sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,474 Commits 4 Branches 117 Tags 97 MiB
60102209f6
Commit Graph

302 Commits

Author SHA1 Message Date
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
2ac8debea0 Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS. 
Minor bug fixes thanks to previous refactoring too.
 2011-01-13 17:36:54 +00:00
Bernardo Damele
af9725214a Properly deal with partial (single entry) UNION injections. 
Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase.
 2011-01-12 12:01:32 +00:00
Bernardo Damele
8a67aea754 One more step to fully working UNION exploitation after merge into detection phase 2011-01-12 01:13:32 +00:00
Bernardo Damele
5c7c3c76c3 Fixed previous bug in getErrorParsedDBMSes() call in detection phase. 
Added minor support to escape quotes in UNION payloads during detection phase.
 2011-01-11 23:47:32 +00:00
Bernardo Damele
06230e4d92 Minor code refactoring and cosmetics 2011-01-11 21:46:21 +00:00
Miroslav Stampar
394b6bc029 reverting some changes 2011-01-11 12:11:33 +00:00
Miroslav Stampar
690281dce1 didn't know this to be honest 2011-01-11 10:17:22 +00:00
Miroslav Stampar
77b51dae57 adding openFile method with an exception block around file opening part 2011-01-08 09:30:10 +00:00
Miroslav Stampar
c17714c423 suppress session in case of brute methods 2011-01-07 16:47:46 +00:00
Miroslav Stampar
b313a20a3f some fixes 2011-01-07 16:39:47 +00:00
Miroslav Stampar
a8d660db54 fixes for bugs reported by pragmatk@gmail.com 2011-01-06 16:59:58 +00:00
Miroslav Stampar
0eabca9fd4 update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) 2011-01-03 22:31:29 +00:00
Miroslav Stampar
08ccbf2c1e important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) 2011-01-03 22:02:58 +00:00
Miroslav Stampar
da138c46c1 added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly) 2011-01-02 07:37:47 +00:00
Miroslav Stampar
212035e64d user can now choose if he wants to skip non-heuristic based DBMS tests 2011-01-01 23:38:11 +00:00
Miroslav Stampar
9fb0e0fc85 resume of brute forced data is now available 2010-12-27 14:17:20 +00:00
Miroslav Stampar
51a492e17d pretty important commit (now dumped tables are prone to dictionary attack) 2010-12-27 10:56:28 +00:00
Miroslav Stampar
269d6bde24 this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion) 2010-12-27 00:14:29 +00:00
Miroslav Stampar
562a6440d1 fix for a bug reported by nightman (same as http://bugs.python.org/issue8797) 2010-12-26 09:33:04 +00:00
Miroslav Stampar
2c23a59ba5 fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) 2010-12-24 12:13:48 +00:00
Miroslav Stampar
aab14fa2d3 minor refactoring/cosmetics 2010-12-24 11:06:57 +00:00
Miroslav Stampar
d9f08e4aa3 randomization of user agents 2010-12-24 10:04:27 +00:00
Miroslav Stampar
017ea9e686 update 2010-12-23 14:06:22 +00:00
Miroslav Stampar
73f33c1999 bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped) 2010-12-23 11:28:13 +00:00
Miroslav Stampar
d974a966b8 minor fix for end phase (Ctrl+C) 2010-12-21 23:55:55 +00:00
Miroslav Stampar
fb75d0636b minor update 2010-12-21 23:42:59 +00:00
Miroslav Stampar
385e208f38 code refactoring regarding standard output suppression and some threading issues 2010-12-21 14:21:24 +00:00
Miroslav Stampar
8fd3e7ba1f thread based data added 2010-12-20 22:45:01 +00:00
Miroslav Stampar
5852bad963 some refactoring 2010-12-20 18:56:06 +00:00
Miroslav Stampar
19d8733e9a this is strictly for educational purposes 2010-12-20 17:30:47 +00:00
Miroslav Stampar
13d5b2c0ff code refactoring 2010-12-20 09:44:21 +00:00
Miroslav Stampar
36862e2efa update 2010-12-18 15:57:47 +00:00
Miroslav Stampar
e355f92f22 bug fix 2010-12-18 10:02:01 +00:00
Miroslav Stampar
fe67d3827c code refactoring and some fixes 2010-12-18 09:51:34 +00:00
Miroslav Stampar
a19cb2c13a code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") 2010-12-17 21:29:09 +00:00
Miroslav Stampar
de54219571 code refactoring 2010-12-15 12:50:56 +00:00
Miroslav Stampar
c1c525aaea quick fix of a fix 2010-12-15 12:10:33 +00:00
Miroslav Stampar
7cfeb5447b minor update 2010-12-15 11:46:28 +00:00
Miroslav Stampar
4dec24d056 quick fix for a bug reported by Andreas Constantinides (KeyError: 5) 2010-12-15 11:30:29 +00:00
Miroslav Stampar
c3d0295d21 minor update (checking for --time-sec value) 2010-12-14 12:37:21 +00:00
Miroslav Stampar
b75d7fa348 minor cache based optimization 2010-12-14 12:22:17 +00:00
Bernardo Damele
4b79227b5a Minor bug fix to properly merge options from .conf file (-c) with command line switches 2010-12-13 21:36:23 +00:00
Bernardo Damele
5fb04515d3 Added hidden (for the moment) switch --technique 2010-12-09 13:47:17 +00:00
Miroslav Stampar
293ce18fed two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) 2010-12-07 23:32:33 +00:00
Miroslav Stampar
dc651d59ec little mathematics here and there (used "Rules for normally distributed data") 2010-12-07 19:19:12 +00:00
Miroslav Stampar
ecd4a5a532 added standard deviation check in time based tests 2010-12-07 16:39:31 +00:00
Miroslav Stampar
294119d2ec more advanced time technique(s) 2010-12-07 16:04:53 +00:00
Miroslav Stampar
add6235b16 removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session 2010-12-07 14:06:54 +00:00
Miroslav Stampar
0dc630203f code refactoring 2010-12-07 13:34:06 +00:00
Bernardo Damele
8e78057ac8 Added counter of total HTTP(s) requests done during detection phase 2010-12-07 12:33:47 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Miroslav Stampar
9e5f933ace some updates 2010-12-04 15:47:02 +00:00
Miroslav Stampar
1f795622b3 some fine tuning of dynamicity removing engine 2010-12-04 13:39:35 +00:00
Miroslav Stampar
04714374f9 now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s)) 2010-12-04 10:05:18 +00:00
Bernardo Damele
5d37df6104 Ugly code to set the cookies when got them from a 302 redirect too 2010-12-03 17:41:10 +00:00
Miroslav Stampar
612ee08a0b added response time kb attribute 2010-12-03 13:19:34 +00:00
Bernardo Damele
22de82634a Important update to parse correctly the <where> tag during exploitation phase. 
