Commit Graph

1731 Commits

Author SHA1 Message Date
Miroslav Stampar
62e3510387 minor refactoring 2011-03-09 11:37:37 +00:00
Miroslav Stampar
5c97f9a496 improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries) 2011-03-09 09:36:56 +00:00
Miroslav Stampar
9b2962ff1c now when we don't urlencode whole URI using : and \ as safe chars is not a good idea 2011-03-09 08:56:29 +00:00
Miroslav Stampar
30619c599b minor update regarding encoding (adding few safe chars for e.g. CHR(50)|...) 2011-03-08 11:53:59 +00:00
Miroslav Stampar
99adbbeaa3 los cosmeticados 2011-03-07 22:04:17 +00:00
Miroslav Stampar
cc0306044c adding SVN revision number support for non SVN client platforms 2011-03-07 21:54:30 +00:00
Miroslav Stampar
154d947c62 minor update 2011-03-07 10:15:41 +00:00
Miroslav Stampar
16b286982d fix for a bug reported by nightman (AttributeError: 'list' object has no attribute 'split') 2011-03-07 09:50:43 +00:00
Miroslav Stampar
8edc3b3302 further update regarding last commit 2011-03-03 10:39:04 +00:00
Miroslav Stampar
bc50387a17 possible fix for a bug reported by Black Zero (UnicodeDecodeError for --forms) 2011-03-03 09:42:50 +00:00
Miroslav Stampar
3a1f5744be minor update to make counting variable totally independent of the urllib2's self.retried 2011-03-02 10:42:17 +00:00
Miroslav Stampar
a010386a23 finally a proper fix for that annoying recursive bug 2011-03-02 10:29:38 +00:00
Miroslav Stampar
f27f05308a minor update for masking sensitive data in error report (added aCred too) 2011-03-02 10:09:17 +00:00
Miroslav Stampar
ad2e4002ea minor improvement 2011-03-01 10:38:27 +00:00
Miroslav Stampar
0f3cc153a3 fix for --technique 2011-03-01 09:54:06 +00:00
Miroslav Stampar
9856cb71de redo of the last commit with comments added 2011-02-28 18:58:05 +00:00
Miroslav Stampar
ade31b2cb0 removal of obsolete item 2011-02-28 18:49:25 +00:00
Miroslav Stampar
2bf212ffa9 minor minor update 2011-02-27 20:43:38 +00:00
Miroslav Stampar
7036190e8e minor improvement of regular expression 2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90 further reflective value handling improvement 2011-02-27 17:43:41 +00:00
Bernardo Damele
6e8ebd35f4 Hide switch -x (XML output format) as it is incomplete and bugged and won't make it for 0.9 stable 2011-02-27 12:17:41 +00:00
Bernardo Damele
60605b6e7c Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only) 2011-02-27 12:14:13 +00:00
Miroslav Stampar
88faedc0fe fix for a bug reported by -insane- 2011-02-26 17:48:19 +00:00
Miroslav Stampar
11996ce12e bug fix for international encoded letters 2011-02-25 22:43:01 +00:00
Miroslav Stampar
63b8156c00 some update (if header key is non-unicode comformant) 2011-02-25 09:43:04 +00:00
Miroslav Stampar
2bbbc9a41e few updates 2011-02-25 09:35:24 +00:00
Miroslav Stampar
aa88361ab1 incorporation of method for neutralization of reflective values 2011-02-25 09:22:44 +00:00
Miroslav Stampar
708ddf5608 added protection mechanism against reflected values 2011-02-24 16:52:46 +00:00
Miroslav Stampar
38dc82e13e If no Accept header field is present, then it is assumed that the client accepts all media types. 2011-02-22 22:26:22 +00:00
Miroslav Stampar
d05bd75068 adding experimental for --group-concat 2011-02-22 14:35:38 +00:00
Miroslav Stampar
12ede1e5de minor JIC (just-in-case) update 2011-02-22 13:18:47 +00:00
Miroslav Stampar
3f8eadf4fe minor refactoring 2011-02-22 13:00:58 +00:00
Miroslav Stampar
dcad5410fe minor refactoring 2011-02-22 12:54:22 +00:00
Miroslav Stampar
17c39fe231 fix for that non-HTML stuff 2011-02-22 11:32:55 +00:00
Bernardo Damele
