Miroslav Stampar
|
aa83fe5c66
|
minor update
|
2011-06-24 18:19:33 +00:00 |
|
Miroslav Stampar
|
21010f702c
|
minor beautification
|
2011-06-24 17:46:54 +00:00 |
|
Miroslav Stampar
|
96190cf594
|
minor update
|
2011-06-24 17:15:15 +00:00 |
|
Bernardo Damele
|
1cb12ea659
|
replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license)
|
2011-06-22 13:31:07 +00:00 |
|
Miroslav Stampar
|
2a4a284a29
|
crawler fix (skip binary files)
|
2011-06-20 22:41:38 +00:00 |
|
Miroslav Stampar
|
d6062e8fc9
|
minor fix for crawler and far less message overlaps in future
|
2011-06-20 21:18:12 +00:00 |
|
Miroslav Stampar
|
31ad0875b4
|
added by request
|
2011-06-18 11:34:51 +00:00 |
|
Miroslav Stampar
|
ec6fa384eb
|
update
|
2011-06-17 22:04:25 +00:00 |
|
Miroslav Stampar
|
530c296519
|
minor fix
|
2011-06-16 13:56:17 +00:00 |
|
Miroslav Stampar
|
6f681b45ad
|
cleaning up a bit for a configuration mess
|
2011-06-16 11:42:13 +00:00 |
|
Miroslav Stampar
|
2da56ea507
|
fix of a language bug
|
2011-06-11 21:17:30 +00:00 |
|
Miroslav Stampar
|
f8dde2c23b
|
adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones)
|
2011-06-10 23:18:43 +00:00 |
|
Bernardo Damele
|
7da3d8dbd1
|
minor layout adjustment
|
2011-06-08 13:01:33 +00:00 |
|
Miroslav Stampar
|
f27181c628
|
minor improvement for blind based injections with reflected values
|
2011-06-03 14:41:36 +00:00 |
|
Miroslav Stampar
|
89559d1b0a
|
better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it
|
2011-05-30 20:18:30 +00:00 |
|
Miroslav Stampar
|
20988e58ed
|
warp 5 mr spock :)
|
2011-05-30 09:46:32 +00:00 |
|
Miroslav Stampar
|
001cbff2a9
|
speed up of 2 times for partial union technique
|
2011-05-30 09:07:48 +00:00 |
|
Miroslav Stampar
|
d51efa679d
|
typo update
|
2011-05-29 06:26:28 +00:00 |
|
Miroslav Stampar
|
f848cc779e
|
adding legal disclaimer as latest situation (these days news headlines) seems out of control
|
2011-05-28 18:54:14 +00:00 |
|
Miroslav Stampar
|
03ef53f00a
|
update regarding mysql function resolution and versionedkeywords
|
2011-05-28 17:34:43 +00:00 |
|
Miroslav Stampar
|
4f46a5ab63
|
minor usability enhancement regarding warning for --text-only switch
|
2011-05-26 20:48:18 +00:00 |
|
Miroslav Stampar
|
0e480a9921
|
adding SYS to the ORACLE_SYSTEM_DBS
|
2011-05-25 10:55:47 +00:00 |
|
Miroslav Stampar
|
f774d8fea0
|
proper Tor settings (reverted r3915 and implemented it the right way)
|
2011-05-24 11:06:58 +00:00 |
|
Miroslav Stampar
|
a58aaf2e1a
|
better format for results file (easier for sorting when lots of files)
|
2011-05-22 07:02:36 +00:00 |
|
Miroslav Stampar
|
25fff8c135
|
changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux)
|
2011-05-21 11:46:57 +00:00 |
|
Miroslav Stampar
|
9e5856caf8
|
improvement for recognition of scalar vs multiple-row commands
|
2011-05-19 16:45:05 +00:00 |
|
Miroslav Stampar
|
3048e9f710
|
minor refactoring
|
2011-05-17 23:03:31 +00:00 |
|
Miroslav Stampar
|
faa74cd2bc
|
introducing results file for multiple target mode
|
2011-05-15 22:21:38 +00:00 |
|
Bernardo Damele
|
aae140080e
|
SVN roll back, DB2 patch will be recommitted after testing:
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
|
2011-05-06 10:27:43 +00:00 |
|
Miroslav Stampar
|
6e392b6054
|
applying contributed patch for DB2
|
2011-05-06 09:30:39 +00:00 |
|
Miroslav Stampar
|
742b0ef76e
|
major improvement of ERROR data retrieval on MSSQL
|
2011-05-03 13:25:20 +00:00 |
|
Bernardo Damele
|
f56d135438
|
Minor code restyling
|
2011-04-30 13:20:05 +00:00 |
|
Bernardo Damele
|
d0dff82ce0
|
Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch
