52	refactoring for issue #51	2012-07-10 00:19:32 +01:00
Bernardo Damele	25eca9d671	finally got this working on MSSQL 2005: commands can now be executed as another user (BULK INSERT must be used in such case, see comments in the code) - issue #34	2012-07-09 14:26:23 +01:00
Bernardo Damele	99c5ea54f7	cleanup for #34	2012-07-09 12:39:43 +01:00
Bernardo Damele	d08a54e375	properly display the command stdout	2012-07-09 10:52:48 +01:00
Miroslav Stampar	3ff28e58b4	Update regarding Issue #52	2012-07-08 19:24:25 +02:00
Miroslav Stampar	0d539a876d	Minor fix (subversion->github)	2012-07-07 23:49:34 +02:00
Miroslav Stampar	a525dd4336	Fix for Issue #72	2012-07-07 19:02:46 +02:00
Miroslav Stampar	54e0a2d8ee	--os-shell now works perfect for inference-like techniques too	2012-07-07 17:57:06 +02:00
Miroslav Stampar	823b3d8be8	Minor language fixes	2012-07-07 11:41:52 +02:00
Miroslav Stampar	2669528b24	Language typo	2012-07-07 11:16:33 +02:00
Miroslav Stampar	58f6687194	Some refactoring (reusing xpCmdshellForgeCmd)	2012-07-07 10:51:29 +02:00
Miroslav Stampar	8620767b77	Proper fix	2012-07-07 10:38:07 +02:00
Miroslav Stampar	f00a776d8d	Minor fix for BigArray (now accepting negative indexes)	2012-07-07 10:35:29 +02:00
Miroslav Stampar	1c69eb5d30	Revert "major fix" This reverts commit `3a11fc2d9e`.	2012-07-07 10:26:13 +02:00
Bernardo Damele	3a11fc2d9e	major fix	2012-07-06 22:55:34 +01:00
Miroslav Stampar	8c871476ee	Some more refactoring	2012-07-06 17:34:40 +02:00
Miroslav Stampar	6bc0b34031	Some more refactoring	2012-07-06 17:28:01 +02:00
Miroslav Stampar	e948e4d45b	Some more refactoring	2012-07-06 17:18:22 +02:00
Miroslav Stampar	1a8ebbfd43	Minor refactoring	2012-07-06 17:05:47 +02:00
Bernardo Damele	373fea03a3	fixed display of TABs	2012-07-06 15:13:23 +01:00
Miroslav Stampar	438a636973	Fix for issue Issue #60	2012-07-06 15:36:32 +02:00
Miroslav Stampar	76f7f907c6	Minor update for Issue #61	2012-07-06 14:33:40 +02:00
Miroslav Stampar	6a05e3fd79	Fix for Issue #61	2012-07-06 14:24:44 +02:00
Miroslav Stampar	1ebff35b19	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-06 12:25:21 +02:00
Miroslav Stampar	982fcde1c0	Fix for Issue #62	2012-07-06 12:24:55 +02:00
Bernardo Damele	4fa6d51d93	improved issues link	2012-07-05 16:26:50 +01:00
Miroslav Stampar	bc5025b06c	Fix for Issue #59	2012-07-05 12:34:27 +02:00
Miroslav Stampar	c3c1b9e957	Minor restyling	2012-07-04 20:28:18 +02:00
Miroslav Stampar	7ad6697446	Fix for Issue #57	2012-07-04 20:21:44 +02:00
Miroslav Stampar	23fb753759	Finishing work on Issue #52	2012-07-03 22:13:01 +02:00
Miroslav Stampar	40fc6488bf	Fix for Issue #56 (Google has changed few things for retrieving PR)	2012-07-03 21:00:18 +02:00
Miroslav Stampar	bbf41f6658	Removing debugging leftover	2012-07-03 16:50:05 +02:00
Miroslav Stampar	ada627a022	Another update for Issue #52	2012-07-03 16:49:34 +02:00
Miroslav Stampar	70f754f6c5	Making work on Issue #52	2012-07-03 16:34:11 +02:00
Bernardo Damele	793fa464e3	website url fix	2012-07-03 13:14:39 +01:00
Miroslav Stampar	51f35674ca	Removing obsolete switch --version as version is now displayed with every run (Issue #54 )	2012-07-03 13:11:09 +02:00
Miroslav Stampar	481b46a004	Restyling output for Issue #52	2012-07-03 13:06:52 +02:00
Miroslav Stampar	6b419067b7	Another minor update for Issue #54	2012-07-03 12:49:35 +02:00
Miroslav Stampar	8b8677b938	Another minor update for Issue #54	2012-07-03 12:29:42 +02:00
Miroslav Stampar	47b6e696d8	Minor update for Issue #54	2012-07-03 12:21:40 +02:00
Miroslav Stampar	3af1532700	Implementation for Issue #54	2012-07-03 12:09:18 +02:00
Miroslav Stampar	5af6ca58a0	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-07-03 00:50:45 +02:00
Miroslav Stampar	168aeadf76	Adding switch --output-dir (Issue #53 )	2012-07-03 00:50:23 +02:00
Bernardo Damele	fd4cfb0cc0	working on #51	2012-07-02 15:28:19 +01:00
Bernardo Damele	7335072ab8	leftover	2012-07-02 15:11:21 +01:00
Bernardo Damele	04d803c7fd	more tweaking for issue #34 , it's totally not as trivial as it may look (OPENROWSET has many limitations on MSSQL >= 2005)	2012-07-02 15:02:00 +01:00
