Miroslav Stampar
|
6712f4da55
|
some refactoring and one less request for aspx maintanance during --os-shell
|
2010-11-24 14:20:43 +00:00 |
|
Bernardo Damele
|
253eafb643
|
paranoid cosmetics
|
2010-11-24 12:03:01 +00:00 |
|
Miroslav Stampar
|
b2b521fc8a
|
gready regex bastard :)
|
2010-11-24 12:01:36 +00:00 |
|
Miroslav Stampar
|
9579a97039
|
now ASPX works too for --os-shell
|
2010-11-24 11:38:27 +00:00 |
|
Miroslav Stampar
|
c54c9ee5d1
|
minor update
|
2010-11-23 22:33:00 +00:00 |
|
Miroslav Stampar
|
57ad59206b
|
cosmetics as it's best
|
2010-11-23 22:09:10 +00:00 |
|
Miroslav Stampar
|
7a147041c4
|
cosmetics
|
2010-11-23 21:44:58 +00:00 |
|
Miroslav Stampar
|
f4f0bc9db3
|
minor fix
|
2010-11-23 21:17:01 +00:00 |
|
Miroslav Stampar
|
f9f076ba97
|
code refactoring
|
2010-11-23 21:00:42 +00:00 |
|
Miroslav Stampar
|
7877a931d5
|
more cosmetics regarding dictionary attack
|
2010-11-23 20:54:40 +00:00 |
|
Miroslav Stampar
|
e3b3e05748
|
minor update
|
2010-11-23 19:21:30 +00:00 |
|
Miroslav Stampar
|
0d24a15182
|
more cosmetics
|
2010-11-23 19:10:34 +00:00 |
|
Miroslav Stampar
|
836a1c214a
|
los cosmeticados (of hash dictionary attack)
|
2010-11-23 18:57:00 +00:00 |
|
Miroslav Stampar
|
c4414df594
|
minor update
|
2010-11-23 15:33:13 +00:00 |
|
Miroslav Stampar
|
78024eafe0
|
little precaution
|
2010-11-23 15:31:23 +00:00 |
|
Miroslav Stampar
|
4af000e699
|
minor language update (in testing phase "used" is more preferable than "provided")
|
2010-11-23 15:11:15 +00:00 |
|
Miroslav Stampar
|
b41ee8d0d0
|
minor refactoring
|
2010-11-23 14:57:36 +00:00 |
|
Miroslav Stampar
|
aa5d038f18
|
more code refactoring
|
2010-11-23 14:50:47 +00:00 |
|
Miroslav Stampar
|
3cae76627c
|
code refactoring regarding dictionary attack
|
2010-11-23 13:58:01 +00:00 |
|
Miroslav Stampar
|
ba4ea32603
|
first working version of dictionary attack
|
2010-11-23 13:24:02 +00:00 |
|
Miroslav Stampar
|
c471b815cc
|
fix for a bug reported by BugTrace (IndexError: list index out of range)
|
2010-11-22 10:58:08 +00:00 |
|
Miroslav Stampar
|
bfc9378542
|
sorry, even more proper naming should be like this (passwd is a standard naming for this kind of function(s))
|
2010-11-20 13:22:59 +00:00 |
|
Miroslav Stampar
|
db59faedb9
|
more proper naming
|
2010-11-20 13:20:28 +00:00 |
|
Miroslav Stampar
|
1f8a9fe033
|
foundations for dictionary attack support combined with the sqlmap's password/hash retrieval functionality (--password switch)
|
2010-11-20 13:14:13 +00:00 |
|
Miroslav Stampar
|
71107e4e9e
|
quick fix for google searches
|
2010-11-19 21:38:20 +00:00 |
|
Bernardo Damele
|
99a23e23cf
|
Extra check on --union-cols value
|
2010-11-19 16:39:26 +00:00 |
|
Bernardo Damele
|
c23126547e
|
Improved --union-cols to accept a range to test for union SQL injection. By default it is 1-20.
