Bernardo Damele
|
df5dc10111
|
Major enhancement to --union-test check
|
2010-11-13 22:47:37 +00:00 |
|
Miroslav Stampar
|
84849316b3
|
improvement of heuristic check (now original value is included too)
|
2010-11-12 23:06:01 +00:00 |
|
Miroslav Stampar
|
06a872fc99
|
update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))
|
2010-11-12 22:57:33 +00:00 |
|
Miroslav Stampar
|
27735b14df
|
update (--string and --regex should be done regardless of wasLastRequestError)
|
2010-11-12 22:44:15 +00:00 |
|
Miroslav Stampar
|
0d66f101da
|
fix for a bug reported by Bugtrace (--string "pengcheng_cui" and "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource" on False pages)
|
2010-11-12 22:29:33 +00:00 |
|
Bernardo Damele
|
a777d59870
|
Minor bug fix
|
2010-11-12 15:17:12 +00:00 |
|
Bernardo Damele
|
0a83a830d9
|
Properly handle both HTTPS and HTTP requests through proxy
|
2010-11-12 14:21:46 +00:00 |
|
Bernardo Damele
|
e1ef27f592
|
work-around to be able to pass in the -r request file the Host header, the ending string ":443" and so sqlmap will go over https
|
2010-11-12 12:25:02 +00:00 |
|
Bernardo Damele
|
9f53048ff4
|
Put a space always between the user's provided prefix and sqlmap payload
|
2010-11-12 11:48:26 +00:00 |
|
Miroslav Stampar
|
697b32554c
|
fix for a bug "ordinal not in range(128)" reported by bugtrace
|
2010-11-12 11:48:25 +00:00 |
|
Bernardo Damele
|
f83dd2251b
|
Properly save error-based enumerated data in session file, able to be resumed like with other techniques
|
2010-11-12 11:40:37 +00:00 |
|
Bernardo Damele
|
a34c1b287c
|
Bug fix related to properly identify and parse the version from the banner (used for --stacked-test and other matters on MySQL/PgSQL)
|
2010-11-12 11:33:11 +00:00 |
|
Bernardo Damele
|
8cec75656c
|
Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp)
|
2010-11-12 10:31:42 +00:00 |
|
Bernardo Damele
|
a14e4d9668
|
Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.
|
2010-11-12 10:16:39 +00:00 |
|
Bernardo Damele
|
64b5de44a0
|
Converted to new XML object format
|
2010-11-12 10:11:13 +00:00 |
|
Bernardo Damele
|
66c82d72e4
|
Typo fix
|
2010-11-12 10:02:02 +00:00 |
|
Bernardo Damele
|
306e96331d
|
Updated doc
|
2010-11-12 10:00:49 +00:00 |
|
Miroslav Stampar
|
42272ca78c
|
minor update
|
2010-11-11 22:26:36 +00:00 |
|
Miroslav Stampar
|
8aefd0bbf7
|
improvement of --common-tables and --common-columns
|
2010-11-11 20:37:25 +00:00 |
|
Miroslav Stampar
|
2d872f850a
|
quick fix
|
2010-11-11 19:54:54 +00:00 |
|
Miroslav Stampar
|
be992b4471
|
update regarding common columns existance check
|
2010-11-11 17:09:31 +00:00 |
|
Miroslav Stampar
|
3b996c3ed8
|
adding JSP stager
|
2010-11-11 16:42:01 +00:00 |
|
Miroslav Stampar
|
2d361cb359
|
some minor updates of stager.asp and backdoor.asp, and completely rewritten stager.aspx
|
2010-11-11 10:33:29 +00:00 |
|
Miroslav Stampar
|
24238ccd0b
|
re-renaming of brute force switches. this way is better.
|
2010-11-11 07:57:44 +00:00 |
|
Miroslav Stampar
|
ca06db8f28
|
now, this is the real deal
|
2010-11-11 00:20:47 +00:00 |
|
Miroslav Stampar
|
5034868b36
|
cleaning up of common tables and new common columns
|
2010-11-10 23:31:23 +00:00 |
|
Miroslav Stampar
|
96d88877ba
|
bug fix (reported by ToR)
|
2010-11-10 19:44:51 +00:00 |
|
Miroslav Stampar
|
f3fe19c4e5
|
backdoor for ASP revisited
|
2010-11-10 15:40:17 +00:00 |
|
Miroslav Stampar
|
09836dc568
|
backdoor for ASPX revisited
|
2010-11-10 15:35:22 +00:00 |
|
Miroslav Stampar
|
61b6ad64e3
|
JSP backdoor revisited, and in PHP removed trailing spaces from a blank line
|
2010-11-10 15:13:36 +00:00 |
|
Miroslav Stampar
|
19c1bfa368
|
just a precaution (now i really need to go for a sleep)
|
2010-11-09 23:38:29 +00:00 |
|
Miroslav Stampar
|
88c00e61d3
|
another update
|
2010-11-09 23:35:37 +00:00 |
|
Miroslav Stampar
|
47720a43dd
|
minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)
|
2010-11-09 23:21:21 +00:00 |
|
Miroslav Stampar
|
5ebd5d935c
|
another name change
|
2010-11-09 22:49:31 +00:00 |
|
Miroslav Stampar
|
06f00cf8c1
|
name change
|
2010-11-09 22:48:22 +00:00 |
|
Miroslav Stampar
|
6807fb04cc
|
minor update
|
2010-11-09 22:44:23 +00:00 |
|
Miroslav Stampar
|
fef60d5cb7
|
some fixes :)
|
2010-11-09 22:32:05 +00:00 |
|
Bernardo Damele
|
1cc99e2247
|
Possible quick fix for missing of True/False comparison of stable-but-not-really pages
|
2010-11-09 21:39:58 +00:00 |
|
Bernardo Damele
|
2205099a5e
|
Python stylish
|
2010-11-09 21:39:05 +00:00 |
|
Miroslav Stampar
|
cee888b613
|
tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)
|
2010-11-09 19:14:55 +00:00 |
|
Miroslav Stampar
|
726825ca70
|
minor update
|
2010-11-09 16:59:36 +00:00 |
|
Miroslav Stampar
|
759433f0f1
|
fix of my mistake
|
2010-11-09 16:54:40 +00:00 |
|
Miroslav Stampar
|
b43334165d
|
update regarding brute forcing
|
2010-11-09 16:53:33 +00:00 |
|
Miroslav Stampar
|
a7fa8d4975
|
update regarding brute force retrieval of table names and table column names
|
2010-11-09 16:15:55 +00:00 |
|
Miroslav Stampar
|
45f2d8f5d2
|
trival update
|
2010-11-09 15:46:09 +00:00 |
|
Miroslav Stampar
|
7752b5efe9
|
minor update
|
2010-11-09 09:51:54 +00:00 |
|
Miroslav Stampar
|
4be0631161
|
refactoring of brute force techniques
|
2010-11-09 09:42:43 +00:00 |
|
Miroslav Stampar
|
221f976fbd
|
minor update
|
2010-11-09 01:23:54 +00:00 |
|
Bernardo Damele
|
45ec8c169a
|
Consistency between --*-test switches/output
|
2010-11-08 16:46:25 +00:00 |
|
Bernardo Damele
|
dac7436edf
|
Fix inconsistence with -b --error-test
|
2010-11-08 15:36:07 +00:00 |
|