3e8c204121 Major bug fix to properly prepare UNION technique statement for --os-pwn and --is-dba 2011-02-21 16:00:56 +00:00
Miroslav Stampar
90582ed7dc minor change 2011-02-21 11:35:21 +00:00
Miroslav Stampar
aac817935a further improvement of MaxDB support 2011-02-20 22:41:42 +00:00
Miroslav Stampar
70449eb01b minor bug fix 2011-02-20 21:35:28 +00:00
Miroslav Stampar
345df5968d minor update 2011-02-20 21:27:38 +00:00
Miroslav Stampar
0c57f2af0f minor fix 2011-02-20 12:20:44 +00:00
Bernardo Damele
023a80c31c Section explanation change to reflect recent enhancements 2011-02-19 21:06:24 +00:00
Bernardo Damele
60b05ff49f Reflect new switch name 2011-02-19 21:05:15 +00:00
Bernardo Damele
8e60acae5d Added support for --scope also in WebScarab logs (-l) 2011-02-19 21:03:55 +00:00
Miroslav Stampar
b71bb321dd some more Sybase updates 2011-02-19 18:04:27 +00:00
Miroslav Stampar
cec7694aac some progress regarding SYBASE 2011-02-19 14:56:58 +00:00
Miroslav Stampar
e0efe453ab minor update regarding Sybase support 2011-02-19 14:07:08 +00:00
Miroslav Stampar
df58bcaf95 minor improvement 2011-02-18 14:27:02 +00:00
Miroslav Stampar
3badf92ceb not doing "basic" filtering in default cases because of a bug reported by Kazim 2011-02-18 07:38:13 +00:00
Miroslav Stampar
6cdf08b81c minor fix 2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217 --technique can now be something like 123 which includes both techniques 1, 2 and 3 2011-02-17 21:39:16 +00:00
Miroslav Stampar
7ebc1ab90a minor cosmetics 2011-02-17 08:59:14 +00:00
Miroslav Stampar
199f14df46 implementation of MySQL GROUP_CONCAT technique 2011-02-15 00:28:27 +00:00
Bernardo Damele
2ea828e416 Proper fix for r3307 (file-write on MySQL via UNION query tech) 2011-02-13 22:48:01 +00:00
Miroslav Stampar
417b311475 minor update 2011-02-13 22:02:47 +00:00
Miroslav Stampar
50d25c3b4d update regarding explicit testing of ua and referer when using -p 2011-02-13 21:58:48 +00:00
Bernardo Damele
429ab631fe Minor refactoring 2011-02-13 21:25:01 +00:00
Miroslav Stampar
5fb11fd173 update regarding multiple DBMS payloads 2011-02-13 21:20:21 +00:00
Bernardo Damele
45a005737d Minor adjustment so that User-Agent and Referer headers are tests only when --level >= 3 and Cookie is tested only when --level >= 2 2011-02-13 21:08:42 +00:00
Miroslav Stampar
83d7803ce7 other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2) 2011-02-12 20:03:28 +00:00
Miroslav Stampar
9f7d666451 removing --method per request of buawig 2011-02-12 19:50:27 +00:00
Miroslav Stampar
1cd483f42f one more update 2011-02-12 10:24:09 +00:00
Miroslav Stampar
25a3a64327 we need this because of one pesky little bug going around (when union is recognized and the dbmses are fingerprinted, for those who don't have proper unescaping false TRUE is recognized in form of retrieved: %27%2B%28SELECT%20CAST...). tested on all major DBMSes. 2011-02-12 10:15:42 +00:00
Miroslav Stampar
521635c84d quick fix for UA and Referer 2011-02-11 23:36:23 +00:00
Bernardo Damele
7253362114 Minor bug fix so that --file-write on MySQL via UNION query now works again 2011-02-11 23:35:45 +00:00
Miroslav Stampar
535eb9f3eb implementation of referer feature 2011-02-11 23:07:03 +00:00
Miroslav Stampar
a6ab24e0b5 just a minor fix to stop nagging with "Do you want to skip test payloads specific for other DBMSes?" if n is pressed 2011-02-10 22:47:43 +00:00
Miroslav Stampar
5f2fcd1eea minor adjustment regarding "file" switches 2011-02-10 19:55:47 +00:00
Miroslav Stampar
4295a78c5f minor update 2011-02-10 19:51:34 +00:00
Bernardo Damele
