Miroslav Stampar
|
ed2aed972f
|
minor fix
|
2011-01-07 17:38:28 +00:00 |
|
Bernardo Damele
|
27628dca42
|
cosmetics
|
2011-01-07 17:25:22 +00:00 |
|
Bernardo Damele
|
97ae7e330f
|
cosmetics
|
2011-01-07 17:10:58 +00:00 |
|
Bernardo Damele
|
e373dac1f2
|
Cosmetics
|
2011-01-07 16:50:39 +00:00 |
|
Miroslav Stampar
|
c17714c423
|
suppress session in case of brute methods
|
2011-01-07 16:47:46 +00:00 |
|
Miroslav Stampar
|
b313a20a3f
|
some fixes
|
2011-01-07 16:39:47 +00:00 |
|
Bernardo Damele
|
16a06117f7
|
Mere cosmetics
|
2011-01-07 16:36:32 +00:00 |
|
Miroslav Stampar
|
1a079c62cb
|
minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones)
|
2011-01-07 16:08:01 +00:00 |
|
Bernardo Damele
|
1c86ec374e
|
Code refactoring and cosmetics
|
2011-01-07 15:41:09 +00:00 |
|
Miroslav Stampar
|
a8d660db54
|
fixes for bugs reported by pragmatk@gmail.com
|
2011-01-06 16:59:58 +00:00 |
|
Miroslav Stampar
|
c968b438f2
|
Ctrl+C added to union dump
|
2011-01-06 09:48:04 +00:00 |
|
Miroslav Stampar
|
0616edcc44
|
adding progress to --union-test
|
2011-01-06 09:26:01 +00:00 |
|
Miroslav Stampar
|
8b9a624546
|
added progress into union based entry retrieval
|
2011-01-06 09:10:20 +00:00 |
|
Miroslav Stampar
|
cc9ca802bf
|
minor update
|
2011-01-06 08:54:50 +00:00 |
|
Miroslav Stampar
|
1297df66da
|
fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed)
|
2011-01-06 08:04:59 +00:00 |
|
Miroslav Stampar
|
694a65f6f1
|
minor fix/update
|
2011-01-05 13:32:40 +00:00 |
|
Miroslav Stampar
|
7411052456
|
minor update regarding last commit
|
2011-01-05 12:09:57 +00:00 |
|
Miroslav Stampar
|
042e3f76ba
|
bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded)
|
2011-01-05 11:36:40 +00:00 |
|
Miroslav Stampar
|
7ae5192070
|
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
|
2011-01-05 10:25:07 +00:00 |
|
Miroslav Stampar
|
c83e9f6ca5
|
foundation for filtering binary string values (for example, replacement of non readable chars with #)
|
2011-01-04 21:56:37 +00:00 |
|
Miroslav Stampar
|
aa81ed4033
|
implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)
|
2011-01-04 15:49:20 +00:00 |
|
Miroslav Stampar
|
eb11f5b2e0
|
minor update
|
2011-01-04 13:07:12 +00:00 |
|
Miroslav Stampar
|
c1dc73d0a1
|
minor, just in case update related to the previous commit
|
2011-01-04 12:56:55 +00:00 |
|
Miroslav Stampar
|
709a7d156b
|
fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)
|
2011-01-04 12:51:51 +00:00 |
|
Miroslav Stampar
|
d288c6d6e3
|
minor update
|
2011-01-04 08:40:41 +00:00 |
|
Miroslav Stampar
|
fdc463d08b
|
fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range)
|
2011-01-03 23:36:35 +00:00 |
|
Miroslav Stampar
|
0eabca9fd4
|
update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)
|
2011-01-03 22:31:29 +00:00 |
|
Miroslav Stampar
|
08ccbf2c1e
|
important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)
|
2011-01-03 22:02:58 +00:00 |
|
Miroslav Stampar
|
572f403069
|
update of one thing that was missing
|
2011-01-03 21:28:22 +00:00 |
|
Miroslav Stampar
|
ce48ea75d0
|
noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links
|
2011-01-03 14:39:23 +00:00 |
|
Miroslav Stampar
|
6aa616bd0d
|
minor minor fix
|
2011-01-03 14:28:20 +00:00 |
|
Miroslav Stampar
|
92e4cdb241
|
raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic
|
2011-01-03 14:21:41 +00:00 |
|
Miroslav Stampar
|
07129371bf
|
bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)
|
2011-01-03 13:04:20 +00:00 |
|
Miroslav Stampar
|
3629c2737b
|
automatically turn on --text-only in case of heavily-dynamicity instead of critical exit