Bernardo Damele	b7d2680e55	minor refactoring, issue #51	2012-07-02 12:50:26 +01:00
Miroslav Stampar	8eefe4b71f	Getting back revision number - displayed like in GitHub commits (Issue #52 )	2012-07-02 13:01:20 +02:00
Bernardo Damele	add8352804	make the runAsDBMSUser() generic and ported to abstraction.py so the same function will be used for PostgreSQL dblink() too	2012-07-02 02:14:03 +01:00
Bernardo Damele	6697927098	initial support for --dbms-cred for MSSQL: can be used to execute OS commands as another DB use - useful if you have retrieved and cracked the 'sa' DBA password by any mean and can provide it to sqlmap	2012-07-02 02:04:19 +01:00
Bernardo Damele	7b4ecd9df0	added skeleton code for issue #34 , still not usable	2012-07-02 00:22:34 +01:00
Bernardo Damele	4736d46677	just in case..	2012-07-02 00:00:46 +01:00
Bernardo Damele	03d2c9c818	placeholder message when --update is provided, remove when the function is updated to pull changes from git	2012-07-01 23:59:44 +01:00
Bernardo Damele	18be319d13	hexencoding the command is much shorter than unescaping with CHAR() for MSSQL, also no need for spaces between nested comments when forging the xp_cmdshell command to run	2012-07-01 23:41:10 +01:00
Bernardo Damele	ff9e97a42c	minor code refactoring	2012-07-01 23:31:45 +01:00
Bernardo Damele	ab412da27f	I am back on stage and here to stay!!! to start.. a removal of confirm switch which masked cases where file write operations failed when set to False automatically, now at least it asks the user and defaults to Yes	2012-07-01 23:25:05 +01:00
Miroslav Stampar	d7cd55fb28	Fix for Issue #47	2012-07-01 11:05:04 +02:00
Miroslav Stampar	21d9ae0a2c	some more refactoring	2012-07-01 01:19:54 +02:00
Miroslav Stampar	f6509db31a	minor refactoring	2012-07-01 00:33:19 +02:00
Miroslav Stampar	32f52cdd04	Another language update for Issue #45	2012-06-29 10:33:54 +02:00
Miroslav Stampar	f0e39c3fae	Language update for Issue #45	2012-06-29 10:33:00 +02:00
Miroslav Stampar	c0f16f0c1a	Fix for Issue #45	2012-06-29 10:31:03 +02:00
Miroslav Stampar	e51d3a02f1	Update for Issue #43 (renamed --disable-cracking to --disable-hash)	2012-06-28 18:53:47 +02:00
Miroslav Stampar	18b596ea75	Merge branch 'master' of github.com:sqlmapproject/sqlmap	2012-06-28 18:48:18 +02:00
Miroslav Stampar	c8bac658f3	Fix for Issue #43	2012-06-28 18:47:55 +02:00
Miroslav Stampar	2a72fcce2b	Fix for Issue #42	2012-06-28 13:55:30 +02:00
jekil	c39e5a85ba	Removed $id$ tags	2012-06-27 20:56:43 +02:00
Miroslav Stampar	01be9381d5	minor update	2012-06-25 16:24:33 +00:00
Miroslav Stampar	6c4bd84d18	minor fix (turning back the functionality of kb.suppressResumeInfo)	2012-06-25 16:19:51 +00:00
Miroslav Stampar	ea5d483c86	session file no more	2012-06-21 11:19:30 +00:00
Miroslav Stampar	ec44e88db8	lots of refactoring regarding removal of already obsolete session file mechanism	2012-06-21 10:09:10 +00:00
Miroslav Stampar	1e67b4f0b9	minor fix	2012-06-20 14:16:26 +00:00
Miroslav Stampar	302d782a0f	minor style update	2012-06-19 08:33:51 +00:00
Miroslav Stampar	452ef202ae	minor fixes	2012-06-17 22:48:23 +00:00
Miroslav Stampar	b9f6943a42	minor update	2012-06-17 21:23:12 +00:00
Miroslav Stampar	e2a60b302f	minor fix	2012-06-17 21:21:45 +00:00
Miroslav Stampar	3da8f86e97	minor fix	2012-06-15 21:01:27 +00:00
Miroslav Stampar	fe49abd45f	minor fix	2012-06-15 20:49:28 +00:00
Miroslav Stampar	06be7bbb18	few just in case fixes (unarrayizeValue in dumpTable entries) and and some refactoring (unique is now not done for every union case but only if detected that there are duplicates in union test)	2012-06-15 20:41:53 +00:00
Miroslav Stampar	76c873a222	minor fix	2012-06-15 06:22:44 +00:00
Miroslav Stampar	76584ff0fa	unhidding --test-filter	2012-06-14 14:36:53 +00:00
Miroslav Stampar	d2dd47fb23	some more refactoring	2012-06-14 13:52:56 +00:00
Miroslav Stampar	facce2c0df	some more cleanup	2012-06-14 13:50:36 +00:00
Miroslav Stampar	d5e80089ff	minor summer cleanup	2012-06-14 13:44:16 +00:00
Miroslav Stampar	3a90105fbb	minor refactoring	2012-06-14 13:38:53 +00:00