c078de894f Added support for --privileges on MSSQL to test wheter or not the DBMS users are DBA 2011-02-10 14:24:04 +00:00
Bernardo Damele
864eade744 Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase 2011-02-10 11:14:05 +00:00
Bernardo Damele
aa0fb276ba More fixes for --common-columns to work against MSSQL too 2011-02-09 17:22:07 +00:00
Miroslav Stampar
917b2b0d6b one more commit related to the previous one 2011-02-09 17:07:02 +00:00
Miroslav Stampar
6c582343fe .. fix 2011-02-09 17:05:06 +00:00
Miroslav Stampar
d9af01d73d imporant fix for boolean expression which return [None] 2011-02-09 16:53:22 +00:00
Miroslav Stampar
7d9be18789 added one comment 2011-02-09 14:34:18 +00:00
Miroslav Stampar
bafc8a1b0f another update 2011-02-09 13:29:52 +00:00
Miroslav Stampar
600f729139 fix for a bug reported by skysbsb@gmail.com (double ORDER BY) 2011-02-09 12:43:09 +00:00
Miroslav Stampar
5b57a69f3e fix 2011-02-09 11:20:03 +00:00
Miroslav Stampar
3de6117253 revert of the r3247 (output always has to be appended to the outputs - no matter of it's value) 2011-02-09 09:53:59 +00:00
Miroslav Stampar
98ca1702ae los cosmeticado 2011-02-08 16:30:32 +00:00
Miroslav Stampar
87e36796c6 just to not cause confusion 2011-02-08 16:29:42 +00:00
Miroslav Stampar
dcb9c93328 minor cleanup 2011-02-08 16:27:58 +00:00
Miroslav Stampar
37f7001143 first commit with mysql/error/substringing 2011-02-08 16:23:33 +00:00
Bernardo Damele
c3eb82e60b Proper fix 2011-02-08 10:08:48 +00:00
Miroslav Stampar
dba2f74588 revert of r3274 2011-02-08 09:44:34 +00:00
Bernardo Damele
156d8cd99b Directory restyling 2011-02-08 00:15:02 +00:00
Bernardo Damele
cfe2da0195 Minor fix 2011-02-08 00:13:39 +00:00
Bernardo Damele
0a81415f2f Minor code cleanup 2011-02-08 00:02:54 +00:00
Miroslav Stampar
2c4f6d2e99 fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too 2011-02-07 21:53:05 +00:00
Miroslav Stampar
a577d0e9a5 restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary) 2011-02-07 21:18:01 +00:00
Miroslav Stampar
66adf23532 Unbiased approach for searching appropriate usable column 2011-02-07 21:00:59 +00:00
Miroslav Stampar
f958b21613 there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today) 2011-02-07 16:55:02 +00:00
Miroslav Stampar
771020abd6 one more related commit 2011-02-07 16:32:08 +00:00
Miroslav Stampar
265e7ca272 fix for that MSSQL limit/top problem 2011-02-07 16:24:23 +00:00
Miroslav Stampar
71d1b72e0e minor adjustment 2011-02-07 12:51:38 +00:00
Bernardo Damele
b33ac19d39 Minor fix 2011-02-07 12:36:00 +00:00
Miroslav Stampar
99e9412f74 minor update 2011-02-07 12:34:23 +00:00
Miroslav Stampar
e023e0d233 proper fix 2011-02-07 12:32:08 +00:00
Bernardo Damele
39decebe85 Minor fixes to checking/re-enabling of xp_cmdshell procedure 2011-02-07 12:17:19 +00:00
Miroslav Stampar
c0233dcd4f preventing crashes for output=[] 2011-02-07 10:24:15 +00:00
Miroslav Stampar
096efea282 added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] 2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4 More statements to exclude from unescap'ing 2011-02-07 00:33:54 +00:00
Bernardo Damele
3719f085ae Added back-end dbms' OS based methods to Backend object - will be used for refactoring 2011-02-07 00:21:17 +00:00
Bernardo Damele
2e00656235 Minor fix 2011-02-07 00:20:23 +00:00
Bernardo Damele
bf5ca4bd9a No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') 2011-02-06 23:30:43 +00:00
Bernardo Damele
061f56daf9 More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
2011-02-06 23:27:56 +00:00
Bernardo Damele
6a71629575 Converted from DOS format (\n\r to \n only) 2011-02-06 23:25:55 +00:00
Bernardo Damele