|
2011-01-03 11:06:49 +00:00 |
|
Miroslav Stampar
|
adc41181e6
|
some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one
|
2011-01-03 10:37:20 +00:00 |
|
Miroslav Stampar
|
5860b8942f
|
minor update
|
2011-01-03 09:16:42 +00:00 |
|
Miroslav Stampar
|
d19a8d53e4
|
minor update
|
2011-01-03 08:46:20 +00:00 |
|
Miroslav Stampar
|
8625494ff2
|
added one new quick check for multiple target(s) mode
|
2011-01-03 08:32:06 +00:00 |
|
Miroslav Stampar
|
5f9b6b2254
|
code refactoring
|
2011-01-02 16:51:21 +00:00 |
|
Miroslav Stampar
|
f762f32de8
|
bug fix for proper --parse-errors on .aspx pages
|
2011-01-02 13:00:04 +00:00 |
|
Miroslav Stampar
|
dce9a762f1
|
important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode
|
2011-01-02 10:37:32 +00:00 |
|
Miroslav Stampar
|
96341f8f78
|
minor fix
|
2011-01-02 09:16:17 +00:00 |
|
Miroslav Stampar
|
5c6c870db4
|
removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode
|
2011-01-02 08:43:38 +00:00 |
|
Miroslav Stampar
|
6651ba05eb
|
another fix (OS was set to None at all previous sessions if there was no explicit OS testing done)
|
2011-01-02 08:08:38 +00:00 |
|
Miroslav Stampar
|
da138c46c1
|
added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)
|
2011-01-02 07:37:47 +00:00 |
|
Miroslav Stampar
|
ec4440108b
|
minor cosmetics
|
2011-01-02 07:09:04 +00:00 |
|
Miroslav Stampar
|
428e817a32
|
some refactoring
|
2011-01-01 23:57:27 +00:00 |
|
Miroslav Stampar
|
212035e64d
|
user can now choose if he wants to skip non-heuristic based DBMS tests
|
2011-01-01 23:38:11 +00:00 |
|
Miroslav Stampar
|
8a93cfd975
|
minor update
|
2011-01-01 22:43:15 +00:00 |
|
Miroslav Stampar
|
52e44df86c
|
minor update
|
2011-01-01 21:11:29 +00:00 |
|
Miroslav Stampar
|
942cbafba6
|
minor update
|
2011-01-01 20:19:55 +00:00 |
|
Miroslav Stampar
|
e4fd8b3f0c
|
(e) finally works as it should
|
2011-01-01 19:22:44 +00:00 |
|
Miroslav Stampar
|
0e815177c8
|
minor update
|
2011-01-01 19:07:40 +00:00 |
|
Miroslav Stampar
|
ef27fd5ea1
|
there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) (http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html, http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html)
|
2011-01-01 15:20:29 +00:00 |
|
Miroslav Stampar
|
15e6911fd8
|
fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write')
|
2011-01-01 12:23:02 +00:00 |
|
Miroslav Stampar
|
91f665aaaa
|
bug fix for Ctrl+C
|
2010-12-31 15:00:19 +00:00 |
|
Miroslav Stampar
|
5db8ebbfa9
|
update of mysql comment versions
|
2010-12-31 12:42:12 +00:00 |
|
Miroslav Stampar
|
281d124fa6
|
minor bug fix
|
2010-12-31 12:04:39 +00:00 |
|
Miroslav Stampar
|
613242e298
|
bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved)
|
2010-12-29 19:48:19 +00:00 |
|
Miroslav Stampar
|
8f32c740ff
|
code refactoring
|
2010-12-29 19:39:32 +00:00 |
|
Miroslav Stampar
|
6700cabc36
|
minor optimization
|
2010-12-29 19:01:29 +00:00 |
|
Miroslav Stampar
|
d1f5c1d7b7
|
now when we "decode page" based on a charset, sanitizeAsciiString only brings unneeded filtering
|
2010-12-29 15:10:42 +00:00 |
|
Miroslav Stampar
|
79e97824ef
|
adding user names to the attack dictionary
|
2010-12-29 00:37:53 +00:00 |
|
Miroslav Stampar
|
93838fb155
|
"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)
|
2010-12-28 14:40:34 +00:00 |
|
Miroslav Stampar
|
c0423761e8
|
minor update
|
2010-12-27 18:27:42 +00:00 |
|
Miroslav Stampar
|
c8f8dbf0a7
|
minor update
|
2010-12-27 15:39:27 +00:00 |
|
Miroslav Stampar
|
9fb0e0fc85
|
resume of brute forced data is now available
|
2010-12-27 14:17:20 +00:00 |