Miroslav Stampar	1204eb00b2	minor fix	2012-06-14 12:46:32 +00:00
Miroslav Stampar	19c0efec59	just a minor refactoring	2012-06-14 09:10:28 +00:00
Miroslav Stampar	a51d8c4c79	replacing identifier safe char " with [] enclosing for MsSQL	2012-06-13 15:27:42 +00:00
Miroslav Stampar	367de838c1	minor update	2012-06-13 14:08:32 +00:00
Miroslav Stampar	4ac3794e80	minor update	2012-06-12 14:22:14 +00:00
Miroslav Stampar	d7f698fa14	minor update	2012-06-11 22:01:13 +00:00
Miroslav Stampar	96177393e1	minor update regarding --exact switch	2012-06-10 13:38:12 +00:00
Miroslav Stampar	b85a1fc271	minor fix	2012-06-05 22:55:42 +00:00
Miroslav Stampar	058a9c59a2	fix for a bug noticed in a multi target run (log files weren't saved properly - removed buffering as it didn't produce any noticeable results)	2012-06-05 22:40:55 +00:00
Miroslav Stampar	f94ebe3107	minor fix (credentials were only set for the first target)	2012-06-04 22:30:12 +00:00
Miroslav Stampar	738073105e	minor updates	2012-06-04 19:52:51 +00:00
Miroslav Stampar	7b282b1d6c	adding support for newer SSL protocols	2012-06-04 19:46:28 +00:00
Miroslav Stampar	10b0639a96	making a "--exact" switch on demand (choosing exact identifier names by default instead of LIKE)	2012-06-04 09:24:46 +00:00
Miroslav Stampar	76a4aa19ac	some more fine tunning	2012-05-28 19:50:12 +00:00
Miroslav Stampar	73dba249e8	one more just in case update	2012-05-28 19:34:47 +00:00
Miroslav Stampar	efb406fbfc	minor revert	2012-05-28 19:13:50 +00:00
Miroslav Stampar	f7cba8d2cb	minor update	2012-05-28 18:05:15 +00:00
Miroslav Stampar	a72cb29c1f	taking care of few issues regarding reverse address lookup of localhost/127.0.0.1 at remote DNS server	2012-05-28 16:57:10 +00:00
Miroslav Stampar	190ae4ca13	no need for conf.timeSec value as inference is always evaluated to False in DNS (large random values used for > ...)	2012-05-28 15:10:17 +00:00
Miroslav Stampar	89e90c3d84	revert of last commit	2012-05-28 15:01:56 +00:00
Miroslav Stampar	96c84e6e5b	minor update	2012-05-28 15:00:06 +00:00
Miroslav Stampar	a70a647aeb	few fixes regarding --dns-domain usage (time-based technique should not be used as a failback because of few things, --time-sec should be put to 0 just in case,...)	2012-05-28 14:51:23 +00:00
Miroslav Stampar	b1d82422a0	changing conf.dnsDomain to conf.dName just because of long text problems in help listing	2012-05-28 14:15:04 +00:00
Miroslav Stampar	d2bbfa4aad	minor style update	2012-05-28 14:04:17 +00:00
Miroslav Stampar	226547b7dc	minor fix for --skip-urlencode and custom post	2012-05-28 09:04:25 +00:00
Miroslav Stampar	75dd1d6a2b	minor fix	2012-05-27 21:54:56 +00:00
Miroslav Stampar	e967bbd70f	minor patch	2012-05-27 21:44:42 +00:00
Miroslav Stampar	76eeba10e2	unhiding --dns-domain switch	2012-05-27 18:41:06 +00:00
Miroslav Stampar	fed0212631	now working with recursive queries too	2012-05-27 10:03:02 +00:00
Miroslav Stampar	71ff081fde	minor update	2012-05-27 09:11:19 +00:00
Miroslav Stampar	09f2144485	full page read is not needed in DNS exfiltration mode	2012-05-26 21:28:43 +00:00
Miroslav Stampar	4e6fcce9ca	minor update	2012-05-26 07:04:32 +00:00
Miroslav Stampar	ce077137c9	minor language update	2012-05-26 07:01:37 +00:00
Miroslav Stampar	d335ec0c34	turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars	2012-05-26 07:00:26 +00:00
Miroslav Stampar	00d22f013f	some consistency in variable naming at the file level	2012-05-25 10:08:55 +00:00
Miroslav Stampar	db526bdbc0	minor update (tainted values are not checked any more in multipleTargets mode)	2012-05-25 09:52:17 +00:00
Miroslav Stampar	dc20bff1d0	minor update	2012-05-25 08:30:24 +00:00
Miroslav Stampar	c394610740	adding switch --skip-urlencode to skip URL encoding of POST data	2012-05-24 23:30:33 +00:00
Miroslav Stampar	7657bbeaf9	minor update	2012-05-24 22:32:06 +00:00
Miroslav Stampar	86fdad2bfa	minor update	2012-05-24 22:07:50 +00:00
Miroslav Stampar	eed8d7eb5d	finalizing support for IPv6	2012-05-24 21:55:57 +00:00
Miroslav Stampar	b6d37d766a	minor update regarding IPv6 support	2012-05-24 21:49:20 +00:00