|
2011-04-23 16:25:09 +00:00 |
|
Miroslav Stampar
|
f88aa4b165
|
implemented suppressResumeInfo mechanism (huge slowdown on large tables)
|
2011-04-22 19:58:10 +00:00 |
|
Bernardo Damele
|
06a00fe85e
|
For development version, print also the revision number in the banner
|
2011-04-21 21:34:57 +00:00 |
|
Miroslav Stampar
|
7a06af9a92
|
added "lagging" critical message
|
2011-04-19 10:37:20 +00:00 |
|
Miroslav Stampar
|
b79d4f70f3
|
cleaner solution for the problem solved with last commit
|
2011-04-18 14:51:48 +00:00 |
|
Miroslav Stampar
|
f5cff067c6
|
little hack for --time-sec
|
2011-04-18 14:46:18 +00:00 |
|
Miroslav Stampar
|
6fab44d635
|
minor refactoring and improving of used regex
|
2011-04-17 22:37:00 +00:00 |
|
Miroslav Stampar
|
c461fdca54
|
some refactoring
|
2011-04-15 13:51:06 +00:00 |
|
Miroslav Stampar
|
0387654166
|
update of copyright string (until year)
|
2011-04-15 12:33:18 +00:00 |
|
Miroslav Stampar
|
4d8a49a87c
|
more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation
|
2011-04-15 11:53:20 +00:00 |
|
Miroslav Stampar
|
ded28442fb
|
minor fixes and refactoring regarding safecharencoding
|
2011-04-14 15:54:00 +00:00 |
|
Miroslav Stampar
|
eafab03d99
|
safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars)
|
2011-04-14 13:53:56 +00:00 |
|
Miroslav Stampar
|
30bfefd638
|
minor fix
|
2011-04-14 12:58:03 +00:00 |
|
Bernardo Damele
|
5cf38cd0d7
|
More cookies to ignore
|
2011-04-14 12:46:14 +00:00 |
|
Miroslav Stampar
|
bb99bd2fbe
|
one more commit related to the issue with displaying of garbled characters
|
2011-04-14 09:43:36 +00:00 |
|
Miroslav Stampar
|
5dfb55effc
|
revert of the last commit because of this http://osvdb.org/show/osvdb/26582
|
2011-04-14 06:46:32 +00:00 |
|
Miroslav Stampar
|
786f305e1a
|
minor update
|
2011-04-14 06:43:08 +00:00 |
|
Miroslav Stampar
|
21114d1748
|
added IGNORE_PARAMETERS to skip testing of state/session web server parameters
|
2011-04-13 19:01:02 +00:00 |
|
Miroslav Stampar
|
d06ae9cd47
|
implemented retrieved items info for partial union too
|
2011-04-13 14:33:15 +00:00 |
|
Miroslav Stampar
|
f5f2201bbc
|
minor cosmetics for partial inband retrieval
|
2011-04-13 11:25:42 +00:00 |
|
Miroslav Stampar
|
c193b896be
|
just in case update to prevent gibberish "retrieved: " outputs
|
2011-04-12 23:07:50 +00:00 |
|
Miroslav Stampar
|
941daa1645
|
just in case to prevent "object of type 'NoneType' has no len()" error reports
|
2011-04-11 11:59:02 +00:00 |
|
Miroslav Stampar
|
08d14886fd
|
added new dev version string
|
2011-04-11 09:44:44 +00:00 |
|
Bernardo Damele
|
07d6b18c4e
|
cutting for 0.9 stable
|
2011-04-11 00:24:51 +00:00 |
|
Miroslav Stampar
|
8597409d9e
|
lowering the value
|
2011-04-10 22:57:17 +00:00 |
|
Bernardo Damele
|
c3b54cc222
|
Cosmetics
|
2011-04-01 16:40:28 +00:00 |
|
Miroslav Stampar
|
220366b6e8
|
minor update (ip addresses will not be confused any more for crypt_generic hashes)
|
2011-03-31 16:56:26 +00:00 |
|
Miroslav Stampar
|
c5de903eab
|
minor improvement ("quick defense against substr fields")
|
2011-03-31 09:35:09 +00:00 |
|
Miroslav Stampar
|
d28ca5809b
|
adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page)
|
2011-03-29 14:16:28 +00:00 |
|
Miroslav Stampar
|
7cf4ba83dc
|
minor refactoring and comment update
|
2011-03-29 12:08:07 +00:00 |
|
Miroslav Stampar
|
bf0e3c4662
|
improvement for --forms with empty fields
|
2011-03-28 22:48:00 +00:00 |
|
Miroslav Stampar
|
76b7e3517d
|
minor update
|
2011-03-27 07:58:15 +00:00 |
|
Miroslav Stampar
|
d79fae724c
|
minor refactoring
|
