sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-22 09:36:35 +03:00
Code Issues Packages Projects Releases Wiki Activity
7,446 Commits 4 Branches 117 Tags 97 MiB
6ba46bf7cf
Commit Graph

95 Commits

Author SHA1 Message Date
Miroslav Stampar
6ba46bf7cf Update for #2086 (lowercasing only the command) 2016-08-08 15:55:39 +02:00
deadworoz
9c2c3894d6 Converting a command to lowercase breaks a case-sensitive URL 
To reproduce the bug:
1. Start the server: ./sqlmapapi.py -s
2. Start the client: ./sqlmapapi.py -c
3. Add a new task with a case-sensitive URL: new -u "http://vbox.lc/bWAPP/sqli_4.php?title=iron+man&action=search"
4. Check the log: 
...
"message": "testing connection to the target URL"
...
"message": "page not found (404)"
...
"message": "HTTP error codes detected during run:\n404 (Not Found) - 1 times"

5. Check that sqlmap.py correcty work with same parameters: ./sqlmap.py -u "http://vbox.lc/bWAPP/sqli_4.php?title=iron+man&action=search"

[INFO] testing connection to the target URL
[INFO] checking if the target is protected by some kind of WAF/IPS/IDS
 2016-08-08 14:48:25 +04:00
Miroslav Stampar
26d4dec5fb Minor refactoring 2016-05-31 13:02:26 +02:00
Aikes
b4bb4c393b Fixes file path traversal issue on win platform. 
POC: GET /download/b31146dcdb92e5db/C:\windows\win.ini/a
 2016-02-27 00:10:32 +08:00
Miroslav Stampar
cc06871075 Adding some debug messages for future-self 2016-02-16 08:58:18 +01:00
Miroslav Stampar
4916f1b2b2 Minor path related to the #1676 2016-01-28 09:10:04 +01:00
Miroslav Stampar
954b4ec32b Fix for #1676 2016-01-27 21:25:34 +01:00
Miroslav Stampar
ee0439cf11 Update for #1678 2016-01-27 10:03:30 +01:00
dozysun
997362f61b change option name to adapter 2016-01-27 10:35:18 +08:00
dozysun
f5ffd9fa02 add --servername option to support various of bottle server adapter 2016-01-22 11:33:12 +08:00
Miroslav Stampar
d0d676ccce Update of copyright string 2016-01-06 00:06:12 +01:00
Miroslav Stampar
dc7f2a71d2 Minor refactoring 2015-12-12 23:48:30 +01:00
Miroslav Stampar
2eb5f5e841 Handling 'address already in use' for sqlmapapi server instance 2015-12-09 12:20:09 +01:00
Miroslav Stampar
d28c72b6f1 Another fix for Python 2.6 (bug introduced with ff7be9d0eb) 2015-09-24 16:26:52 +02:00
Miroslav Stampar
aa2112b360 Update for #1414 2015-09-17 16:18:58 +02:00
daremon
c2fb2161d3 Added flush command 2015-09-16 00:15:16 +03:00
daremon
ff7be9d0eb Fixed list command 2015-09-16 00:01:57 +03:00
Miroslav Stampar
c59ead36ce Patch for Python 2.6 (SyntaxError) 2015-09-15 17:23:59 +02:00
Miroslav Stampar
058870635b Update for an #1414 2015-09-15 14:37:30 +02:00
daremon
1417decdf1 Added commands stop, kill, list to API client 2015-09-14 17:31:02 +03:00
Miroslav Stampar
f494004f44 Switching to the getSafeExString (where it can be used) 2015-09-10 15:51:33 +02:00
Miroslav Stampar
b06a34ab1a Another update for #1402 2015-09-10 15:06:07 +02:00
Miroslav Stampar
2453b02b63 Update for #1402 2015-09-10 15:01:30 +02:00
Miroslav Stampar
b3fdbe24c2 Merge pull request #1402 from daremon/api-client 
Minimal API client
 2015-09-10 12:03:25 +02:00
Miroslav Stampar
263665637e Minor bug fix 2015-09-10 11:34:03 +02:00
daremon
a29a3a4e5c Minimal API client 2015-09-09 16:14:04 +03:00
Miroslav Stampar
924e31c414 Fixes #1394 2015-09-08 11:04:36 +02:00
Miroslav Stampar
1cf012521d Minor refactoring 2015-08-26 16:18:03 +02:00
Jiang Jie
1ac27e9305 fixed pipe and zoombie problems 
1.we don't need stdin here, and it'll cause OSError: too many openfiles problem.
2. after using /scan/taskid/stop , process turned into a zoombie, need add wait()
 2015-08-12 16:25:33 +08:00
Miroslav Stampar
16f8e4c8ba Removing unused imports 2015-07-12 12:25:02 +02:00
Miroslav Stampar
4b2ff4339a Fixes #1243 2015-05-07 12:36:23 +02:00
Miroslav Stampar
18e62fd507 Fix for an Issue #1240 2015-05-05 14:36:21 +02:00
Miroslav Stampar
a94dcf94e9 Patch for an Issue #1226đ 2015-04-22 16:41:20 +02:00
Miroslav Stampar
9bd41ed99d Fixes #1189 2015-03-09 22:02:20 +01:00
Miroslav Stampar
45bdefd29b Update of copyright 2015-01-06 15:02:16 +01:00
Miroslav Stampar
483158c371 Minor style update 2014-12-23 09:07:33 +01:00
Miroslav Stampar
3c23d616e7 Adding a more user friendly (copy-pastable) client example for sqlmapapi client 2014-12-23 09:01:29 +01:00
Miroslav Stampar
2aadfc0fd3 Fix for an Issue #851 2014-10-10 10:38:17 +02:00
Miroslav Stampar
053b0fd0e9 Renaming conf.oDir to conf.outputDir 2014-04-06 16:54:46 +02:00
Bernardo Damele
43a4e85749 updated copyright 2014-01-13 17:24:49 +00:00
Miroslav Stampar
cb1f17cb04 Proper patch for an Issue #591 2014-01-02 12:15:56 +01:00
Miroslav Stampar
e0143e397a Consistency fix (down below we use direct SQL) 2014-01-02 10:59:53 +01:00
Miroslav Stampar
0b4fcb6845 Fix for an Issue #591 2014-01-02 10:55:40 +01:00
Miroslav Stampar
854a55166c Fix for an Issue #588 2014-01-02 10:29:10 +01:00
Miroslav Stampar
9b4b070ecf Minor cosmetics 2014-01-02 10:05:58 +01:00
Mathieu Deous
4c9456dd72 moar logging! 2013-12-15 16:59:47 +01:00
Mathieu Deous
438ad73016 avoid names shadowing 2013-12-15 09:22:01 +01:00
Mathieu Deous
eda9a3da67 all instance attributes should be defined in constructor 2013-12-15 09:16:38 +01:00
Mathieu Deous
3effaee2a1 avoid using global variables, use a "store" class 2013-12-15 00:19:58 +01:00
Mathieu Deous
c70f2a4e6d unused imports 2013-12-15 00:00:08 +01:00