Miroslav Stampar	92286104e3	minor just in case update	2012-05-24 21:39:10 +00:00
Miroslav Stampar	3e9c57d177	minor fix	2012-05-24 21:36:35 +00:00
Miroslav Stampar	be76928293	minor fix	2012-05-24 20:53:01 +00:00
Miroslav Stampar	1e18168cc8	fix for one silent bug and small language update	2012-05-23 16:35:40 +00:00
Miroslav Stampar	2538e2d5b4	fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring	2012-05-22 09:33:22 +00:00
Miroslav Stampar	2c057d5b3d	minor style update	2012-05-21 22:40:52 +00:00
Miroslav Stampar	bbfa4b6d5d	minor update	2012-05-14 14:38:16 +00:00
Miroslav Stampar	333f8057a5	minor fix (when redirected path has non-ASCII char and conf.url is unicode) and bits along with pieces	2012-05-14 14:06:43 +00:00
Miroslav Stampar	595f69fa2c	minor language update	2012-05-10 18:30:25 +00:00
Miroslav Stampar	35f400b45b	minor language upgrade	2012-05-10 18:25:12 +00:00
Miroslav Stampar	80aedbe284	adding a warning about --tor switch	2012-05-10 18:17:32 +00:00
Miroslav Stampar	b81fe42d4b	turning off null connection on -o when --tor used (not compatible)	2012-05-10 17:50:54 +00:00
Miroslav Stampar	efdd86ddcc	minor just in case patch	2012-05-10 14:22:34 +00:00
Miroslav Stampar	6367f59b98	minor code refactoring	2012-05-10 14:15:17 +00:00
Miroslav Stampar	12d32f58f2	fix for that SOAP reported bug	2012-05-10 13:39:54 +00:00
Miroslav Stampar	1418ae9767	little refactoring of parseUnionPage together with a patch for some special case	2012-05-09 18:47:40 +00:00
Miroslav Stampar	7fb1f3fc70	minor renaming	2012-05-09 18:26:02 +00:00
Miroslav Stampar	11d9859199	making nice code	2012-05-09 18:25:04 +00:00
Miroslav Stampar	b0a8238774	minor fixes	2012-05-09 14:58:16 +00:00
Miroslav Stampar	9fa3619262	minor fix	2012-05-09 14:00:07 +00:00
Miroslav Stampar	56a3431be6	minor update for empty tables (skipping other techniques)	2012-05-09 10:34:21 +00:00
Miroslav Stampar	6177317a17	minor update	2012-05-09 10:06:23 +00:00
Miroslav Stampar	37f2709197	making a generic solution for all "Generic comment"/MsAccess cases (it's the only DBMS which doesn't accept --, hence replacing generic comment with %00 for it)	2012-05-09 09:08:23 +00:00
Miroslav Stampar	fdf61015ad	minor patch	2012-05-09 08:41:05 +00:00
Miroslav Stampar	e419177871	minor update	2012-05-08 17:28:19 +00:00
Miroslav Stampar	deec97dfe3	adding Frontbase to error message regexes	2012-05-08 17:02:58 +00:00
Miroslav Stampar	eccd4da00f	minor fix	2012-05-08 15:03:33 +00:00
Miroslav Stampar	938d9ff23e	doing all the work for the users so they wouldn't strain their little hands	2012-05-08 15:00:23 +00:00
Miroslav Stampar	524dd75ff2	that query variable hasn't been used anywhere (obsolete for some time)	2012-05-08 14:34:40 +00:00
Miroslav Stampar	6af110d631	avoiding --no-cast/--hex warning message before a DBMS is fingerprinted	2012-05-08 14:06:41 +00:00
Miroslav Stampar	64c241fe92	limiting original UNION query results to only 1 result (potentially speeding things up in some cases)	2012-05-08 13:45:53 +00:00
Miroslav Stampar	e00f4a8934	minor cosmetics	2012-05-08 10:50:04 +00:00
Miroslav Stampar	a121339395	automatically writing uncracked hashes to a file for eventual further processing	2012-05-08 10:46:05 +00:00
Miroslav Stampar	80ee687b41	minor beauty patch	2012-05-07 13:51:31 +00:00
Miroslav Stampar	96299d3d5d	minor refactoring	2012-05-03 22:34:18 +00:00
Miroslav Stampar	cc28f6db6b	minor update	2012-05-01 20:43:16 +00:00
Miroslav Stampar	17efeaae7f	causing too much confusion among dummy users	2012-05-01 09:04:11 +00:00
Miroslav Stampar	694b14111f	skipping suffix if comment is used in agent.suffixQuery (and --suffix not explicitly set)	2012-04-27 13:16:51 +00:00
Miroslav Stampar	6f67dc85ee	adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical	2012-04-25 20:29:07 +00:00
Bernardo Damele	4da03d898e	Added support to create files with a visual basic script - no longer reliant on debug.exe so works on Windows 64-bit too. Fixes #236	2012-04-25 07:40:42 +00:00
Miroslav Stampar	cec432f94d	minor update	2012-04-23 14:43:59 +00:00
