Miroslav Stampar
fdef6726cf
minor update
2011-04-06 08:30:50 +00:00
Bernardo Damele
d436ba2da5
Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value
2011-04-06 08:19:56 +00:00
Bernardo Damele
c3b54cc222
Cosmetics
2011-04-01 16:40:28 +00:00
Miroslav Stampar
ee15988878
another minor update related to previous commit
2011-03-31 17:34:07 +00:00
Miroslav Stampar
220366b6e8
minor update (ip addresses will not be confused any more for crypt_generic hashes)
2011-03-31 16:56:26 +00:00
Miroslav Stampar
7cf4ba83dc
minor refactoring and comment update
2011-03-29 12:08:07 +00:00
Miroslav Stampar
1821a008af
Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once
2011-03-29 12:00:29 +00:00
Miroslav Stampar
a9f5d828c6
minor fix avoiding problems with hashing strange characters in usernames
2011-03-29 07:50:07 +00:00
Miroslav Stampar
dba32306b0
minor update
2011-03-26 22:03:46 +00:00
Miroslav Stampar
d8f7c4bc4c
minor update regarding support for crypt(3)
2011-03-26 21:41:37 +00:00
Miroslav Stampar
4f00b9fa4b
minor fix
2011-03-26 21:10:31 +00:00
Miroslav Stampar
afe2be6a9f
implementation of Standard DES hashing (crypt)
2011-03-26 20:46:25 +00:00
Miroslav Stampar
ecbbfeba6e
introduction of --fresh-queries
2011-03-24 10:08:47 +00:00
Miroslav Stampar
d79fae724c
minor refactoring
2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2
fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file
2011-03-24 08:43:40 +00:00
Miroslav Stampar
1879a49506
fix for a bug reported by andreoaz@gmail.com
2011-03-10 20:40:12 +00:00
Bernardo Damele
0a81415f2f
Minor code cleanup
2011-02-08 00:02:54 +00:00
Bernardo Damele
6a71629575
Converted from DOS format (\n\r to \n only)
2011-02-06 23:25:55 +00:00
Miroslav Stampar
fa58a9c86b
update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable)
2011-01-31 20:36:01 +00:00
Miroslav Stampar
ddf23ba7cc
refactoring
2011-01-30 11:36:03 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
0f4fb156d3
major bug fix
2011-01-28 14:09:28 +00:00
Bernardo Damele
e734efcda7
Removed deprecated code
2011-01-20 21:50:58 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Miroslav Stampar
99a3a3b89c
minor fix (break if all found)
2011-01-17 09:41:25 +00:00
Miroslav Stampar
0fcca671bd
information update regarding common password suffixes
2011-01-17 09:28:25 +00:00
Miroslav Stampar
3873d204bb
important update for dictionary attack
2011-01-15 15:56:11 +00:00
Miroslav Stampar
5bdb50c224
code review part 3
2011-01-15 13:15:10 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Miroslav Stampar
e3146464da
minor fix for a bug reported by nightman
2011-01-11 12:27:22 +00:00
Miroslav Stampar
643c464268
minor fix
2011-01-11 12:16:20 +00:00
Miroslav Stampar
e3899f7467
fix of a fix
2011-01-07 18:07:18 +00:00
Miroslav Stampar
8e83a26acf
minor fix
2011-01-07 17:53:17 +00:00
Miroslav Stampar
ed2aed972f
minor fix
2011-01-07 17:38:28 +00:00
Bernardo Damele
27628dca42
cosmetics
2011-01-07 17:25:22 +00:00
Miroslav Stampar
b313a20a3f
some fixes
2011-01-07 16:39:47 +00:00
Miroslav Stampar
fdc463d08b
fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)
2011-01-03 23:36:35 +00:00
Miroslav Stampar
0eabca9fd4
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
2011-01-03 22:31:29 +00:00
Miroslav Stampar
ce48ea75d0
noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links
2011-01-03 14:39:23 +00:00
Miroslav Stampar
92e4cdb241
raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic
2011-01-03 14:21:41 +00:00
Miroslav Stampar
79e97824ef
adding user names to the attack dictionary
2010-12-29 00:37:53 +00:00
Miroslav Stampar
c8f8dbf0a7
minor update
2010-12-27 15:39:27 +00:00
Miroslav Stampar
51a492e17d
pretty important commit (now dumped tables are prone to dictionary attack)
2010-12-27 10:56:28 +00:00
Miroslav Stampar
39a13077c4
minor bug fix
2010-12-21 23:09:41 +00:00
Miroslav Stampar
21d083272e
minor minor fix
2010-12-18 14:31:41 +00:00
Miroslav Stampar
4f73feec2f
now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database)
2010-12-18 14:11:49 +00:00
Miroslav Stampar
5764816891
minor cosmetics
2010-12-03 22:28:09 +00:00
Bernardo Damele
b0928e02c6
Proper comment
2010-12-03 10:39:36 +00:00
Bernardo Damele
09b265a1ea
Got rid of conf.logic for the moment, haven't decided yet what to do with parenthesis check
2010-12-01 23:32:02 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00