Minor code cleanup.
 2010-12-03 10:44:16 +00:00
Bernardo Damele
09b265a1ea Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check 2010-12-01 23:32:02 +00:00
Bernardo Damele
8b9706656e Got rid of unreliable 'ORDER BY' technique to detect UNION query SQL injection, consequently switch --union-tech has gone now. 
Minor code refactoring too.
 2010-11-29 17:18:38 +00:00
Miroslav Stampar
e735f2960a minor update 2010-11-29 15:25:45 +00:00
Bernardo Damele
2efb3b78ea Consider also --dbms value during the detection phase 2010-11-29 14:48:07 +00:00
Bernardo Damele
76ce9cc888 Minor bug fix for --forms 2010-11-29 12:46:18 +00:00
Bernardo Damele
9d7087e2ff Proper saving and resuming when more than a parameter are injectable. 
Minor bug fix to --stacked-test
Minor code refactoring.
 2010-11-29 01:04:42 +00:00
Bernardo Damele
472f4465a6 Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase. 
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
 2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. 
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
 2010-11-28 18:10:54 +00:00
Miroslav Stampar
c471b815cc fix for a bug reported by BugTrace (IndexError: list index out of range) 2010-11-22 10:58:08 +00:00
Bernardo Damele
99a23e23cf Extra check on --union-cols value 2010-11-19 16:39:26 +00:00
Bernardo Damele
c23126547e Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20. 2010-11-19 15:48:24 +00:00
Bernardo Damele
ad17e9ed2a Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any) 2010-11-19 14:56:20 +00:00
Miroslav Stampar
ff310475c8 some reporting update for --forms 2010-11-15 14:17:51 +00:00
Miroslav Stampar
20d6b9a5c1 minor fix 2010-11-15 12:24:32 +00:00
Miroslav Stampar
819085155e minor update/fix 2010-11-15 12:07:13 +00:00
Miroslav Stampar
c25c017c08 cosmetics regarding --forms 2010-11-15 11:50:33 +00:00
Miroslav Stampar
36c544f440 update (--forms acts now more like -g switch) 2010-11-15 11:34:57 +00:00
Bernardo Damele
0a83a830d9 Properly handle both HTTPS and HTTP requests through proxy 2010-11-12 14:21:46 +00:00
Bernardo Damele
e1ef27f592 work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https 2010-11-12 12:25:02 +00:00
Bernardo Damele
45ec8c169a Consistency between --*-test switches/output 2010-11-08 16:46:25 +00:00
Miroslav Stampar
fda8752dca revert of some HTTP headers handling 2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483 More replacements for refactoring. 
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
 2010-11-08 12:36:48 +00:00
Miroslav Stampar
eb999de0f1 added Range handler (dealing with 206 HTTP messages) 2010-11-08 12:26:13 +00:00
Miroslav Stampar
a3de10e3a2 new option -t 2010-11-08 11:22:47 +00:00
Miroslav Stampar
d551423379 further enum refactoring 2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883 Added one new verbose level, -v 3 now shows the full injected payload. 
Fixed also -d verbose output.
 2010-11-07 22:34:29 +00:00
Bernardo Damele
73e85bfc75 Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now 2010-11-07 16:24:44 +00:00
Miroslav Stampar
afba26a53f tiny winy update 2010-11-07 09:00:45 +00:00
Miroslav Stampar
2b8c942b4a more update 2010-11-07 08:58:24 +00:00
Miroslav Stampar
16f52ab7ba cosmetic fix 2010-11-07 08:13:20 +00:00
Miroslav Stampar
8d93bdfa4b minor update (optimization) regarding -a switch 2010-11-07 08:11:56 +00:00
Miroslav Stampar
e1cec8c02b fix for all that stable, dynamic mambo jambo :) 2010-11-04 16:44:34 +00:00
Miroslav Stampar
18aea251b3 added concept of tamper script priority 2010-11-04 10:29:40 +00:00
Miroslav Stampar
6adee3792a removed all trailing spaces from blank lines 2010-11-03 10:08:27 +00:00
Miroslav Stampar
5269cb8c08 some code refactoring and beautification 2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a one bug fix in dynamic content engine and some code refactoring 2010-11-02 07:32:08 +00:00
Miroslav Stampar
73b33ed765 fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic 2010-11-01 20:56:13 +00:00
Bernardo Damele
f3cc41601c Added check on --first and --last values 2010-10-31 14:42:13 +00:00
Miroslav Stampar
5a38ac7ea9 important update regarding (Bug #209) - probably more will be needed 2010-10-29 16:11:50 +00:00
Bernardo Damele
43de8247ac Code refactoring 2010-10-27 20:39:50 +00:00