Miroslav Stampar	697768c01a	adding --purge-output to be one of mandatory switches	2012-04-23 14:42:24 +00:00
Miroslav Stampar	d57d5e4b2c	minor update	2012-04-23 14:33:36 +00:00
Miroslav Stampar	1eecfb3dce	adding new file related to the last commit	2012-04-23 14:25:16 +00:00
Miroslav Stampar	095b25e1d1	adding option '--purge'	2012-04-23 14:24:23 +00:00
Miroslav Stampar	3532d23933	automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)	2012-04-23 13:41:36 +00:00
Miroslav Stampar	be2da77bf8	minor update	2012-04-23 10:15:04 +00:00
Miroslav Stampar	21c6b52198	minor fix	2012-04-23 10:11:00 +00:00
Miroslav Stampar	775134639d	minor update	2012-04-20 20:33:15 +00:00
Miroslav Stampar	2b1b4c0742	minor fix	2012-04-18 10:01:04 +00:00
Miroslav Stampar	6ebb621228	adding support for (custom) POST injection (marking injection point with '*' in conf.data)	2012-04-17 14:23:00 +00:00
Miroslav Stampar	efd27d7ade	minor renaming	2012-04-17 08:41:19 +00:00
Miroslav Stampar	601d118c68	reverting back to UNION ALL scheme (UNION is doing another DISTINCT on data causing problems on some column types)	2012-04-15 16:59:03 +00:00
Miroslav Stampar	71b0acc16f	minor fix (checking for full inband should be done with ORIGINAL - more concise)	2012-04-15 16:43:18 +00:00
Miroslav Stampar	5772c52f46	minor refactoring/fix (randQuery is just a part (e.g. abc) of phrase (def🔤ghi) - phrase should be searched for, not just randQuery); both phrases should be inside the content for it to be full-inband injectable (...UNION ALL SELECT phrase UNION ALL SELECT phrase2....)	2012-04-15 16:33:47 +00:00
Miroslav Stampar	ae8c70e895	another cosmetics	2012-04-13 15:11:44 +00:00
Miroslav Stampar	d765cdc3a3	minor cosmetics	2012-04-13 15:10:40 +00:00
Miroslav Stampar	54576ab3a6	making a random choice from candidates	2012-04-13 10:54:30 +00:00
Miroslav Stampar	bbbcc95fe5	use it only if page is stable	2012-04-13 10:19:26 +00:00
Miroslav Stampar	052d9455fe	warning user in cases of "User xyz already has more than 'max_user_connections' active connections"	2012-04-12 09:44:54 +00:00
Miroslav Stampar	831f79b851	minor generalization	2012-04-12 09:30:19 +00:00
Miroslav Stampar	c7422546e1	tiny update	2012-04-11 23:01:38 +00:00
Miroslav Stampar	2bad73a981	minor update	2012-04-11 21:48:44 +00:00
Miroslav Stampar	e195de2093	correcting comment on reflective removal function	2012-04-11 21:41:48 +00:00
Miroslav Stampar	b45ae10da4	minor fixes	2012-04-11 21:36:37 +00:00
Miroslav Stampar	627bfc589f	some more updates in reflective removal mechanism	2012-04-11 21:26:00 +00:00
Miroslav Stampar	8b130f6497	minor improvement for reflective values (when missing first part of payload like in error reports)	2012-04-11 15:01:28 +00:00
Miroslav Stampar	01bd5d0ab2	some more updates for reflective mechanism	2012-04-11 10:41:33 +00:00
Miroslav Stampar	2e92d8636e	improvement of reflective mechanism	2012-04-11 08:58:03 +00:00
Miroslav Stampar	60ca44e0cf	minor adjustment	2012-04-11 08:35:09 +00:00
Miroslav Stampar	e33ea7c33a	minor fix	2012-04-10 22:29:39 +00:00
Miroslav Stampar	8541222080	minor update	2012-04-10 22:26:42 +00:00
Miroslav Stampar	9c2f244d47	minor fix	2012-04-10 22:20:53 +00:00
Miroslav Stampar	a82206cec4	minor cosmetics	2012-04-10 21:57:00 +00:00
Miroslav Stampar	119eec3598	improving "boolean detection" by automatic recognition of convenient --string candidate	2012-04-10 21:48:34 +00:00
Miroslav Stampar	8c6eb4faa9	adding support for PgSQL DNS data exfiltration	2012-04-07 14:06:11 +00:00
Miroslav Stampar	b2afa87e48	reading page responses in chunks, trimming unnecessary content (especially for large table dumps in full inband cases)	2012-04-06 08:42:36 +00:00
Miroslav Stampar	2223c884e5	minor refactoring	2012-04-05 12:55:26 +00:00
Miroslav Stampar	02924eb345	minor update	2012-04-04 23:47:06 +00:00
Miroslav Stampar	e0994947e2	minor update	2012-04-04 23:37:50 +00:00
Miroslav Stampar	b1dd03731a	minor cosmetics	2012-04-04 23:34:08 +00:00
Miroslav Stampar	83387d92bb	minor bug fix	2012-04-04 23:32:20 +00:00
Miroslav Stampar	c89a4162e2	bug fix for --dns-domain with --technique=TS	2012-04-04 18:01:39 +00:00