|
Miroslav Stampar
|
c7a160bf72
|
minor update (users want this to see)
|
2010-12-27 12:00:54 +00:00 |
|
Miroslav Stampar
|
51a492e17d
|
pretty important commit (now dumped tables are prone to dictionary attack)
|
2010-12-27 10:56:28 +00:00 |
|
Miroslav Stampar
|
269d6bde24
|
this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion)
|
2010-12-27 00:14:29 +00:00 |
|
Miroslav Stampar
|
89c2640d23
|
basic --search now works with MS Access
|
2010-12-26 23:50:16 +00:00 |
|
Miroslav Stampar
|
f2373121d0
|
noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more)
|
2010-12-26 14:36:51 +00:00 |
|
Miroslav Stampar
|
ceeb6374e8
|
bug fix (TypeError: object of type 'NoneType' has no len())
|
2010-12-26 13:27:24 +00:00 |
|
Miroslav Stampar
|
569e060aab
|
important improvement
|
2010-12-26 13:20:52 +00:00 |
|
Miroslav Stampar
|
a555d1ad68
|
minor improvement
|
2010-12-26 11:15:02 +00:00 |
|
Miroslav Stampar
|
320a6f9efb
|
minor minor update
|
2010-12-26 09:55:33 +00:00 |
|
Miroslav Stampar
|
17d74fc83c
|
cosmeticado
|
2010-12-26 09:53:40 +00:00 |
|
Miroslav Stampar
|
cd337d9f39
|
minor fix
|
2010-12-26 09:46:09 +00:00 |
|
Miroslav Stampar
|
eaf4b93856
|
minor update
|
2010-12-26 09:40:40 +00:00 |
|
Miroslav Stampar
|
562a6440d1
|
fix for a bug reported by nightman (same as http://bugs.python.org/issue8797)
|
2010-12-26 09:33:04 +00:00 |
|
Miroslav Stampar
|
6c72e41972
|
minor fix/update
|
2010-12-26 02:19:10 +00:00 |
|
Miroslav Stampar
|
c5c4aae3d5
|
minor update (to prevent adding too much items)
|
2010-12-25 10:42:36 +00:00 |
|
Miroslav Stampar
|
b472b96f92
|
bug fix, refactoring and improved extractErrorMessage capabilities
|
2010-12-25 10:16:20 +00:00 |
|
Miroslav Stampar
|
ea7ba19f6b
|
minor update
|
2010-12-25 09:43:14 +00:00 |
|
Miroslav Stampar
|
272476773f
|
getPageTextWordsSet on tableExists is pretty powerful stuff
|
2010-12-25 09:37:33 +00:00 |
|
Miroslav Stampar
|
6845d402fa
|
well, here and there, merry Christmas to all :)
|
2010-12-24 20:17:53 +00:00 |
|
Miroslav Stampar
|
2d115e0350
|
one more fix
|
2010-12-24 18:44:13 +00:00 |
|
Miroslav Stampar
|
edcf1a0872
|
few bug fixes
|
2010-12-24 18:40:48 +00:00 |
|
Miroslav Stampar
|
96a06351a1
|
minor fix (in testing phase raise404 should be set to False)
|
2010-12-24 12:36:00 +00:00 |
|
Miroslav Stampar
|
2c23a59ba5
|
fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)
|
2010-12-24 12:13:48 +00:00 |
|
Miroslav Stampar
|
aab14fa2d3
|
minor refactoring/cosmetics
|
2010-12-24 11:06:57 +00:00 |
|
Miroslav Stampar
|
23dc408901
|
prioritization of tests based on DBMS error messages and some comments in common.py
|
2010-12-24 10:55:41 +00:00 |
|
Miroslav Stampar
|
a09716a701
|
minor update
|
2010-12-24 10:07:56 +00:00 |
|
Miroslav Stampar
|
d9f08e4aa3
|
randomization of user agents
|
2010-12-24 10:04:27 +00:00 |
|
Miroslav Stampar
|
d5eebb1cbf
|
fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6
|
2010-12-24 09:49:19 +00:00 |
|
Miroslav Stampar
|
cb17e61f35
|
bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959)
|
2010-12-24 02:54:26 +00:00 |
|
Miroslav Stampar
|
8470de7b76
|
bug fix for boolean proxy when using time based payloads
|
2010-12-23 23:46:08 +00:00 |
|
Miroslav Stampar
|
7f7fb93155
|
cosmetics
|
2010-12-23 18:44:18 +00:00 |
|
Miroslav Stampar
|
017ea9e686
|
update
|
2010-12-23 14:06:22 +00:00 |
|
Miroslav Stampar
|
73f33c1999
|
bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped)
|
2010-12-23 11:28:13 +00:00 |
|
Miroslav Stampar
|
8fc60215ed
|
lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.
