| 
							
							
								 Bernardo Damele | 864eade744 | Fixed store and resume of brute-forced tables/columns for MSSQL/Sybase | 2011-02-10 11:14:05 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | aa0fb276ba | More fixes for --common-columns to work against MSSQL too | 2011-02-09 17:22:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7d9be18789 | added one comment | 2011-02-09 14:34:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bafc8a1b0f | another update | 2011-02-09 13:29:52 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 600f729139 | fix for a bug reported by skysbsb@gmail.com (double ORDER BY) | 2011-02-09 12:43:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5b57a69f3e | fix | 2011-02-09 11:20:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 37f7001143 | first commit with mysql/error/substringing | 2011-02-08 16:23:33 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c3eb82e60b | Proper fix | 2011-02-08 10:08:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dba2f74588 | revert of r3274 | 2011-02-08 09:44:34 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | cfe2da0195 | Minor fix | 2011-02-08 00:13:39 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0a81415f2f | Minor code cleanup | 2011-02-08 00:02:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 771020abd6 | one more related commit | 2011-02-07 16:32:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 265e7ca272 | fix for that MSSQL limit/top problem | 2011-02-07 16:24:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 99e9412f74 | minor update | 2011-02-07 12:34:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e023e0d233 | proper fix | 2011-02-07 12:32:08 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 39decebe85 | Minor fixes to checking/re-enabling of xp_cmdshell procedure | 2011-02-07 12:17:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 096efea282 | added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] | 2011-02-07 10:22:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ba3a8a69d4 | More statements to exclude from unescap'ing | 2011-02-07 00:33:54 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3719f085ae | Added back-end dbms' OS based methods to Backend object - will be used for refactoring | 2011-02-07 00:21:17 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 2e00656235 | Minor fix | 2011-02-07 00:20:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | bf5ca4bd9a | No point in unescaping the expression also in suffixQuery() also 'cause it will exit sqlmap if the parameter value is a string hence injection payload starts with single quote (') | 2011-02-06 23:30:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 061f56daf9 | More adjustments related to unescape() and cleanupPayload(). Minor code cleanup related to error-based payload. | 2011-02-06 23:27:56 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6a71629575 | Converted from DOS format (\n\r to \n only) | 2011-02-06 23:25:55 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0800d9e49b | Major bug fix for semi-centralize unescape() and cleanupPayload() into prefixQuery() and suffixQuery() | 2011-02-06 22:58:12 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f3d6be7868 | Code cleanup | 2011-02-06 22:32:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 078a2207cc | few reverts | 2011-02-06 22:10:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b9b2fe0e7c | little cleanup | 2011-02-06 21:52:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c4c2cf1d58 | can't stay as it is right now. temporary disabling. | 2011-02-06 21:17:41 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6191a7f26f | Major fix for a silent bug | 2011-02-06 15:53:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4df8a03c04 | using OrderedDict to store parameters in order of appearance | 2011-02-04 18:07:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | acb986ae80 | minor refactoring | 2011-02-04 17:40:55 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | fec88f6a6d | Minor fix | 2011-02-04 15:57:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 09e88cfb19 | fix for a bug reported by zack.payton@executiveinstruments.com (object of type 'NoneType' has no len()) | 2011-02-04 14:05:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f83f1a1e06 | minor just in case update | 2011-02-04 13:08:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c69b76776e | minor refactoring | 2011-02-04 13:04:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | accf4e6ce0 | one important fix (URI injection parameter '*' now can go anywhere) | 2011-02-04 12:43:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c19d481bb1 | little clean up | 2011-02-04 12:25:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c229efba05 | revert | 2011-02-04 11:33:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d211def899 | minor adjustment (accepting strange new looking uri formats) | 2011-02-04 10:55:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e4933f0c92 | refactoring | 2011-02-03 23:25:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9a1a28c804 | adding comments to filtering function | 2011-02-03 23:09:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e5f54644f0 | minor "statistical" update | 2011-02-03 16:59:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b56a77e573 | removing obsolete switches (--threshold, --excl-reg, --excl-str) | 2011-02-03 15:55:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1b9850b73a | revert of last commit (conf dictionary has a method "update" which caused if conf.update to True always :) ) | 2011-02-03 12:21:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5edba2ffbc | minor change (conf.updateAll to conf.update) | 2011-02-03 11:13:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5f49e20cc8 | adding --random-agent and removing -a | 2011-02-02 14:51:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2dae57a56d | cosmetics | 2011-02-02 14:35:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6c87bd1c63 | added maskSensitiveData function | 2011-02-02 14:25:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8134c2154a | adding WHERE enum for payloads | 2011-02-02 13:34:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d6c9515f78 | minor update | 2011-02-02 13:03:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e73a147fb5 | minor