Miroslav Stampar
|
8d0c2efbe2
|
unescaping of char marked payloads
|
2011-01-24 12:00:16 +00:00 |
|
Miroslav Stampar
|
a4a0f10950
|
minor minor minor
|
2011-01-20 09:25:34 +00:00 |
|
Bernardo Damele
|
bade0e3124
|
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
|
2011-01-19 23:06:15 +00:00 |
|
Miroslav Stampar
|
eadaf680de
|
fuck yea
|
2011-01-19 15:25:48 +00:00 |
|
Bernardo Damele
|
3822b494ea
|
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
|
2011-01-17 23:43:37 +00:00 |
|
Miroslav Stampar
|
5c857779c1
|
important fix for unicode based character inference
|
2011-01-17 10:15:19 +00:00 |
|
Miroslav Stampar
|
30d6791968
|
update regarding time based data retrieval
|
2011-01-16 17:52:42 +00:00 |
|
Miroslav Stampar
|
71391874eb
|
slightly faster and thread safer inference
|
2011-01-16 10:52:42 +00:00 |
|
Bernardo Damele
|
6e4b65a822
|
Minor refactoring
|
2011-01-15 23:28:31 +00:00 |
|
Bernardo Damele
|
2ac8debea0
|
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
Minor bug fixes thanks to previous refactoring too.
|
2011-01-13 17:36:54 +00:00 |
|
Bernardo Damele
|
06230e4d92
|
Minor code refactoring and cosmetics
|
2011-01-11 21:46:21 +00:00 |
|
Miroslav Stampar
|
7ae5192070
|
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
|
2011-01-05 10:25:07 +00:00 |
|
Miroslav Stampar
|
edcf1a0872
|
few bug fixes
|
2010-12-24 18:40:48 +00:00 |
|
Miroslav Stampar
|
385e208f38
|
code refactoring regarding standard output suppression and some threading issues
|
2010-12-21 14:21:24 +00:00 |
|
Miroslav Stampar
|
5852bad963
|
some refactoring
|
2010-12-20 18:56:06 +00:00 |
|
Miroslav Stampar
|
36862e2efa
|
update
|
2010-12-18 15:57:47 +00:00 |
|
Miroslav Stampar
|
6a24048aa6
|
urllib2 doesn't play well with '\n' when non unescaped chars used
|
2010-12-11 21:17:54 +00:00 |
|
Miroslav Stampar
|
f021548bd0
|
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
|
2010-12-11 10:52:04 +00:00 |
|
Miroslav Stampar
|
c17f444aab
|
minor fix
|
2010-12-11 10:22:18 +00:00 |
|
Miroslav Stampar
|
fe2039f5ba
|
coollyy little commits
|
2010-12-10 11:32:46 +00:00 |
|
Miroslav Stampar
|
cdff29ada7
|
update
|
2010-12-09 11:23:44 +00:00 |
|
Bernardo Damele
|
f5ce739bdf
|
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
|
2010-12-08 23:52:31 +00:00 |
|
Miroslav Stampar
|
6223f25dd9
|
code beautification
|
2010-12-08 13:04:48 +00:00 |
|
Miroslav Stampar
|
b5e45939e3
|
sqlmap premiere of blind time based query/bisection
|
2010-12-08 12:28:54 +00:00 |
|
Bernardo Damele
|
17486e472a
|
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
|
2010-11-17 22:00:09 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Bernardo Damele
|
ea1b0d31be
|
Avoid displaying single retrieved character when --verbose > 2
|
2010-11-07 22:42:56 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Miroslav Stampar
|
d3e7e89e60
|
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
|
2010-11-07 21:18:09 +00:00 |
|
Miroslav Stampar
|
3f0a443b83
|
some updates
|
2010-11-04 23:08:59 +00:00 |
|
Miroslav Stampar
|
cd0d4135ac
|
implemented --banner for MaxDB and some minor fixes
|
2010-11-02 20:51:55 +00:00 |
|
Miroslav Stampar
|
5269cb8c08
|
some code refactoring and beautification
|
2010-11-02 09:06:38 +00:00 |
|
Miroslav Stampar
|
13e93f564a
|
one bug fix in dynamic content engine and some code refactoring
|
2010-11-02 07:32:08 +00:00 |
|
Miroslav Stampar
|
73b33ed765
|
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
|
2010-11-01 20:56:13 +00:00 |
|
Miroslav Stampar
|
5a38ac7ea9
|
important update regarding (Bug #209) - probably more will be needed
|
2010-10-29 16:11:50 +00:00 |
|
Bernardo Damele
|
215175e3b7
|
Minor code adjustments
|
2010-10-25 14:11:47 +00:00 |
|
Miroslav Stampar
|
98f5586b87
|
minor update
|
2010-10-23 08:05:24 +00:00 |
|
Miroslav Stampar
|
bc79eec702
|
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
|
2010-10-21 13:13:12 +00:00 |
|
Bernardo Damele
|
64b9f94fcf
|
Renamed --common-prediction switch to --predict-output
|
2010-10-16 23:50:13 +00:00 |
|
Bernardo Damele
|
2129935e06
|
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
Minor enhancement
|
2010-10-16 21:52:16 +00:00 |
|
Miroslav Stampar
|
1336b97c2c
|
removed --useBetween switch and added new tampering module ./tamper/between.py
|
2010-10-15 23:48:07 +00:00 |
|
Miroslav Stampar
|
4f7f20b94f
|
sorry, cosmetics
|
2010-10-14 23:18:29 +00:00 |
|
Bernardo Damele
|
1674142d82
|
Minor cosmetic fixes
|
2010-10-14 15:28:54 +00:00 |
|
Miroslav Stampar
|
8b48833136
|
large commit with copyright header modifications
|
2010-10-14 14:41:14 +00:00 |
|
Miroslav Stampar
|
b37dca1c2c
|
minor adjustment
|
2010-07-19 09:06:19 +00:00 |
|
Miroslav Stampar
|
9edd468caf
|
multithreading save to session on abort
|
2010-07-19 08:37:45 +00:00 |
|
Bernardo Damele
|
7349f3a70f
|
Closes #197
|
2010-07-01 15:25:57 +00:00 |
|
Miroslav Stampar
|
bb9401ba52
|
minor minor fixup
|
2010-07-01 14:14:43 +00:00 |
|
Miroslav Stampar
|
9d28ae23ca
|
fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)
|
2010-07-01 14:11:45 +00:00 |
|
Bernardo Damele
|
17e228024b
|
Minor enhancements and bug fixes to "good samaritan" feature - see #4
|
2010-06-21 14:40:12 +00:00 |
|