Miroslav Stampar
|
dcb9c93328
|
minor cleanup
|
2011-02-08 16:27:58 +00:00 |
|
Miroslav Stampar
|
37f7001143
|
first commit with mysql/error/substringing
|
2011-02-08 16:23:33 +00:00 |
|
Bernardo Damele
|
c3eb82e60b
|
Proper fix
|
2011-02-08 10:08:48 +00:00 |
|
Miroslav Stampar
|
dba2f74588
|
revert of r3274
|
2011-02-08 09:44:34 +00:00 |
|
Bernardo Damele
|
156d8cd99b
|
Directory restyling
|
2011-02-08 00:15:02 +00:00 |
|
Bernardo Damele
|
cfe2da0195
|
Minor fix
|
2011-02-08 00:13:39 +00:00 |
|
Bernardo Damele
|
0a81415f2f
|
Minor code cleanup
|
2011-02-08 00:02:54 +00:00 |
|
Miroslav Stampar
|
2c4f6d2e99
|
fix (lol. we were using same comparison payload through the all test. it's a nono :) p.s. this way we are dealing with "reflective" problem too
|
2011-02-07 21:53:05 +00:00 |
|
Miroslav Stampar
|
a577d0e9a5
|
restraining "using unescaped version of the test because of zero knowledge of the back-end DBMS" once per test (before was once per boundary)
|
2011-02-07 21:18:01 +00:00 |
|
Miroslav Stampar
|
66adf23532
|
Unbiased approach for searching appropriate usable column
|
2011-02-07 21:00:59 +00:00 |
|
Miroslav Stampar
|
f958b21613
|
there is a pretty strong chance that the columns from the beginning are the INTEGER ones, while we search for STRING ones (not related to that MSSQL union/error problem we discussed earlier today)
|
2011-02-07 16:55:02 +00:00 |
|
Miroslav Stampar
|
771020abd6
|
one more related commit
|
2011-02-07 16:32:08 +00:00 |
|
Miroslav Stampar
|
265e7ca272
|
fix for that MSSQL limit/top problem
|
2011-02-07 16:24:23 +00:00 |
|
Miroslav Stampar
|
71d1b72e0e
|
minor adjustment
|
2011-02-07 12:51:38 +00:00 |
|
Bernardo Damele
|
b33ac19d39
|
Minor fix
|
2011-02-07 12:36:00 +00:00 |
|
Miroslav Stampar
|
99e9412f74
|
minor update
|
2011-02-07 12:34:23 +00:00 |
|
Miroslav Stampar
|
e023e0d233
|
proper fix
|
2011-02-07 12:32:08 +00:00 |
|
Bernardo Damele
|
39decebe85
|
Minor fixes to checking/re-enabling of xp_cmdshell procedure
|
2011-02-07 12:17:19 +00:00 |
|
Miroslav Stampar
|
1a5a66870e
|
problem fixed
|
2011-02-07 11:57:41 +00:00 |
|
Miroslav Stampar
|
c0233dcd4f
|
preventing crashes for output=[]
|
2011-02-07 10:24:15 +00:00 |
|
Miroslav Stampar
|
096efea282
|
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
|
2011-02-07 10:22:43 +00:00 |
|
Bernardo Damele
|
008d434325
|
Important fix now that the file writing is unescaped too
|
2011-02-07 00:56:15 +00:00 |
|
Bernardo Damele
|
f0f5d3d3e8
|
Began with the update of the user's manual for 0.9
|
2011-02-07 00:55:10 +00:00 |
|
Bernardo Damele
|
ba3a8a69d4
|
More statements to exclude from unescap'ing
|
2011-02-07 00:33:54 +00:00 |
|
Bernardo Damele
|
3719f085ae
|
Added back-end dbms' OS based methods to Backend object - will be used for refactoring
|
2011-02-07 00:21:17 +00:00 |
|
Bernardo Damele
|
2e00656235
|
Minor fix
|
2011-02-07 00:20:23 +00:00 |
|
Bernardo Damele
|
bf5ca4bd9a
|
No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (')
|
2011-02-06 23:30:43 +00:00 |
|
Bernardo Damele
|
061f56daf9
|
More adjustments related to unescape() and cleanupPayload().