|
2010-11-19 15:48:24 +00:00 |
|
Bernardo Damele
|
ad17e9ed2a
|
Added new switch --union-char to be able to provide the character used in union-test and exploit (default is still NULL, but can be any)
|
2010-11-19 14:56:20 +00:00 |
|
Miroslav Stampar
|
df88280681
|
minor update of google regex (that * was a junky one)
|
2010-11-19 10:04:29 +00:00 |
|
Miroslav Stampar
|
e8bef28337
|
updating google parsing regex (for the better, of course)
|
2010-11-19 10:00:29 +00:00 |
|
Miroslav Stampar
|
d97e97d884
|
minor update :)
|
2010-11-19 09:02:44 +00:00 |
|
Bernardo Damele
|
4a9bd3a240
|
Finally a proper union query SQL injection test engine for --union-test. It does much more requests, but for god sake now it works well!
|
2010-11-18 17:55:43 +00:00 |
|
Bernardo Damele
|
544327379f
|
Little precaution
|
2010-11-18 14:32:52 +00:00 |
|
Bernardo Damele
|
f6a17cb1a8
|
Revert wrong fix
|
2010-11-18 10:41:06 +00:00 |
|
Bernardo Damele
|
17486e472a
|
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
|
2010-11-17 22:00:09 +00:00 |
|
Miroslav Stampar
|
ca5125bbe0
|
minor update related to r2401
|
2010-11-17 20:50:31 +00:00 |
|
Bernardo Damele
|
360aff7a4d
|
sqlite3 library is not part of Gentoo (perhaps others) Python packages or installation bundle
|
2010-11-17 17:20:32 +00:00 |
|
Miroslav Stampar
|
a0df36beda
|
when in multi target mode this should be done (another bug was reported by ToR for using "old" data - kb was not properly cleared)
|
2010-11-17 15:33:07 +00:00 |
|
Miroslav Stampar
|
17f0609263
|
minor bug fix
|
2010-11-17 13:29:57 +00:00 |
|
Miroslav Stampar
|
3d25071d06
|
another minor improvement regarding logging of http traffic
|
2010-11-17 12:16:48 +00:00 |
|
Miroslav Stampar
|
3e569a1693
|
minor update
|
2010-11-17 12:04:33 +00:00 |
|
Miroslav Stampar
|
2802923dbe
|
some improvements regarding --os-shell web server application choice
|
2010-11-17 11:45:52 +00:00 |
|
Miroslav Stampar
|
5abbea4a9f
|
fix for a bug reported by nightman (unknown charset 'null')
|
2010-11-17 09:57:32 +00:00 |
|
Miroslav Stampar
|
d757e4ae1c
|
bug fix (when user manually sets web root, that same directory should be used as one of potentionaly default dirs)
|
2010-11-17 09:46:04 +00:00 |
|
Miroslav Stampar
|
bec152609a
|
minor cosmetics and bug fix for Windows machines ('\\' is interpreted as \ and inside the script it can screw things up as it's a marker for a special character - thus '\\\\' is interpreted as \\ which represents special character \)
|
2010-11-17 09:33:05 +00:00 |
|
Miroslav Stampar
|
76c3f5768b
|
cosmetics
|
2010-11-17 09:12:48 +00:00 |
|
Miroslav Stampar
|
2a8e270bef
|
proper handling of carriage return character from Windows target machines
|
2010-11-16 15:11:03 +00:00 |
|
Miroslav Stampar
|
ab33651f96
|
minor bug fix for displaying text from windows machines (\r was interfering with normal dataToStdout behavior)
|
2010-11-16 15:02:22 +00:00 |
|
Miroslav Stampar
|
3487429eac
|
minor cosmetics
|
2010-11-16 14:41:46 +00:00 |
|
Miroslav Stampar
|
3640dbf745
|
fix for --parse-errors (on IIS HTTP error is raised which need to be processed)
|
2010-11-16 14:33:30 +00:00 |
|