0800d9e49b Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() 2011-02-06 22:58:12 +00:00
Bernardo Damele
9eac2339ca 2011-02-06 22:55:26 +00:00
Bernardo Damele
f3d6be7868 Code cleanup 2011-02-06 22:32:44 +00:00
Miroslav Stampar
078a2207cc few reverts 2011-02-06 22:10:28 +00:00
Miroslav Stampar
b9b2fe0e7c little cleanup 2011-02-06 21:52:39 +00:00
Miroslav Stampar
c4c2cf1d58 can't stay as it is right now. temporary disabling. 2011-02-06 21:17:41 +00:00
Miroslav Stampar
d2b96a66a2 one more update regarding last few "unescape" related commits 2011-02-06 20:23:23 +00:00
Bernardo Damele
6191a7f26f Major fix for a silent bug 2011-02-06 15:53:43 +00:00
Bernardo Damele
c44978862e Minor reordering of what gets saved into the injection object 2011-02-06 15:20:44 +00:00
Miroslav Stampar
412a97b7fe fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType') 2011-02-05 14:17:28 +00:00
Miroslav Stampar
4df8a03c04 using OrderedDict to store parameters in order of appearance 2011-02-04 18:07:21 +00:00
Miroslav Stampar
acb986ae80 minor refactoring 2011-02-04 17:40:55 +00:00
Bernardo Damele
fec88f6a6d Minor fix 2011-02-04 15:57:53 +00:00
Miroslav Stampar
09e88cfb19 fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len()) 2011-02-04 14:05:47 +00:00
Miroslav Stampar
f83f1a1e06 minor just in case update 2011-02-04 13:08:54 +00:00
Miroslav Stampar
c69b76776e minor refactoring 2011-02-04 13:04:19 +00:00
Miroslav Stampar
accf4e6ce0 one important fix (URI injection parameter '*' now can go anywhere) 2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1 little clean up 2011-02-04 12:25:14 +00:00
Miroslav Stampar
c229efba05 revert 2011-02-04 11:33:21 +00:00
Miroslav Stampar
d211def899 minor adjustment (accepting strange new looking uri formats) 2011-02-04 10:55:03 +00:00
Miroslav Stampar
1af418d444 huge bug fix 2011-02-04 10:18:26 +00:00
Miroslav Stampar
e4933f0c92 refactoring 2011-02-03 23:25:56 +00:00
Miroslav Stampar
9a1a28c804 adding comments to filtering function 2011-02-03 23:09:08 +00:00
Miroslav Stampar
1aecbe6b08 minor refactoring (now at the most basic level at least junky <script> and <style> tags are removed for the sake of better blind based detection) 2011-02-03 22:59:26 +00:00
Miroslav Stampar
e5f54644f0 minor "statistical" update 2011-02-03 16:59:49 +00:00
Miroslav Stampar
3bd6e538f8 more appropriate 2011-02-03 16:48:27 +00:00
Miroslav Stampar
3a13fd87fd new UNION column detection is going into wild 2011-02-03 16:16:38 +00:00
Miroslav Stampar
b56a77e573 removing obsolete switches (--threshold, --excl-reg, --excl-str) 2011-02-03 15:55:19 +00:00
Bernardo Damele
253a8d0679 Minor bug fix 2011-02-03 15:24:36 +00:00
Miroslav Stampar
0edb4ee314 minor fix 2011-02-03 13:28:10 +00:00
Miroslav Stampar
1b9850b73a revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) ) 2011-02-03 12:21:29 +00:00
Miroslav Stampar
5edba2ffbc minor change (conf.updateAll to conf.update) 2011-02-03 11:13:39 +00:00
Miroslav Stampar
402c1b622e removing urlencode from UA 2011-02-02 15:18:06 +00:00
Miroslav Stampar
5f49e20cc8 adding --random-agent and removing -a 2011-02-02 14:51:12 +00:00
Miroslav Stampar
2dae57a56d cosmetics 2011-02-02 14:35:21 +00:00
Miroslav Stampar
6c87bd1c63 added maskSensitiveData function 2011-02-02 14:25:16 +00:00
Bernardo Damele
5f0114a2a8 Minor bug fix 2011-02-02 14:06:40 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
847b648e4a minor update 2011-02-02 12:42:55 +00:00
Miroslav Stampar
e73a147fb5 minor update 2011-02-02 11:49:59 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f minor refactoring 2011-02-02 10:10:28 +00:00