Miroslav Stampar	098c7c06dd	added few comments	2012-04-04 13:24:58 +00:00
Miroslav Stampar	a5b69eaea4	removing unused imports	2012-04-04 13:18:14 +00:00
Bernardo Damele	52796bb4da	revert	2012-04-04 13:02:50 +00:00
Miroslav Stampar	a4b95ab7dd	works against MySQL/Windows	2012-04-04 12:49:45 +00:00
Bernardo Damele	a1d97e9d7b	Add a space after a comment	2012-04-04 12:48:21 +00:00
Bernardo Damele	025c531d22	leftover	2012-04-04 12:44:25 +00:00
Bernardo Damele	c0946ce2c9	Minor refactoring	2012-04-04 12:42:58 +00:00
Bernardo Damele	75d1dab895	more cosmetics	2012-04-04 12:33:16 +00:00
Bernardo Damele	d106fb5184	layout adjustments	2012-04-04 12:27:24 +00:00
Miroslav Stampar	1b2cd44255	proper fix	2012-04-04 10:35:52 +00:00
Miroslav Stampar	7031ef8e00	removing default values for referer and host from higher level/risk options	2012-04-04 10:34:27 +00:00
Miroslav Stampar	5e358b51f9	few fixes related to bug report by Shadow Folder (AttributeError: 'list' object has no attribute 'isdigit')	2012-04-04 09:25:05 +00:00
Miroslav Stampar	5851badff1	minor refactoring	2012-04-03 14:46:09 +00:00
Miroslav Stampar	b0787f193c	getting rid of obsolete getCompiledRegex (in newer versions of Python regexes are already cached)	2012-04-03 14:34:15 +00:00
Miroslav Stampar	556b349be3	minor fix for retrieving non-printable chars in inference and non-multi threading mode	2012-04-03 14:04:07 +00:00
Miroslav Stampar	33bb9c5f19	much cleaner approach in that "flat" representation of retrieved items in union technique	2012-04-03 13:56:11 +00:00
Miroslav Stampar	7fb190f3b1	minor fix	2012-04-03 12:35:19 +00:00
Miroslav Stampar	886aa22efc	minor update	2012-04-03 12:19:37 +00:00
Miroslav Stampar	503988887c	minor update	2012-04-03 10:43:46 +00:00
Miroslav Stampar	78f51fd2e5	minor fix	2012-04-03 10:18:03 +00:00
Miroslav Stampar	2504f4edb8	minor fixes	2012-04-03 10:10:33 +00:00
Miroslav Stampar	e05109812f	minor improvements regarding data retrieval through DNS channel	2012-04-03 09:18:30 +00:00
Miroslav Stampar	5f94987b0f	fix for DNS method for MSSQL	2012-04-02 17:28:18 +00:00
Miroslav Stampar	2c28423cb8	minor update	2012-04-02 14:57:15 +00:00
Miroslav Stampar	8a9d09f79b	minor fixes	2012-04-02 14:11:23 +00:00
Miroslav Stampar	1cd3c3f7af	further update of DNS data retrieval mechanism through SQLi	2012-04-02 14:05:30 +00:00
Miroslav Stampar	1e01203562	few just in case "patches"	2012-04-02 12:58:10 +00:00
Miroslav Stampar	d908d078dd	minor fix	2012-04-02 12:27:30 +00:00
Miroslav Stampar	abffc39929	minor update regarding DNS data retrieval task	2012-04-02 12:22:40 +00:00
Miroslav Stampar	f7a664b120	enablind DNS server for DNS data exfiltration	2012-03-31 12:08:27 +00:00
Miroslav Stampar	8be9cd4ac4	bug fix (on Linux machine when os.geteuid() returns an integer value !=0 it was then returned and interpreted as TRUE value)	2012-03-31 10:22:50 +00:00
Miroslav Stampar	429b8396e9	minor update for DNSServer support	2012-03-30 13:20:29 +00:00
Miroslav Stampar	56638f9e95	making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection	2012-03-30 10:50:01 +00:00
Miroslav Stampar	79c3d6f2aa	minor update	2012-03-30 10:37:46 +00:00
Miroslav Stampar	6acf6b193a	minor update regarding boolean logic comparison mechanism	2012-03-30 09:42:58 +00:00
Miroslav Stampar	5469186540	minor comment update	2012-03-29 14:35:47 +00:00
Miroslav Stampar	637a8d8273	improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism	2012-03-29 14:33:27 +00:00
Miroslav Stampar	ce4c697bbd	disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code	2012-03-29 13:39:12 +00:00
Miroslav Stampar	772ead8d03	fixed support for error-based injection on MySQL 4.1 (help table a needs more than 2 items inside); also, fixed some border issues with reflective values	2012-03-29 12:44:20 +00:00
Miroslav Stampar	c9cac957bb	adding one more case for false positive check (Generic tests without any DBMS knowledge)	2012-03-29 09:56:09 +00:00
Miroslav Stampar	60146481af	bug fix(es) (flags were used in place of count parameter in re.sub() calls)	2012-03-28 19:33:00 +00:00