|
2010-12-22 19:12:46 +00:00 |
|
Miroslav Stampar
|
7c06dbffc3
|
bug fix (AttributeError: 'unicode' object has no attribute 'sort')
|
2010-12-22 18:55:50 +00:00 |
|
Bernardo Damele
|
c1f2534e9a
|
More bug fixes to properly distinguish between full inband and single-entry inband sql injections
|
2010-12-22 15:47:52 +00:00 |
|
Bernardo Damele
|
250608660d
|
Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not)
|
2010-12-22 13:41:36 +00:00 |
|
Bernardo Damele
|
5228f336da
|
Minor fix for ctrl+c during detection phase
|
2010-12-22 13:15:44 +00:00 |
|
Miroslav Stampar
|
08c88495d0
|
removed that ugly hack
|
2010-12-22 13:09:04 +00:00 |
|
Miroslav Stampar
|
8212b7b745
|
bug fix
|
2010-12-22 12:16:04 +00:00 |
|
Miroslav Stampar
|
5be9c04e44
|
update regarding Sybase syntax
|
2010-12-22 10:39:56 +00:00 |
|
Miroslav Stampar
|
d974a966b8
|
minor fix for end phase (Ctrl+C)
|
2010-12-21 23:55:55 +00:00 |
|
Miroslav Stampar
|
fb75d0636b
|
minor update
|
2010-12-21 23:42:59 +00:00 |
|
Miroslav Stampar
|
39a13077c4
|
minor bug fix
|
2010-12-21 23:09:41 +00:00 |
|
Miroslav Stampar
|
09479c85dc
|
minor bug fix
|
2010-12-21 22:35:44 +00:00 |
|
Miroslav Stampar
|
7a525f28d4
|
cosmetics
|
2010-12-21 15:26:23 +00:00 |
|
Miroslav Stampar
|
b2e7f9484d
|
minor tuning (2 techniques MAX per value used)
|
2010-12-21 15:24:14 +00:00 |
|
Miroslav Stampar
|
6c1133c4d4
|
some code refactoring
|
2010-12-21 15:13:13 +00:00 |
|
Miroslav Stampar
|
466d61ee85
|
minor fix
|
2010-12-21 14:29:47 +00:00 |
|
Miroslav Stampar
|
385e208f38
|
code refactoring regarding standard output suppression and some threading issues
|
2010-12-21 14:21:24 +00:00 |
|
Miroslav Stampar
|
0e68248f60
|
minor update of heuristic check
|
2010-12-21 12:56:18 +00:00 |
|
Miroslav Stampar
|
16f1f4e13e
|
when doing dynamic checks there are cases when 404 can be raised (perfectly normal)
|
2010-12-21 11:04:49 +00:00 |
|
Bernardo Damele
|
aca074b769
|
Removed unused outdated code
|
2010-12-21 10:49:52 +00:00 |
|
Bernardo Damele
|
ad6b528b33
|
Bit more verbose comment
|
2010-12-21 10:47:39 +00:00 |
|
Miroslav Stampar
|
6b37ddada4
|
removed some blank trailing spaces (with extra/shutils/blanks.sh)
|
2010-12-21 10:31:56 +00:00 |
|
Bernardo Damele
|
1a3f57e5fe
|
Cosmetics
|
2010-12-21 09:23:00 +00:00 |
|
Miroslav Stampar
|
d554460aec
|
minor fix
|
2010-12-21 01:09:39 +00:00 |
|
Miroslav Stampar
|
116c141dfa
|
another fix
|
2010-12-21 00:47:07 +00:00 |
|
Miroslav Stampar
|
416755c0b7
|
minor adjustments
|
2010-12-21 00:25:03 +00:00 |
|
Miroslav Stampar
|
8067365b93
|
fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident')
|
2010-12-20 23:47:53 +00:00 |
|
Miroslav Stampar
|
e10670d9ac
|
added end detection phase choice into Ctrl+C list
|
2010-12-20 23:34:00 +00:00 |
|
Miroslav Stampar
|
29001a4fce
|
minor update
|
2010-12-20 23:21:01 +00:00 |
|
Miroslav Stampar