update | 2011-02-02 11:49:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e33428b833 | adding __findUnionCharCount function | 2011-02-02 11:22:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 99aa38b58f | minor refactoring | 2011-02-02 10:10:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 23c95107ed | we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS) | 2011-02-02 09:24:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | af99105c27 | lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) | 2011-02-01 22:45:38 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 2619e4895f | Properly handle --technique at save/resume phase | 2011-02-01 22:05:48 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 3d966bd569 | You never know.. | 2011-02-01 22:05:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 705d45f4db | minor cosmetics | 2011-02-01 11:10:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 196e2d35b2 | maybe we could ask user "are you willing to import local data content into error report" and use this function respectably | 2011-02-01 11:06:56 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 6761933f75 | Just.. cosmetics ;) | 2011-01-31 22:51:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 25c175a9a5 | minor bug fix | 2011-01-31 22:34:57 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b04e1a0313 | More detailed message for unhandled exception | 2011-01-31 21:23:40 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ec9ebb3479 | Set threads to 4 when optimization switch is provided, -o | 2011-01-31 21:21:13 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 8397c526d8 | Minor adjustment | 2011-01-31 21:20:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fa58a9c86b | update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) | 2011-01-31 20:36:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b1dc928e68 | implemented validation for time-based inference | 2011-01-31 16:07:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 25463bc67c | fix for a bug (--predict-output) noticed by Bernardo | 2011-01-31 15:00:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 60a2364f2b | now union technique parses headers too | 2011-01-31 12:41:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8ef47307db | added checking of header values for GREP (error); still UNION to do | 2011-01-31 12:21:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fb3513650d | adding ID properties | 2011-01-31 11:41:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f9eac97fe8 | refactoring of MSSQL XML banner parsing | 2011-01-31 11:38:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7175efcae1 | another minor cosmetic update | 2011-01-31 10:59:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 97328c3104 | minor fix | 2011-01-31 10:54:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5e768be509 | minor bug fix | 2011-01-31 09:34:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f7feebe0df | fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments) | 2011-01-31 09:28:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fc9c626f9e | minor refactoring (removed URL_ENCODE_PAYLOAD) | 2011-01-30 17:03:06 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 21e7223779 | perhaps this is better english | 2011-01-30 16:34:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ddf23ba7cc | refactoring | 2011-01-30 11:36:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 367d0639f0 | refactoring (class names should always be Capital cased) | 2011-01-28 16:36:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ddd296030d | added some more info to unhandled exception message(s) | 2011-01-28 16:15:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8e74c571bc | centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels | 2011-01-27 19:44:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 81722b6881 | major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) | 2011-01-27 18:36:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 03413bd5e0 | minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload) | 2011-01-27 16:55:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bb6e36fb02 | minor updates | 2011-01-27 12:38:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6cc69f5e16 | now --technique is appliable also after the injections have been identified | 2011-01-24 16:47:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 81011be0d7 | minor update of parseTargetUrl method | 2011-01-24 14:52:50 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | e1db2700f0 | Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads | 2011-01-24 12:25:45 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4441e11f68 | fix for case -r with no params and cookie available | 2011-01-24 11:26:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a3e3387113 | fix for proper Firebird resume of version | 2011-01-24 11:04:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c1145c244e | fix for user-agent injections | 2011-01-23 23:23:30 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b18397fbc7 | major revisit of --os-shell methods | 2011-01-23 20:47:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f5ff78d40c | revert | 2011-01-23 11:21:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3a5f0760f6 | minor optimization (only way to prematurely stop SAX parser) | 2011-01-23 10:12:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 30cd877c4a | fix for URI based injections | 2011-01-22 16:23:33 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f1b402b103 | Proper handling of CASE in Oracle, finally | 2011-01-20 21:58:50 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 4128b2c87f | Enforce that when --prefix is provided, --suffix is too and viceversa. | 2011-01-20 21:57:54 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 7d1c704575 | Moved little precaution from checks.py to common.py. Initial refactoring of kb.os* get/set. | 2011-01-20 21:56:10 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9770db597e | Centralization of unescape() | 2011-01-20 21:55:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dd7262d9e6 | we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode | 2011-01-20 17:53:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ad12242151 | LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) | 2011-01-20 16:27:59 +00:00 |  |