149 Commits

Author	SHA1	Message	Date
Miroslav Stampar	d06ae9cd47	implemented retrieved items info for partial union too	2011-04-13 14:33:15 +00:00
Miroslav Stampar	f5f2201bbc	minor cosmetics for partial inband retrieval	2011-04-13 11:25:42 +00:00
Miroslav Stampar	6fa2fd139c	implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)	2011-04-08 15:17:57 +00:00
Miroslav Stampar	228cc68747	fix for those ugly DEBUG messages in brute mode	2011-04-08 11:02:21 +00:00
Miroslav Stampar	e33a48d40f	minor refactoring	2011-04-07 12:54:30 +00:00
Bernardo Damele	c6b9d89d31	Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly	2011-04-07 11:10:35 +00:00
Bernardo Damele	8b14a9eaa7	Minor code adjustments	2011-04-06 14:40:45 +00:00
Miroslav Stampar	b327bbcd9b	minor fix (it was quite ... to have this check at the later stage)	2011-04-06 08:39:24 +00:00
Bernardo Damele	3948cd9e77	Minor layout adjustments	2011-03-31 14:13:53 +00:00
Miroslav Stampar	c5de903eab	minor improvement ("quick defense against substr fields")	2011-03-31 09:35:09 +00:00
Miroslav Stampar	12f3024c8a	removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)	2011-03-29 20:45:21 +00:00
Miroslav Stampar	1823c116bb	minor update for special cases of union testing results	2011-03-28 21:45:38 +00:00
Miroslav Stampar	1119a85f39	it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)	2011-03-25 21:31:26 +00:00
Miroslav Stampar	6c6133e8aa	revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)	2011-03-25 20:46:37 +00:00
Miroslav Stampar	737b4abf13	this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)	2011-03-25 20:30:15 +00:00
Miroslav Stampar	422967fbcd	just an minor update related to the last commit	2011-03-25 12:21:53 +00:00
Miroslav Stampar	0f7bce5c66	fixing a huge mess going on because of counting on error and union techniques	2011-03-23 11:36:40 +00:00
Miroslav Stampar	7613134515	it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)	2011-03-22 12:37:05 +00:00
Miroslav Stampar	9479a68eb5	minor fix regarding last commit	2011-03-22 12:21:56 +00:00
Miroslav Stampar	c24ed6e622	minor fix related to a bug reported by warninggp@gmail.com	2011-03-22 09:22:48 +00:00
Bernardo Damele	03fac62592	Minor code restyle	2011-03-17 12:34:29 +00:00
Miroslav Stampar	847ce863e3	refactoring	2011-03-17 08:54:20 +00:00
Bernardo Damele	d8a76ebe34	Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs	2011-03-11 16:03:19 +00:00
Miroslav Stampar	aa88361ab1	incorporation of method for neutralization of reflective values	2011-02-25 09:22:44 +00:00
Miroslav Stampar	708ddf5608	added protection mechanism against reflected values	2011-02-24 16:52:46 +00:00
Miroslav Stampar	66adf23532	Unbiased approach for searching appropriate usable column	2011-02-07 21:00:59 +00:00
Miroslav Stampar	f958b21613	there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)	2011-02-07 16:55:02 +00:00
Bernardo Damele	f3d6be7868	Code cleanup	2011-02-06 22:32:44 +00:00
Miroslav Stampar	412a97b7fe	fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType')	2011-02-05 14:17:28 +00:00
Miroslav Stampar	e5f54644f0	minor "statistical" update	2011-02-03 16:59:49 +00:00
Miroslav Stampar	3bd6e538f8	more appropriate	2011-02-03 16:48:27 +00:00
Miroslav Stampar	3a13fd87fd	new UNION column detection is going into wild	2011-02-03 16:16:38 +00:00
Bernardo Damele	253a8d0679	Minor bug fix	2011-02-03 15:24:36 +00:00
Miroslav Stampar	8134c2154a	adding WHERE enum for payloads	2011-02-02 13:34:09 +00:00
Miroslav Stampar	d6c9515f78	minor update	2011-02-02 13:03:24 +00:00
Miroslav Stampar	847b648e4a	minor update	2011-02-02 12:42:55 +00:00
Miroslav Stampar	e33428b833	adding __findUnionCharCount function	2011-02-02 11:22:35 +00:00
Bernardo Damele	a37f5e05b9	Refactoring	2011-02-01 22:27:36 +00:00
Bernardo Damele	9b342a4c95	Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. ... Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.	2011-02-01 22:07:42 +00:00
Bernardo Damele	e3a3ae11cc	Proper return from error-based technique enumeration	2011-01-31 21:13:29 +00:00
Miroslav Stampar	60a2364f2b	now union technique parses headers too	2011-01-31 12:41:39 +00:00
Bernardo Damele	71d82e6f57	Minor layout adjustment	2011-01-30 16:19:58 +00:00
Miroslav Stampar	bc8f1142c9	minor revert	2011-01-30 11:41:58 +00:00
Miroslav Stampar	ddf23ba7cc	refactoring	2011-01-30 11:36:03 +00:00
Miroslav Stampar	367d0639f0	refactoring (class names should always be Capital cased)	2011-01-28 16:36:09 +00:00
Miroslav Stampar	8e74c571bc	centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels	2011-01-27 19:44:24 +00:00
Miroslav Stampar	49aeb41be8	quick bug fix for FALSE positives with UNION based technique	2011-01-27 18:49:44 +00:00
Miroslav Stampar	d3ddaba7be	minor refactoring	2011-01-25 13:04:13 +00:00
Miroslav Stampar	5692506131	this was bad thing to have	2011-01-25 01:08:38 +00:00
Miroslav Stampar	ff7707579f	minor improvement	2011-01-23 11:35:24 +00:00