sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-30 05:23:50 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,684 Commits 4 Branches 117 Tags 97 MiB
686eacda9a
Commit Graph

267 Commits

Author SHA1 Message Date
Miroslav Stampar
9cf33ec997 now status is no longer represented in percentage (impossible in cases where we need to support too small and too large dictionaries - technical issues regarding counting) but by the rotating char 2011-07-15 13:24:13 +00:00
Miroslav Stampar
5c162efbd8 more optimization 2011-07-12 23:21:15 +00:00
Miroslav Stampar
5443e06430 cosmetics (in debug mode [0] is used) 2011-07-08 09:43:52 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
067354b97f Revert of last commit and proper fix to detect UNION query SQL injection against Microsoft Access 2011-07-07 13:20:40 +00:00
Bernardo Damele
fcd4e94c04 Higher chances to detect UNION query SQL injection against Microsoft Access 2011-07-06 23:52:44 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
b8ffcf9495 few fixes here and there and multi-core processing for dictionary based hash attack 2011-07-04 19:58:41 +00:00
Bernardo Damele
36c96ef796 Added DB2 support - patch provided by Sebastian Bittig 2011-06-25 09:44:24 +00:00
Miroslav Stampar
aa83fe5c66 minor update 2011-06-24 18:19:33 +00:00
Miroslav Stampar
21010f702c minor beautification 2011-06-24 17:46:54 +00:00
Miroslav Stampar
96190cf594 minor update 2011-06-24 17:15:15 +00:00
Bernardo Damele
1cb12ea659 replaced third-party library python-mysql with python pymysql, http://code.google.com/p/pymysql/ (MIT license) 2011-06-22 13:31:07 +00:00
Miroslav Stampar
2a4a284a29 crawler fix (skip binary files) 2011-06-20 22:41:38 +00:00
Miroslav Stampar
d6062e8fc9 minor fix for crawler and far less message overlaps in future 2011-06-20 21:18:12 +00:00
Miroslav Stampar
31ad0875b4 added by request 2011-06-18 11:34:51 +00:00
Miroslav Stampar
ec6fa384eb update 2011-06-17 22:04:25 +00:00
Miroslav Stampar
530c296519 minor fix 2011-06-16 13:56:17 +00:00
Miroslav Stampar
6f681b45ad cleaning up a bit for a configuration mess 2011-06-16 11:42:13 +00:00
Miroslav Stampar
2da56ea507 fix of a language bug 2011-06-11 21:17:30 +00:00
Miroslav Stampar
f8dde2c23b adding --titles switch (killer switch for pages with lots of dynamicity and/or international ones) 2011-06-10 23:18:43 +00:00
Bernardo Damele
7da3d8dbd1 minor layout adjustment 2011-06-08 13:01:33 +00:00
Miroslav Stampar
f27181c628 minor improvement for blind based injections with reflected values 2011-06-03 14:41:36 +00:00
Miroslav Stampar
89559d1b0a better regex and now after we have that automatic switch off for reflective removal mechanism it's not so important to change it 2011-05-30 20:18:30 +00:00
Miroslav Stampar
20988e58ed warp 5 mr spock :) 2011-05-30 09:46:32 +00:00
Miroslav Stampar
001cbff2a9 speed up of 2 times for partial union technique 2011-05-30 09:07:48 +00:00
Miroslav Stampar
d51efa679d typo update 2011-05-29 06:26:28 +00:00
Miroslav Stampar
f848cc779e adding legal disclaimer as latest situation (these days news headlines) seems out of control 2011-05-28 18:54:14 +00:00
Miroslav Stampar
03ef53f00a update regarding mysql function resolution and versionedkeywords 2011-05-28 17:34:43 +00:00
Miroslav Stampar
4f46a5ab63 minor usability enhancement regarding warning for --text-only switch 2011-05-26 20:48:18 +00:00
Miroslav Stampar
