Miroslav Stampar
e4b51dd549
proper way of handling OR based injections (completely compatible with current AND based inference engine)
2010-12-06 17:23:21 +00:00
Bernardo Damele
a1e89d3e94
Minor tweak
2010-12-05 13:12:12 +00:00
Bernardo Damele
bf425d90bc
More tweaking
2010-12-05 12:23:18 +00:00
Bernardo Damele
41e1b95c6c
Minor code refactoring and finally make exploitation work also on OR boolean-based injections
2010-12-05 11:25:44 +00:00
Bernardo Damele
191ba3118f
Cosmetics
2010-12-05 11:08:52 +00:00
Bernardo Damele
1b17bac494
Sorted out
2010-12-05 11:06:37 +00:00
Bernardo Damele
8066610217
Minor improvements to OR based injections
2010-12-05 10:55:19 +00:00
Bernardo Damele
2612615978
Major improvements
2010-12-04 16:40:08 +00:00
Miroslav Stampar
9e5f933ace
some updates
2010-12-04 15:47:02 +00:00
Bernardo Damele
95a3f4b52f
Rudimental OR boolean-based tests for login forms
2010-12-03 22:58:35 +00:00
Bernardo Damele
9d55c4da87
Done with support for injection in ORDER BY and GROUP BY (hopefully)
2010-12-03 16:12:47 +00:00
Bernardo Damele
072835e04b
Removed for time being
2010-12-03 14:48:31 +00:00
Bernardo Damele
11058667e4
Better naming
2010-12-03 14:45:13 +00:00
Miroslav Stampar
73dfb69308
minor update for OR based time injection (Firebird)
2010-12-03 12:15:41 +00:00
Bernardo Damele
4dec049c22
Major bug fix for test on ORDER BY and GROUP BY clauses.
...
Minor bug fix to skip following tests if they do not match any of the clause previously identified (injection.clause value).
2010-12-03 12:00:03 +00:00
Miroslav Stampar
23a86ed612
minor bug fix related to Firebird time based test vectors
2010-12-03 11:05:16 +00:00
Bernardo Damele
0069a21a0d
Added also OR error-based checks, tweaked some TODOs and added some new boundaries for login forms (yet to test)
2010-12-03 10:52:24 +00:00
Miroslav Stampar
bf09b8a6d9
added Firebird error based (WHERE) attack vector
2010-12-02 15:09:21 +00:00
Bernardo Damele
df4cb1a601
On the way to get full support for injection on ORDER BY and GROUP BY clauses
2010-12-01 23:30:38 +00:00
Bernardo Damele
089c16a1b8
Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
...
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
2708aad504
Unified start and stop delimiters accross errror-based (detection engine) and union query (--union-test) tests.
2010-12-01 10:31:50 +00:00
Bernardo Damele
c8f943f5e4
Now, if the back-end dbms type has been identified by the detection engine, skips the fingerprint phase.
...
Major code refactoring and commenting to detection engine.
Ask user whether or not to proceed to test remaining parameters after an injection point has been identified.
Restore beep at SQL injection find.
Avoid reuse of same variable in DBMS handler code.
Minor adjustment of payloads XML file.
2010-11-30 22:40:25 +00:00
Bernardo Damele
6525e08d6b
Minor adjustment to detect the proper parameter type based upon --prefix and --suffix values
2010-11-29 12:13:42 +00:00
Bernardo Damele
75f7df75b6
Minor fix
2010-11-28 23:33:51 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00