|
b34fe5c334
|
no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout)
|
2010-12-20 22:49:48 +00:00 |
|
Miroslav Stampar
|
8fd3e7ba1f
|
thread based data added
|
2010-12-20 22:45:01 +00:00 |
|
Miroslav Stampar
|
c9e8aae8a2
|
we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads)
|
2010-12-20 19:34:41 +00:00 |
|
Miroslav Stampar
|
e09bc2406c
|
minor refactoring
|
2010-12-20 19:24:20 +00:00 |
|
Miroslav Stampar
|
5852bad963
|
some refactoring
|
2010-12-20 18:56:06 +00:00 |
|
Miroslav Stampar
|
19d8733e9a
|
this is strictly for educational purposes
|
2010-12-20 17:30:47 +00:00 |
|
Miroslav Stampar
|
c948bced61
|
should solve the problem with timeout problems in time-based payloads
|
2010-12-20 16:45:41 +00:00 |
|
Miroslav Stampar
|
eaf8929085
|
more minor updates
|
2010-12-20 10:48:53 +00:00 |
|
Miroslav Stampar
|
fd00ff7a82
|
minor bug fix
|
2010-12-20 10:37:03 +00:00 |
|
Miroslav Stampar
|
e9f1ecb9e7
|
minor update
|
2010-12-20 10:32:58 +00:00 |
|
Miroslav Stampar
|
10a7a2dfb2
|
kids, don't use this at home
|
2010-12-20 10:13:14 +00:00 |
|
Miroslav Stampar
|
13d5b2c0ff
|
code refactoring
|
2010-12-20 09:44:21 +00:00 |
|
Miroslav Stampar
|
4cb83654dc
|
minor update
|
2010-12-18 16:28:21 +00:00 |
|
Miroslav Stampar
|
36862e2efa
|
update
|
2010-12-18 15:57:47 +00:00 |
|
Miroslav Stampar
|
21d083272e
|
minor minor fix
|
2010-12-18 14:31:41 +00:00 |
|
Miroslav Stampar
|
4f73feec2f
|
now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database)
|
2010-12-18 14:11:49 +00:00 |
|
Miroslav Stampar
|
05c6d661e8
|
cosmetics
|
2010-12-18 10:49:49 +00:00 |
|
Miroslav Stampar
|
03220d34ba
|
added Ctrl+C check in detection phase
|
2010-12-18 10:42:09 +00:00 |
|
Miroslav Stampar
|
e355f92f22
|
bug fix
|
2010-12-18 10:02:01 +00:00 |
|
Miroslav Stampar
|
fe67d3827c
|
code refactoring and some fixes
|
2010-12-18 09:51:34 +00:00 |
|
Miroslav Stampar
|
108a96c6b4
|
some fixes
|
2010-12-17 21:45:20 +00:00 |
|
Miroslav Stampar
|
a19cb2c13a
|
code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown")
|
2010-12-17 21:29:09 +00:00 |
|
Miroslav Stampar
|
b4450c6ddd
|
added one more level of MSSQL version check (if first fails for some reason)
|
2010-12-17 21:01:14 +00:00 |
|
Miroslav Stampar
|
07609bfb53
|
minor fix
|
2010-12-17 19:33:20 +00:00 |
|
Miroslav Stampar
|
323af45ce4
|
added one more time request payload to confirm test results
|
2010-12-17 07:53:58 +00:00 |
|
Miroslav Stampar
|
e3fa3b0e8e
|
fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint')
|
2010-12-17 07:48:32 +00:00 |
|
Miroslav Stampar
|
95b2c0803b
|
minor fix
|
2010-12-15 20:51:29 +00:00 |
|
Miroslav Stampar
|
de54219571
|
code refactoring
|
2010-12-15 12:50:56 +00:00 |
|
Miroslav Stampar
|
cda00c7501
|
code refactoring
|
2010-12-15 12:43:56 +00:00 |
|
Miroslav Stampar
|
3f34b06a24
|
minor cosmetics
|
2010-12-15 12:34:14 +00:00 |