2011-03-24 09:16:21 +00:00 |
|
Miroslav Stampar
|
5c97f9a496
|
improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries)
|
2011-03-09 09:36:56 +00:00 |
|
Miroslav Stampar
|
f27f05308a
|
minor update for masking sensitive data in error report (added aCred too)
|
2011-03-02 10:09:17 +00:00 |
|
Miroslav Stampar
|
7036190e8e
|
minor improvement of regular expression
|
2011-02-27 17:58:01 +00:00 |
|
Miroslav Stampar
|
21041f8b90
|
further reflective value handling improvement
|
2011-02-27 17:43:41 +00:00 |
|
Miroslav Stampar
|
708ddf5608
|
added protection mechanism against reflected values
|
2011-02-24 16:52:46 +00:00 |
|
Miroslav Stampar
|
3f8eadf4fe
|
minor refactoring
|
2011-02-22 13:00:58 +00:00 |
|
Miroslav Stampar
|
199f14df46
|
implementation of MySQL GROUP_CONCAT technique
|
2011-02-15 00:28:27 +00:00 |
|
Miroslav Stampar
|
50d25c3b4d
|
update regarding explicit testing of ua and referer when using -p
|
2011-02-13 21:58:48 +00:00 |
|
Miroslav Stampar
|
4295a78c5f
|
minor update
|
2011-02-10 19:51:34 +00:00 |
|
Miroslav Stampar
|
5b57a69f3e
|
fix
|
2011-02-09 11:20:03 +00:00 |
|
Miroslav Stampar
|
37f7001143
|
first commit with mysql/error/substringing
|
2011-02-08 16:23:33 +00:00 |
|
Miroslav Stampar
|
99e9412f74
|
minor update
|
2011-02-07 12:34:23 +00:00 |
|
Bernardo Damele
|
39decebe85
|
Minor fixes to checking/re-enabling of xp_cmdshell procedure
|
2011-02-07 12:17:19 +00:00 |
|
Miroslav Stampar
|
096efea282
|
added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[]
|
2011-02-07 10:22:43 +00:00 |
|
Bernardo Damele
|
ba3a8a69d4
|
More statements to exclude from unescap'ing
|
2011-02-07 00:33:54 +00:00 |
|
Bernardo Damele
|
2e00656235
|
Minor fix
|
2011-02-07 00:20:23 +00:00 |
|
Bernardo Damele
|
f3d6be7868
|
Code cleanup
|
2011-02-06 22:32:44 +00:00 |
|
Miroslav Stampar
|
acb986ae80
|
minor refactoring
|
2011-02-04 17:40:55 +00:00 |
|
Miroslav Stampar
|
accf4e6ce0
|
one important fix (URI injection parameter '*' now can go anywhere)
|
2011-02-04 12:43:18 +00:00 |
|
Miroslav Stampar
|
c19d481bb1
|
little clean up
|
2011-02-04 12:25:14 +00:00 |
|
Miroslav Stampar
|
e4933f0c92
|
refactoring
|
2011-02-03 23:25:56 +00:00 |
|
Miroslav Stampar
|
e5f54644f0
|
minor "statistical" update
|
2011-02-03 16:59:49 +00:00 |
|
Miroslav Stampar
|
6c87bd1c63
|
added maskSensitiveData function
|
2011-02-02 14:25:16 +00:00 |
|
Miroslav Stampar
|
d6c9515f78
|
minor update
|
2011-02-02 13:03:24 +00:00 |
|
Miroslav Stampar
|
e33428b833
|
adding __findUnionCharCount function
|
2011-02-02 11:22:35 +00:00 |
|
Miroslav Stampar
|
99aa38b58f
|
minor refactoring
|
2011-02-02 10:10:28 +00:00 |
|
Miroslav Stampar
|
fa58a9c86b
|
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
|
2011-01-31 20:36:01 +00:00 |
|
Miroslav Stampar
|
b1dc928e68
|
implemented validation for time-based inference
|
2011-01-31 16:07:23 +00:00 |
|
Miroslav Stampar
|
25463bc67c
|
fix for a bug (--predict-output) noticed by Bernardo
|
2011-01-31 15:00:41 +00:00 |
|
Miroslav Stampar
|
60a2364f2b
|
now union technique parses headers too
|
2011-01-31 12:41:39 +00:00 |
|
Miroslav Stampar
|
f9eac97fe8
|
refactoring of MSSQL XML banner parsing
|
2011-01-31 11:38:00 +00:00 |
|
Miroslav Stampar
|
fc9c626f9e
|
minor refactoring (removed URL_ENCODE_PAYLOAD)
|
2011-01-30 17:03:06 +00:00 |
|
Miroslav Stampar
|
ddf23ba7cc
|
refactoring
|
2011-01-30 11:36:03 +00:00 |
|
Miroslav Stampar
|
03413bd5e0
|
minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)
|
2011-01-27 16:55:58 +00:00 |
|
Miroslav Stampar
|
4e5f0da1ae
|
minor update
|
2011-01-20 16:07:08 +00:00 |
|