sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,054 Commits 4 Branches 117 Tags 97 MiB
5692506131
Commit Graph

185 Commits

Author SHA1 Message Date
Miroslav Stampar
4093599f38 added parseTargetUrl to redirect choice 2011-01-24 14:45:35 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Bernardo Damele
1c86ec374e Code refactoring and cosmetics 2011-01-07 15:41:09 +00:00
Miroslav Stampar
709a7d156b fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...) 2011-01-04 12:51:51 +00:00
Miroslav Stampar
d288c6d6e3 minor update 2011-01-04 08:40:41 +00:00
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
07129371bf bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests) 2011-01-03 13:04:20 +00:00
Miroslav Stampar
da138c46c1 added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly) 2011-01-02 07:37:47 +00:00
Miroslav Stampar
ef27fd5ea1 there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) (http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html, http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html) 2011-01-01 15:20:29 +00:00
Miroslav Stampar
93838fb155 "patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError) 2010-12-28 14:40:34 +00:00
Miroslav Stampar
f2373121d0 noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more) 2010-12-26 14:36:51 +00:00
Miroslav Stampar
569e060aab important improvement 2010-12-26 13:20:52 +00:00
Miroslav Stampar
b472b96f92 bug fix, refactoring and improved extractErrorMessage capabilities 2010-12-25 10:16:20 +00:00
Miroslav Stampar
2c23a59ba5 fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 12:13:48 +00:00
Miroslav Stampar
a09716a701 minor update 2010-12-24 10:07:56 +00:00
Miroslav Stampar
cb17e61f35 bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959) 2010-12-24 02:54:26 +00:00
Miroslav Stampar
017ea9e686 update 2010-12-23 14:06:22 +00:00
Miroslav Stampar
8fc60215ed lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called. 2010-12-22 19:12:46 +00:00
Bernardo Damele
250608660d Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not) 2010-12-22 13:41:36 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Miroslav Stampar
6b37ddada4 removed some blank trailing spaces (with extra/shutils/blanks.sh) 2010-12-21 10:31:56 +00:00
Miroslav Stampar
d554460aec minor fix 2010-12-21 01:09:39 +00:00
Miroslav Stampar
416755c0b7 minor adjustments 2010-12-21 00:25:03 +00:00
Miroslav Stampar
29001a4fce minor update 2010-12-20 23:21:01 +00:00
Miroslav Stampar
8fd3e7ba1f thread based data added 2010-12-20 22:45:01 +00:00
Miroslav Stampar
c948bced61 should solve the problem with timeout problems in time-based payloads 2010-12-20 16:45:41 +00:00
Miroslav Stampar
eaf8929085 more minor updates 2010-12-20 10:48:53 +00:00
Miroslav Stampar
108a96c6b4 some fixes 2010-12-17 21:45:20 +00:00
Miroslav Stampar
f7344a5fc3 update 2010-12-11 21:28:11 +00:00
Miroslav Stampar
435f48b8cc polite cosmetics 2010-12-10 15:28:56 +00:00
Bernardo Damele
9230877d98 cosmetics 2010-12-09 13:57:38 +00:00
Miroslav Stampar
196131bbca minor cosmetics 2010-12-09 10:42:00 +00:00
Miroslav Stampar
3fd1c37d53 update 2010-12-09 07:49:18 +00:00
Miroslav Stampar
40fadf2f35 minor update 2010-12-08 14:33:10 +00:00
Miroslav Stampar
01cf1394a4 code refactoring 2010-12-08 14:26:40 +00:00
Miroslav Stampar
47bb31fb47 code refactoring 2010-12-08 11:30:25 +00:00
Miroslav Stampar
1ae2fa7f1a update regarding time based payloads 2010-12-08 11:26:54 +00:00
Miroslav Stampar
a4a63f5b1e minor update 2010-12-07 23:49:00 +00:00
Miroslav Stampar
293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) 2010-12-07 23:32:33 +00:00
Miroslav Stampar
dc651d59ec little mathematics here and there (used "Rules for normally distributed data") 2010-12-07 19:19:12 +00:00
Miroslav Stampar
294119d2ec more advanced time technique(s) 2010-12-07 16:04:53 +00:00
Miroslav Stampar
0dc630203f code refactoring 2010-12-07 13:34:06 +00:00
Miroslav Stampar
9e5f933ace some updates 2010-12-04 15:47:02 +00:00
Bernardo Damele
5d37df6104 Ugly code to set the cookies when got them from a 302 redirect too 2010-12-03 17:41:10 +00:00
Miroslav Stampar
e735f2960a minor update 2010-11-29 15:25:45 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. 
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
 2010-11-28 18:10:54 +00:00
Bernardo Damele
253eafb643 paranoid cosmetics 2010-11-24 12:03:01 +00:00
Miroslav Stampar
3d25071d06 another minor improvement regarding logging of http traffic 2010-11-17 12:16:48 +00:00