Miroslav Stampar
|
bb99bd2fbe
|
one more commit related to the issue with displaying of garbled characters
|
2011-04-14 09:43:36 +00:00 |
|
Miroslav Stampar
|
04986be4b9
|
update regarding safe character output together with a small fix for newlines
|
2011-04-14 09:31:45 +00:00 |
|
Miroslav Stampar
|
d06ae9cd47
|
implemented retrieved items info for partial union too
|
2011-04-13 14:33:15 +00:00 |
|
Miroslav Stampar
|
f5f2201bbc
|
minor cosmetics for partial inband retrieval
|
2011-04-13 11:25:42 +00:00 |
|
Miroslav Stampar
|
c193b896be
|
just in case update to prevent gibberish "retrieved: " outputs
|
2011-04-12 23:07:50 +00:00 |
|
Miroslav Stampar
|
6012ab1c46
|
better one for previous commit
|
2011-04-10 21:52:08 +00:00 |
|
Miroslav Stampar
|
e6c50df4f9
|
preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case)
|
2011-04-10 21:38:08 +00:00 |
|
Miroslav Stampar
|
277f16d6b3
|
removing commented out debug print
|
2011-04-08 22:44:05 +00:00 |
|
Miroslav Stampar
|
6fa2fd139c
|
implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field)
|
2011-04-08 15:17:57 +00:00 |
|
Miroslav Stampar
|
228cc68747
|
fix for those ugly DEBUG messages in brute mode
|
2011-04-08 11:02:21 +00:00 |
|
Bernardo Damele
|
5b21352656
|
cosmeticados ;)
|
2011-04-08 10:39:07 +00:00 |
|
Miroslav Stampar
|
e33a48d40f
|
minor refactoring
|
2011-04-07 12:54:30 +00:00 |
|
Bernardo Damele
|
c6b9d89d31
|
Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly
|
2011-04-07 11:10:35 +00:00 |
|
Bernardo Damele
|
8b14a9eaa7
|
Minor code adjustments
|
2011-04-06 14:40:45 +00:00 |
|
Miroslav Stampar
|
b327bbcd9b
|
minor fix (it was quite ... to have this check at the later stage)
|
2011-04-06 08:39:24 +00:00 |
|
Miroslav Stampar
|
557ed7d665
|
minor fix for a invalid charset reported by Kirill
|
2011-03-31 14:39:01 +00:00 |
|
Bernardo Damele
|
fed57282fc
|
Added one more warning message to show what's going on with ctrl+c
|
2011-03-31 14:26:14 +00:00 |
|
Bernardo Damele
|
3948cd9e77
|
Minor layout adjustments
|
2011-03-31 14:13:53 +00:00 |
|
Miroslav Stampar
|
c5de903eab
|
minor improvement ("quick defense against substr fields")
|
2011-03-31 09:35:09 +00:00 |
|
Miroslav Stampar
|
ce51326bff
|
quick fix
|
2011-03-31 08:43:17 +00:00 |
|
Miroslav Stampar
|
0916117447
|
improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names
|
2011-03-30 18:32:10 +00:00 |
|
Miroslav Stampar
|
b6af80bab3
|
refactoring, cleanup and improvement
|
2011-03-29 21:54:15 +00:00 |
|
Miroslav Stampar
|
12f3024c8a
|
removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header)
|
2011-03-29 20:45:21 +00:00 |
|
Miroslav Stampar
|
d0861a00e2
|
minor improvement
|
2011-03-29 15:37:57 +00:00 |
|
Miroslav Stampar
|
1823c116bb
|
minor update for special cases of union testing results
|
2011-03-28 21:45:38 +00:00 |
|
Miroslav Stampar
|
1119a85f39
|
it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage)
|
2011-03-25 21:31:26 +00:00 |
|
Miroslav Stampar
|
6c6133e8aa
|
revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is)
|
2011-03-25 20:46:37 +00:00 |
|
Miroslav Stampar
|
737b4abf13
|
this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user)
|
2011-03-25 20:30:15 +00:00 |
|
Miroslav Stampar
|
422967fbcd
|
just an minor update related to the last commit
|
2011-03-25 12:21:53 +00:00 |
|
Miroslav Stampar
|
ea52d7acad
|
minor revisit of inference
|
2011-03-24 20:10:40 +00:00 |
|
Miroslav Stampar
|
0f7bce5c66
|
fixing a huge mess going on because of counting on error and union techniques
|
2011-03-23 11:36:40 +00:00 |
|
Miroslav Stampar
|
7613134515
|
it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic)
|
2011-03-22 12:37:05 +00:00 |
|
Miroslav Stampar
|
9479a68eb5
|
minor fix regarding last commit
|
2011-03-22 12:21:56 +00:00 |
|
Miroslav Stampar
|
c24ed6e622
|
minor fix related to a bug reported by warninggp@gmail.com
|
2011-03-22 09:22:48 +00:00 |
|
Miroslav Stampar
|
b5c9ccb755
|
Oracle XML based error payload has problems with char $ as with space
|
2011-03-21 13:13:12 +00:00 |
|
Miroslav Stampar
|
9b1f2d82d0
|
minor update (that .strip() was a leftover)
|
2011-03-20 23:20:47 +00:00 |
|
Miroslav Stampar
|
db992a0a86
|
mssql likes to htmlescape error reports
|
2011-03-20 23:16:34 +00:00 |
|
Bernardo Damele
|
03fac62592
|
Minor code restyle
|
2011-03-17 12:34:29 +00:00 |
|
Miroslav Stampar
|
beba69faa9
|
implementation of request from Santiago (look for error based responses in redirects)
|
2011-03-17 09:12:28 +00:00 |
|
Miroslav Stampar
|
847ce863e3
|
refactoring
|
2011-03-17 08:54:20 +00:00 |
|
Bernardo Damele
|
d8a76ebe34
|
Minor bug fix for counting of entries for error-based and partial UNION query SQL injection techs
|
2011-03-11 16:03:19 +00:00 |
|
Bernardo Damele
|
3cb0ca4b63
|
Minor bug fix for --privileges on PgSQL with error-based SQL inj technique
|
2011-03-11 15:24:25 +00:00 |
|
Bernardo Damele
|
60605b6e7c
|
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
|
2011-02-27 12:14:13 +00:00 |
|
Miroslav Stampar
|
aa88361ab1
|
incorporation of method for neutralization of reflective values
|
2011-02-25 09:22:44 +00:00 |
|
Miroslav Stampar
|
708ddf5608
|
added protection mechanism against reflected values
|
2011-02-24 16:52:46 +00:00 |
|
Miroslav Stampar
|
83d7803ce7
|
other techniques use dataToStdout for retrieved string, hence this update (also, fixing ugly retrieved: 0 or 1 while doing fingerprinting --flush-session -f --technique=2)
|
2011-02-12 20:03:28 +00:00 |
|
Bernardo Damele
|
864eade744
|
Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase
|
2011-02-10 11:14:05 +00:00 |
|
Bernardo Damele
|
aa0fb276ba
|
More fixes for --common-columns to work against MSSQL too
|
2011-02-09 17:22:07 +00:00 |
|
Miroslav Stampar
|
917b2b0d6b
|
one more commit related to the previous one
|
2011-02-09 17:07:02 +00:00 |
|
Miroslav Stampar
|
6c582343fe
|
.. fix
|
2011-02-09 17:05:06 +00:00 |
|