0e480a9921 adding SYS to the ORACLE_SYSTEM_DBS 2011-05-25 10:55:47 +00:00
Miroslav Stampar
f774d8fea0 proper Tor settings (reverted r3915 and implemented it the right way) 2011-05-24 11:06:58 +00:00
Miroslav Stampar
a58aaf2e1a better format for results file (easier for sorting when lots of files) 2011-05-22 07:02:36 +00:00
Miroslav Stampar
25fff8c135 changes in handling --tor (using SOCKS instead of HTTP for handling Tor - more standard way; doesn't require proxy bundle; fixes problems with default proxy ports on Win/Linux) 2011-05-21 11:46:57 +00:00
Miroslav Stampar
9e5856caf8 improvement for recognition of scalar vs multiple-row commands 2011-05-19 16:45:05 +00:00
Miroslav Stampar
3048e9f710 minor refactoring 2011-05-17 23:03:31 +00:00
Miroslav Stampar
faa74cd2bc introducing results file for multiple target mode 2011-05-15 22:21:38 +00:00
Bernardo Damele
aae140080e SVN roll back, DB2 patch will be recommitted after testing: 
$ svn merge https://svn.sqlmap.org/sqlmap/trunk/sqlmap@HEAD https://svn.sqlmap.org/sqlmap/trunk/sqlmap@3847 .
 2011-05-06 10:27:43 +00:00
Miroslav Stampar
6e392b6054 applying contributed patch for DB2 2011-05-06 09:30:39 +00:00
Miroslav Stampar
742b0ef76e major improvement of ERROR data retrieval on MSSQL 2011-05-03 13:25:20 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
d0dff82ce0 Minor code refactoring relating set/get back-end DBMS operating system and minor bug fix to properly enforce OS value with --os switch 2011-04-23 16:25:09 +00:00
Miroslav Stampar
f88aa4b165 implemented suppressResumeInfo mechanism (huge slowdown on large tables) 2011-04-22 19:58:10 +00:00
Bernardo Damele
06a00fe85e For development version, print also the revision number in the banner 2011-04-21 21:34:57 +00:00
Miroslav Stampar
7a06af9a92 added "lagging" critical message 2011-04-19 10:37:20 +00:00
Miroslav Stampar
b79d4f70f3 cleaner solution for the problem solved with last commit 2011-04-18 14:51:48 +00:00
Miroslav Stampar
f5cff067c6 little hack for --time-sec 2011-04-18 14:46:18 +00:00
Miroslav Stampar
6fab44d635 minor refactoring and improving of used regex 2011-04-17 22:37:00 +00:00
Miroslav Stampar
c461fdca54 some refactoring 2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation 2011-04-15 11:53:20 +00:00
Miroslav Stampar
ded28442fb minor fixes and refactoring regarding safecharencoding 2011-04-14 15:54:00 +00:00
Miroslav Stampar
eafab03d99 safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars) 2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638 minor fix 2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7 More cookies to ignore 2011-04-14 12:46:14 +00:00
Miroslav Stampar
bb99bd2fbe one more commit related to the issue with displaying of garbled characters 2011-04-14 09:43:36 +00:00
Miroslav Stampar
5dfb55effc revert of the last commit because of this http://osvdb.org/show/osvdb/26582 2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a minor update 2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748 added IGNORE_PARAMETERS to skip testing of state/session web server parameters 2011-04-13 19:01:02 +00:00
Miroslav Stampar
d06ae9cd47 implemented retrieved items info for partial union too 2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc minor cosmetics for partial inband retrieval 2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be just in case update to prevent gibberish "retrieved: " outputs 2011-04-12 23:07:50 +00:00