Miroslav Stampar	9433bbe26d	memory optimization for reflective removal mechanism (there was no need for \n\r in the first place as there was no re.S flag used - also, one re.sub "flags <-> count" bug fixed)	2012-03-28 19:27:12 +00:00
Miroslav Stampar	7d131d1fb1	minor update	2012-03-28 13:46:31 +00:00
Miroslav Stampar	7fd64df167	minor code cleaning	2012-03-28 13:31:07 +00:00
Miroslav Stampar	769b0d0ae7	more minor updates regarding data retrieval through DNS channel	2012-03-27 19:29:24 +00:00
Miroslav Stampar	1b072f6415	laying foundation for DNS based data retrieval	2012-03-27 18:59:12 +00:00
Miroslav Stampar	3abcd6910a	strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test	2012-03-22 00:06:50 +00:00
Miroslav Stampar	e88687b1f0	revert of last commit (it would be faster for sure, but not sure if it's clever to do it by default regarding SQLi detection)	2012-03-21 23:15:59 +00:00
Miroslav Stampar	524c1d38ad	making default redirect choice to NO (making fewer requests by default and in lots of cases clearer pages for comparison - original page vs redirect message)	2012-03-21 23:03:57 +00:00
Miroslav Stampar	11132ba993	fix for a bug in reflection removal mechanism	2012-03-19 14:28:18 +00:00
Miroslav Stampar	8e7d360ea2	cleaner refactoring regarding last commit	2012-03-19 12:03:25 +00:00
Miroslav Stampar	401763b6f8	minor fix (it has to be level 1 array like it was with the previous re.findall mechanism)	2012-03-19 12:00:22 +00:00
Miroslav Stampar	037db9b3b8	minor removal of older stuff	2012-03-19 09:38:27 +00:00
Miroslav Stampar	da7f4eeffd	removing left over	2012-03-18 17:33:14 +00:00
Miroslav Stampar	0fc4288a7c	modifying redirection code for only two choices	2012-03-18 17:27:08 +00:00
Bernardo Damele	c03d0e24fb	it must stay as is	2012-03-16 17:42:00 +00:00
Bernardo Damele	3505503a08	no need to return here	2012-03-16 17:30:16 +00:00
Bernardo Damele	942d9e4fa8	code cleanup	2012-03-16 17:27:24 +00:00
Bernardo Damele	a1c943fc79	Major bug fix to comparison algorithm with OR based boolean-based injections	2012-03-16 17:22:55 +00:00
Miroslav Stampar	d66056fe39	one more related commit	2012-03-16 13:16:53 +00:00
Miroslav Stampar	ac02a2d92c	minor fix	2012-03-16 13:14:14 +00:00
Miroslav Stampar	cbdcbdd786	minor minor update	2012-03-16 11:18:18 +00:00
Miroslav Stampar	b130a9e14e	minor fix (writing to HashDB on any interrupt)	2012-03-16 10:15:43 +00:00
Miroslav Stampar	577caac4de	putting kb.negativeLogic setting to the safe place	2012-03-16 09:17:11 +00:00
Miroslav Stampar	209e795369	minor just in case update	2012-03-16 09:02:17 +00:00
Miroslav Stampar	adb5fff6b2	one more update related to the redirection mechanism	2012-03-15 20:17:40 +00:00
Miroslav Stampar	7d313ac911	few more fixes for proper redirecting mechanism	2012-03-15 19:47:59 +00:00
Bernardo Damele	86c4650058	Minor bug fix - revert	2012-03-15 17:12:24 +00:00
Bernardo Damele	cc15373769	More explicit function name also getRatioValue parameter has nothing to do with comparison at this stage as far as I can see (that might have fixed another "bug", to be checked later)	2012-03-15 16:29:28 +00:00
Bernardo Damele	4520744b4d	second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now	2012-03-15 16:25:26 +00:00
Miroslav Stampar	ddd92476a8	minor fix	2012-03-15 15:58:25 +00:00
Miroslav Stampar	19beb912fa	first step toward negative logic support	2012-03-15 15:52:12 +00:00
Miroslav Stampar	8dd570057b	minor fix (double traffic log for -t in case of HTTP error)	2012-03-15 14:51:16 +00:00
Miroslav Stampar	f7df755f37	minor update	2012-03-15 12:55:22 +00:00
Miroslav Stampar	3d39c6cb3b	some fixes here and there	2012-03-15 12:14:50 +00:00
Miroslav Stampar	3d9b1599d1	minor update	2012-03-15 11:45:32 +00:00
Miroslav Stampar	91f1d6141f	minor fix	2012-03-15 11:24:55 +00:00
Miroslav Stampar	a8c9a47092	redirect logic rewritten from scratch	2012-03-15 11:10:58 +00:00
Bernardo Damele	890bf708bc	Minor fixes to make --os-* switch work again against MySQL/Windows/ASP.NET (where stacked queries are supported)	2012-03-15 00:19:57 +00:00