Minor code cleanup related to error-based payload.
|
2011-02-06 23:27:56 +00:00 |
|
Bernardo Damele
|
6a71629575
|
Converted from DOS format (\n\r to \n only)
|
2011-02-06 23:25:55 +00:00 |
|
Bernardo Damele
|
7dcfcca87f
|
Tests' titles adjustments
|
2011-02-06 23:17:39 +00:00 |
|
Bernardo Damele
|
0800d9e49b
|
Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery()
|
2011-02-06 22:58:12 +00:00 |
|
Bernardo Damele
|
9eac2339ca
|
|
2011-02-06 22:55:26 +00:00 |
|
Bernardo Damele
|
db77f8b055
|
Code cleanup
|
2011-02-06 22:33:08 +00:00 |
|
Bernardo Damele
|
f3d6be7868
|
Code cleanup
|
2011-02-06 22:32:44 +00:00 |
|
Miroslav Stampar
|
ecaf5729fd
|
revert
|
2011-02-06 22:14:18 +00:00 |
|
Miroslav Stampar
|
078a2207cc
|
few reverts
|
2011-02-06 22:10:28 +00:00 |
|
Miroslav Stampar
|
b9b2fe0e7c
|
little cleanup
|
2011-02-06 21:52:39 +00:00 |
|
Miroslav Stampar
|
c4c2cf1d58
|
can't stay as it is right now. temporary disabling.
|
2011-02-06 21:17:41 +00:00 |
|
Miroslav Stampar
|
d2b96a66a2
|
one more update regarding last few "unescape" related commits
|
2011-02-06 20:23:23 +00:00 |
|
Miroslav Stampar
|
caaac72029
|
minor update regarding last commit
|
2011-02-06 20:15:03 +00:00 |
|
Bernardo Damele
|
6191a7f26f
|
Major fix for a silent bug
|
2011-02-06 15:53:43 +00:00 |
|
Bernardo Damele
|
1bc2ee2fbf
|
Updated
|
2011-02-06 15:44:27 +00:00 |
|
Bernardo Damele
|
8980227d30
|
Minor bug fix
|
2011-02-06 15:32:16 +00:00 |
|
Bernardo Damele
|
2afc1e5021
|
Layout adjustments
|
2011-02-06 15:28:23 +00:00 |
|
Bernardo Damele
|
a5a648f4fe
|
Correctly handle --read-file and --write-file if neither stacked queries nor union query SQL injection has been detected.
Support to read files on MySQL via error-based SQL injection technique will come as soon as we fix the MySQL/trim/error-based bug
|
2011-02-06 15:23:27 +00:00 |
|
Bernardo Damele
|
c44978862e
|
Minor reordering of what gets saved into the injection object
|
2011-02-06 15:20:44 +00:00 |
|
Miroslav Stampar
|
5ecb75cc56
|
minor update
|
2011-02-06 15:14:07 +00:00 |
|
Miroslav Stampar
|
f754953c4f
|
reverting this one. spotted a major bug. dbms is not properly enforced at this moment, don't know why. if it was this would be properly encoded.
|
2011-02-06 12:33:58 +00:00 |
|
Miroslav Stampar
|
97f9c9d119
|
bug fix (playing with wavsep i've realized that we are sending in this payload quoted 'string' (causing problems), while MD5 also accepts integer values
|
2011-02-06 12:24:50 +00:00 |
|
Miroslav Stampar
|
412a97b7fe
|
fix for a bug reported by ahmed@isecur1ty.org (TypeError: unsupported operand type(s) for -: 'float' and 'NoneType')
|
2011-02-05 14:17:28 +00:00 |
|