Miroslav Stampar
941daa1645 just in case to prevent "object of type 'NoneType' has no len()" error reports 2011-04-11 11:59:02 +00:00
Miroslav Stampar
08d14886fd added new dev version string 2011-04-11 09:44:44 +00:00
Bernardo Damele
07d6b18c4e cutting for 0.9 stable 2011-04-11 00:24:51 +00:00
Miroslav Stampar
8597409d9e lowering the value 2011-04-10 22:57:17 +00:00
Bernardo Damele
c3b54cc222 Cosmetics 2011-04-01 16:40:28 +00:00
Miroslav Stampar
220366b6e8 minor update (ip addresses will not be confused any more for crypt_generic hashes) 2011-03-31 16:56:26 +00:00
Miroslav Stampar
c5de903eab minor improvement ("quick defense against substr fields") 2011-03-31 09:35:09 +00:00
Miroslav Stampar
d28ca5809b adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page) 2011-03-29 14:16:28 +00:00
Miroslav Stampar
7cf4ba83dc minor refactoring and comment update 2011-03-29 12:08:07 +00:00
Miroslav Stampar
bf0e3c4662 improvement for --forms with empty fields 2011-03-28 22:48:00 +00:00
Miroslav Stampar
76b7e3517d minor update 2011-03-27 07:58:15 +00:00
Miroslav Stampar
d79fae724c minor refactoring 2011-03-24 09:16:21 +00:00
Miroslav Stampar
5c97f9a496 improvement of url encoding technique (implemented failsafe routine for shortening too long GET queries) 2011-03-09 09:36:56 +00:00
Miroslav Stampar
f27f05308a minor update for masking sensitive data in error report (added aCred too) 2011-03-02 10:09:17 +00:00
Miroslav Stampar
7036190e8e minor improvement of regular expression 2011-02-27 17:58:01 +00:00
Miroslav Stampar
21041f8b90 further reflective value handling improvement 2011-02-27 17:43:41 +00:00
Miroslav Stampar
708ddf5608 added protection mechanism against reflected values 2011-02-24 16:52:46 +00:00
Miroslav Stampar
3f8eadf4fe minor refactoring 2011-02-22 13:00:58 +00:00
Miroslav Stampar
199f14df46 implementation of MySQL GROUP_CONCAT technique 2011-02-15 00:28:27 +00:00
Miroslav Stampar
50d25c3b4d update regarding explicit testing of ua and referer when using -p 2011-02-13 21:58:48 +00:00
Miroslav Stampar
4295a78c5f minor update 2011-02-10 19:51:34 +00:00
Miroslav Stampar
5b57a69f3e fix 2011-02-09 11:20:03 +00:00
Miroslav Stampar
37f7001143 first commit with mysql/error/substringing 2011-02-08 16:23:33 +00:00
Miroslav Stampar
99e9412f74 minor update 2011-02-07 12:34:23 +00:00
Bernardo Damele
39decebe85 Minor fixes to checking/re-enabling of xp_cmdshell procedure 2011-02-07 12:17:19 +00:00
Miroslav Stampar
096efea282 added BULK to EXCLUDE_UNESCAPE and preventing crashes when output=[] 2011-02-07 10:22:43 +00:00
Bernardo Damele
ba3a8a69d4 More statements to exclude from unescap'ing 2011-02-07 00:33:54 +00:00
Bernardo Damele
2e00656235 Minor fix 2011-02-07 00:20:23 +00:00
Bernardo Damele
f3d6be7868 Code cleanup 2011-02-06 22:32:44 +00:00
Miroslav Stampar
acb986ae80 minor refactoring 2011-02-04 17:40:55 +00:00
Miroslav Stampar
accf4e6ce0 one important fix (URI injection parameter '*' now can go anywhere) 2011-02-04 12:43:18 +00:00
Miroslav Stampar
c19d481bb1 little clean up 2011-02-04 12:25:14 +00:00
Miroslav Stampar
e4933f0c92 refactoring 2011-02-03 23:25:56 +00:00
Miroslav Stampar
e5f54644f0 minor "statistical" update 2011-02-03 16:59:49 +00:00
Miroslav Stampar
6c87bd1c63 added maskSensitiveData function 2011-02-02 14:25:16 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f minor refactoring 2011-02-02 10:10:28 +00:00