|
Miroslav Stampar
|
445cc3bf3c
|
minor cosmetics
|
2010-12-15 12:15:43 +00:00 |
|
Miroslav Stampar
|
c1c525aaea
|
quick fix of a fix
|
2010-12-15 12:10:33 +00:00 |
|
Miroslav Stampar
|
7cfeb5447b
|
minor update
|
2010-12-15 11:46:28 +00:00 |
|
Miroslav Stampar
|
4dec24d056
|
quick fix for a bug reported by Andreas Constantinides (KeyError: 5)
|
2010-12-15 11:30:29 +00:00 |
|
Miroslav Stampar
|
f8a01ddaf8
|
minor update
|
2010-12-15 11:21:47 +00:00 |
|
Miroslav Stampar
|
63f5c35c23
|
bug fix
|
2010-12-15 10:02:58 +00:00 |
|
Miroslav Stampar
|
c3d0295d21
|
minor update (checking for --time-sec value)
|
2010-12-14 12:37:21 +00:00 |
|
Miroslav Stampar
|
b75d7fa348
|
minor cache based optimization
|
2010-12-14 12:22:17 +00:00 |
|
Miroslav Stampar
|
270ae0f080
|
just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False
|
2010-12-14 09:05:00 +00:00 |
|
Bernardo Damele
|
04caef6de0
|
Tuning
|
2010-12-13 23:04:26 +00:00 |
|
Bernardo Damele
|
cfcee6439e
|
Cosmetics
|
2010-12-13 21:55:30 +00:00 |
|
Bernardo Damele
|
86690682c7
|
Minor bug fix to respect -v value in --common-tables and --common-columns
|
2010-12-13 21:37:12 +00:00 |
|
Bernardo Damele
|
4b79227b5a
|
Minor bug fix to properly merge options from .conf file (-c) with command line switches
|
2010-12-13 21:36:23 +00:00 |
|
Bernardo Damele
|
db844c1785
|
No point in showing the error-based inject payload, it's same as the one showed in -v3
|
2010-12-13 21:35:20 +00:00 |
|
Bernardo Damele
|
698f30e65e
|
Cosmetics
|
2010-12-13 21:34:35 +00:00 |
|
Bernardo Damele
|
a02dd6b55b
|
Minor enhancement to speedup active dbms fingerprint (-f).
Code cleanup and refactoring.
|
2010-12-13 21:33:42 +00:00 |
|
Miroslav Stampar
|
d56f47d530
|
fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20')
|
2010-12-12 23:59:55 +00:00 |
|
Miroslav Stampar
|
6a3c4485e6
|
minor update (removing extra ())
|
2010-12-12 14:44:39 +00:00 |
|
Miroslav Stampar
|
e98d9c08e1
|
dumping table is now possible on Firebird too
|
2010-12-12 14:38:07 +00:00 |
|
Miroslav Stampar
|
c93634b6c7
|
blind dumping of tables in sqlite implemented
|
2010-12-11 22:13:19 +00:00 |
|
Miroslav Stampar
|
b1babeefe5
|
update regarding dumping of tables with blind on Sqlite
|
2010-12-11 22:00:16 +00:00 |
|
Miroslav Stampar
|
f7344a5fc3
|
update
|
2010-12-11 21:28:11 +00:00 |
|
Miroslav Stampar
|
6a24048aa6
|
urllib2 doesn't play well with '\n' when non unescaped chars used
|
2010-12-11 21:17:54 +00:00 |
|
Miroslav Stampar
|
e6c66fa37c
|
update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available
|
2010-12-11 17:55:28 +00:00 |
|
Miroslav Stampar
|
e32fa9df43
|
further update regarding bugtrace's report
|
2010-12-11 17:32:15 +00:00 |
|
Miroslav Stampar
|
5d18c98ec2
|
quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment)
|
2010-12-11 17:20:39 +00:00 |
|
Miroslav Stampar
|