Bernardo Damele	1e71b24dca	More info messages to prove xp_cmdshell (and temporary directory choosen) worked	2012-03-14 22:41:53 +00:00
Miroslav Stampar	52a8b25ff4	minor fix	2012-03-14 14:31:41 +00:00
Miroslav Stampar	ca0d068575	distinguishing NULL from BLANK	2012-03-14 13:52:23 +00:00
Miroslav Stampar	e38b59a2ae	minor update	2012-03-14 13:16:49 +00:00
Miroslav Stampar	cee9ff7885	proper parsing of content in partial union technique	2012-03-14 11:23:30 +00:00
Miroslav Stampar	61ad3b999a	fix for a crash with partial union and --hex	2012-03-14 10:31:24 +00:00
Miroslav Stampar	a7fbc55748	grammar fix	2012-03-13 22:03:23 +00:00
Miroslav Stampar	edfcddd3c3	minor fix for logging only cookies used by request (e.g. --load-cookies case)	2012-03-13 10:58:15 +00:00
Miroslav Stampar	34b0935cb3	refactoring "echo 1" quick test for xp_cmdshell console output	2012-03-13 10:36:49 +00:00
Miroslav Stampar	e827f41cdb	using pickle HIGHEST_PROTOCOL just in case	2012-03-13 09:35:37 +00:00
Miroslav Stampar	e6c610abab	minor fix	2012-03-13 09:14:56 +00:00
Miroslav Stampar	cda8815634	introducing safe deprecation mechanism for HashDB versioning	2012-03-12 22:55:57 +00:00
Miroslav Stampar	48bcde478e	more general update	2012-03-12 15:29:55 +00:00
Miroslav Stampar	1d0c8a7f44	minor update	2012-03-12 15:19:02 +00:00
Miroslav Stampar	6ed1b04bbe	minor update	2012-03-12 13:27:07 +00:00
Miroslav Stampar	c878dd3e5a	doing a dummy test for --os-shell in case of xp_cmdshell	2012-03-09 14:21:41 +00:00
Miroslav Stampar	a0b46963cb	minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup)	2012-03-09 10:28:19 +00:00
Miroslav Stampar	5a83f1c5f7	minor update	2012-03-08 15:43:22 +00:00
Bernardo Damele	c79807f5fb	Minor layout adjustments	2012-03-08 15:11:24 +00:00
Miroslav Stampar	775e424bf2	bug fix for using --no-cast and --hex switches together	2012-03-08 15:04:52 +00:00
Miroslav Stampar	11c7cc5224	minor temporary fix	2012-03-08 11:08:43 +00:00
Miroslav Stampar	98a3e43f53	bug fix for writing raw pickled data into SQLite HashDB	2012-03-08 10:57:47 +00:00
Miroslav Stampar	cd28eb6544	minor update regarding --load-cookies	2012-03-08 10:19:34 +00:00
Miroslav Stampar	2c87d061e9	minor update	2012-03-08 10:03:59 +00:00
Miroslav Stampar	9ca8bc4d51	minor bug fix	2012-03-08 09:52:33 +00:00
Miroslav Stampar	b4cf8b05b3	added switch --load-cookies	2012-03-07 14:48:45 +00:00
Miroslav Stampar	4cfea96471	minor update	2012-03-05 09:56:48 +00:00
Miroslav Stampar	0ead1fd87e	minor update	2012-03-05 09:42:52 +00:00
Miroslav Stampar	ac5a752b12	Oracle's XMLType doesn't like '#' char too	2012-03-01 11:59:37 +00:00
Miroslav Stampar	f4e410db16	minor fix	2012-03-01 10:17:39 +00:00
Miroslav Stampar	1ec56f93ec	minor update	2012-03-01 10:10:19 +00:00
Miroslav Stampar	2d3c12d2d0	shorter single line info	2012-03-01 09:10:24 +00:00
Miroslav Stampar	37db27b720	turning back on automatic adjusting of delays in time based queries	2012-02-29 15:51:23 +00:00
Miroslav Stampar	0205d96d7b	minor fix	2012-02-29 15:38:01 +00:00
Miroslav Stampar	1bdc07c279	minor update	2012-02-29 15:02:24 +00:00
Miroslav Stampar	8b9c5c66cc	code refactoring regarding charsetType inside inference/bisection	2012-02-29 14:36:23 +00:00
Miroslav Stampar	f6f98f1b41	minor improvement	2012-02-29 14:19:59 +00:00
Miroslav Stampar	d06182347f	fixing few potential problems	2012-02-29 13:56:40 +00:00
Miroslav Stampar	f142c0f782	minor update	2012-02-28 14:04:13 +00:00
Miroslav Stampar	22b3fa0749	minor update	2012-02-27 15:28:36 +00:00
Miroslav Stampar	a9bf0297f6	moving injection data to HashDB	2012-02-27 13:44:07 +00:00
Miroslav Stampar	68e08d2749	minor fix for not displaying 'None' but None in enumeration when data unavailable	2012-02-27 13:15:10 +00:00
Miroslav Stampar	a424de3102	minor fix	2012-02-27 12:55:28 +00:00
Miroslav Stampar	1e82405bb9	HashDB is now supported in -d too	2012-02-27 12:14:01 +00:00
Miroslav Stampar	3909658fc2	few minor just in case updates	2012-02-27 11:15:53 +00:00
Miroslav Stampar	85125018a1	minor bug fix	2012-02-25 22:54:32 +00:00
Miroslav Stampar	5d307cf886	minor update	2012-02-25 10:54:39 +00:00

... 8 9 10 11 12 ...

3566 Commits