03447acc1d
|
avoiding some trashy match ratios
|
2010-12-11 17:12:19 +00:00 |
|
Miroslav Stampar
|
d2a3e8f44f
|
first time firebird error-based query success
|
2010-12-11 11:17:24 +00:00 |
|
Miroslav Stampar
|
f021548bd0
|
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
|
2010-12-11 10:52:04 +00:00 |
|
Miroslav Stampar
|
c17f444aab
|
minor fix
|
2010-12-11 10:22:18 +00:00 |
|
Miroslav Stampar
|
3dc0a51d34
|
major bug fix with boolean expressions
|
2010-12-11 08:46:19 +00:00 |
|
Miroslav Stampar
|
ac9080c07b
|
update
|
2010-12-11 08:24:29 +00:00 |
|
Miroslav Stampar
|
66db80804d
|
fix
|
2010-12-10 16:03:32 +00:00 |
|
Miroslav Stampar
|
435f48b8cc
|
polite cosmetics
|
2010-12-10 15:28:56 +00:00 |
|
Miroslav Stampar
|
977988c0ab
|
cosmetics
|
2010-12-10 15:24:25 +00:00 |
|
Miroslav Stampar
|
fa8d378e80
|
another update
|
2010-12-10 15:18:15 +00:00 |
|
Miroslav Stampar
|
1ef44cfe60
|
fix
|
2010-12-10 15:06:53 +00:00 |
|
Miroslav Stampar
|
fe186cde55
|
proper fix
|
2010-12-10 13:26:31 +00:00 |
|
Miroslav Stampar
|
9957881040
|
you won't believe commit
|
2010-12-10 13:20:59 +00:00 |
|
Miroslav Stampar
|
1fc9ed10a8
|
minor refactoring
|
2010-12-10 12:30:36 +00:00 |
|
Miroslav Stampar
|
4d8628e8fb
|
fix for booleans
|
2010-12-10 12:26:01 +00:00 |
|
Miroslav Stampar
|
fe2039f5ba
|
coollyy little commits
|
2010-12-10 11:32:46 +00:00 |
|
Miroslav Stampar
|
d5e7a8d305
|
update
|
2010-12-10 10:54:17 +00:00 |
|
Bernardo Damele
|
b6dcbcef5b
|
Minor fix
|
2010-12-10 10:52:55 +00:00 |
|
Miroslav Stampar
|
471d9ccd65
|
another fix of my lala
|
2010-12-10 10:11:25 +00:00 |
|
Miroslav Stampar
|
029a6abba2
|
quick fix
|
2010-12-10 09:54:25 +00:00 |
|
Miroslav Stampar
|
441fc8dbd9
|
update regarding boolean based expressions
|
2010-12-09 21:15:18 +00:00 |
|
Miroslav Stampar
|
d5fb921154
|
removed debug print
|
2010-12-09 20:08:59 +00:00 |
|
Miroslav Stampar
|
1492823de0
|
it wasn't pretty, now it's pretty
|
2010-12-09 20:06:20 +00:00 |
|
Miroslav Stampar
|
bbffea2cbc
|
bug fix
|
2010-12-09 17:10:22 +00:00 |
|
Miroslav Stampar
|
0eb2c408a9
|
code refactoring
|
2010-12-09 16:49:02 +00:00 |
|
Bernardo Damele
|
df5f6bc1b7
|
Little precaution
|
2010-12-09 14:06:43 +00:00 |
|
Bernardo Damele
|
9230877d98
|
cosmetics
|
2010-12-09 13:57:38 +00:00 |
|
Bernardo Damele
|
5fb04515d3
|
Added hidden (for the moment) switch --technique
|
2010-12-09 13:47:17 +00:00 |
|
Miroslav Stampar
|
cdff29ada7
|
update
|
2010-12-09 11:23:44 +00:00 |
|
Miroslav Stampar
|
196131bbca
|
minor cosmetics
|
2010-12-09 10:42:00 +00:00 |
|
Miroslav Stampar
|
ec5c08ca7a
|
cosmetics
|
2010-12-09 09:24:20 +00:00 |
|
Miroslav Stampar
|
3fd1c37d53
|
update
|
2010-12-09 07:49:18 +00:00 |
|
Miroslav Stampar
|
db39dc32fc
|
minor update
|
2010-12-09 00:59:39 +00:00 |
|
Bernardo Damele
|
0c01be0eeb
|
Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work).
|
2010-12-09 00:34:02 +00:00 |
|
Bernardo Damele
|
9c61adb21d
|
Cosmetics
|
2010-12-09 00:26:06 +00:00 |
|
Bernardo Damele
|
b5c6527c72
|
Minor fix
|
2010-12-09 00:25:48 +00:00 |
|
Bernardo Damele
|
f5ce739bdf
|
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
|
2010-12-08 23:52:31 +00:00 |
|
Bernardo Damele
|
10ef2b5de8
|
Minor bug fix
|
2010-12-08 23:09:42 +00:00 |
|
Miroslav Stampar
|
54f6673609
|
update
|
2010-12-08 22:38:26 +00:00 |
|
Miroslav Stampar
|
d6077273e0
|
update
|
2010-12-08 22:14:42 +00:00 |
|
Miroslav Stampar
|
258e9fb50e
|
fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied)
|
2010-12-08 21:16:18 +00:00 |
|
Miroslav Stampar
|
81c16926c1
|
code refactoring some more
|
2010-12-08 14:46:07 +00:00 |
|
Miroslav Stampar
|
40fadf2f35
|
minor update
|
2010-12-08 14:33:10 +00:00 |
|
Miroslav Stampar
|
95b48746a6
|
cosmetics
|
2010-12-08 14:29:09 +00:00 |
|
Miroslav Stampar
|
ed09c53ee4
|
minor minor update
|
2010-12-08 14:27:37 +00:00 |
|
Miroslav Stampar
|
01cf1394a4
|
code refactoring
|
2010-12-08 14:26:40 +00:00 |
|
Miroslav Stampar
|
af22679605
|
minor update
|
2010-12-08 13:09:27 +00:00 |
|
Miroslav Stampar
|
6223f25dd9
|
code beautification
|
2010-12-08 13:04:48 +00:00 |
|
Miroslav Stampar
|
64cc2588f1
|
now resume is available for time-based blinds too
|
2010-12-08 12:49:26 +00:00 |
|
Miroslav Stampar
|
537b619165
|
removing junk
|
2010-12-08 12:30:25 +00:00 |
|
Miroslav Stampar
|
b5e45939e3
|
sqlmap premiere of blind time based query/bisection
|
2010-12-08 12:28:54 +00:00 |
|
Miroslav Stampar
|
47bb31fb47
|
code refactoring
|
2010-12-08 11:30:25 +00:00 |
|
Miroslav Stampar
|
1ae2fa7f1a
|
update regarding time based payloads
|
2010-12-08 11:26:54 +00:00 |
|
Miroslav Stampar
|
bdff4aba6a
|
switching to quick_ratio
|
2010-12-07 23:57:43 +00:00 |
|
Miroslav Stampar
|
c1b82cf09c
|
ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results
|
2010-12-07 23:53:44 +00:00 |
|
Miroslav Stampar
|
a4a63f5b1e
|
minor update
|
2010-12-07 23:49:00 +00:00 |
|
Miroslav Stampar
|
293ce18fed
|
two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)
|
2010-12-07 23:32:33 +00:00 |
|
Miroslav Stampar
|
b21eb88905
|
minor update
|
2010-12-07 22:45:38 +00:00 |
|
Miroslav Stampar
|
575e50673b
|
minor update
|
2010-12-07 19:27:01 +00:00 |
|
Miroslav Stampar
|
398b82644a
|
little explanation
|
2010-12-07 19:25:26 +00:00 |
|
Miroslav Stampar
|
dc651d59ec
|
little mathematics here and there (used "Rules for normally distributed data")
|
2010-12-07 19:19:12 +00:00 |
|
Bernardo Damele
|
ee72838231
|
Removed debug print
|
2010-12-07 17:19:29 +00:00 |
|
Bernardo Damele
|
5f97312f29
|
Minor fix
|
2010-12-07 17:17:38 +00:00 |
|
Bernardo Damele
|
81e7465ed2
|
Cosmetics
|
2010-12-07 17:16:21 +00:00 |
|
Miroslav Stampar
|
ecd4a5a532
|
added standard deviation check in time based tests
|
2010-12-07 16:39:31 +00:00 |
|