Commit Graph

1915 Commits

Author SHA1 Message Date
Miroslav Stampar
3b6f9945ae minor fix regarding report from nightman@email.de (...from time to time sqlmap lost the connection...) 2011-04-15 14:15:29 +00:00
Miroslav Stampar
c461fdca54 some refactoring 2011-04-15 13:51:06 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Miroslav Stampar
4d8a49a87c more standard way to display hex encoded char (\xff instead of \ff) also compatible with python representation 2011-04-15 11:53:20 +00:00
Miroslav Stampar
467d1a50b3 removed debug message that could cause confusion 2011-04-15 11:28:01 +00:00
Miroslav Stampar
8c6f7c7d5f explicit usage of --time-sec will implicitly turn off auto-adjustment of time delay 2011-04-15 08:52:53 +00:00
Miroslav Stampar
3efd9e3959 improved htmlunescape (great for localized html escape codes) 2011-04-14 21:36:13 +00:00
Miroslav Stampar
ded28442fb minor fixes and refactoring regarding safecharencoding 2011-04-14 15:54:00 +00:00
Miroslav Stampar
866cdb4cf7 speed of --replicate is now vastly improved 2011-04-14 14:34:12 +00:00
Miroslav Stampar
eafab03d99 safe decoding values going into --replicate (as we should have a "replicate" and sqlite3 supports all chars) 2011-04-14 13:53:56 +00:00
Miroslav Stampar
30bfefd638 minor fix 2011-04-14 12:58:03 +00:00
Bernardo Damele
5cf38cd0d7 More cookies to ignore 2011-04-14 12:46:14 +00:00
Miroslav Stampar
8426d48e2e minor refactoring 2011-04-14 10:14:46 +00:00
Miroslav Stampar
930262f573 minor update related to the last commit 2011-04-14 10:12:07 +00:00
Miroslav Stampar
1c5427baf8 minor fix 2011-04-14 09:54:29 +00:00
Miroslav Stampar
bb99bd2fbe one more commit related to the issue with displaying of garbled characters 2011-04-14 09:43:36 +00:00
Miroslav Stampar
04986be4b9 update regarding safe character output together with a small fix for newlines 2011-04-14 09:31:45 +00:00
Miroslav Stampar
5dfb55effc revert of the last commit because of this http://osvdb.org/show/osvdb/26582 2011-04-14 06:46:32 +00:00
Miroslav Stampar
786f305e1a minor update 2011-04-14 06:43:08 +00:00
Miroslav Stampar
21114d1748 added IGNORE_PARAMETERS to skip testing of state/session web server parameters 2011-04-13 19:01:02 +00:00
Miroslav Stampar
58a93c5b1f better beep for MacOSX 2011-04-13 18:32:47 +00:00
Miroslav Stampar
bf55b0b77a more restrictions on crypt(3) hash recognition to prevent false positives 2011-04-13 14:40:23 +00:00
Miroslav Stampar
d06ae9cd47 implemented retrieved items info for partial union too 2011-04-13 14:33:15 +00:00
Miroslav Stampar
f5f2201bbc minor cosmetics for partial inband retrieval 2011-04-13 11:25:42 +00:00
Miroslav Stampar
c193b896be just in case update to prevent gibberish "retrieved: " outputs 2011-04-12 23:07:50 +00:00
Miroslav Stampar
5346ecbb56 fix for a "accept certificate first time for svn" 2011-04-12 14:25:17 +00:00
Miroslav Stampar
a883ce26b5 fix for a bug reported by ToR (AttributeError: 'NoneType' object has no attribute 'redcode') 2011-04-12 13:25:28 +00:00
Miroslav Stampar
0ae74f27e4 avoiding annoying "payload 'None' possibly..." in case where payload is not specified 2011-04-11 15:24:52 +00:00
Miroslav Stampar
941daa1645 just in case to prevent "object of type 'NoneType' has no len()" error reports 2011-04-11 11:59:02 +00:00
Miroslav Stampar
2db2e9b6a2 now GET forms are also prone to "do you want to fill with random values" 2011-04-11 11:38:41 +00:00
Miroslav Stampar
08d14886fd added new dev version string 2011-04-11 09:44:44 +00:00
Bernardo Damele
07d6b18c4e cutting for 0.9 stable 2011-04-11 00:24:51 +00:00
Miroslav Stampar
8597409d9e lowering the value 2011-04-10 22:57:17 +00:00
Bernardo Damele
14219a3dac Minor bug fix 2011-04-10 22:44:08 +00:00
Miroslav Stampar
6012ab1c46 better one for previous commit 2011-04-10 21:52:08 +00:00
Miroslav Stampar
e6c50df4f9 preventing case duplicates for --common-tables (as some DBMSes have case sensitive table names we can't just use them all with the same case) 2011-04-10 21:38:08 +00:00
Miroslav Stampar
940c225d7c few fixes 2011-04-10 20:53:27 +00:00
Bernardo Damele
d324704844 Removed unused code 2011-04-10 20:39:15 +00:00
Miroslav Stampar
decab6642d fix for that @chunk bug 2011-04-10 16:46:33 +00:00
Miroslav Stampar
723a7447b2 minor refactoring 2011-04-10 07:16:19 +00:00
Miroslav Stampar
c714ac6421 added support for handling binary data values (no more garbish chars) 2011-04-09 23:13:16 +00:00
Miroslav Stampar
4ad73f9263 added two new valuable functions for dealing with binary data (e.g. binary representations of password hashes) and some cosmetics 2011-04-09 22:39:03 +00:00
Miroslav Stampar
277f16d6b3 removing commented out debug print 2011-04-08 22:44:05 +00:00
Miroslav Stampar
c4c40308c6 no more annoying "no metasploit found" for case when msfpath provided with root directory of Metasploit (not the bin one) 2011-04-08 22:42:07 +00:00
Miroslav Stampar
83feb097ef greater flexibility for --batch when default is None 2011-04-08 22:29:50 +00:00
Miroslav Stampar
6fa2fd139c implemented support for __pivotDumpTable on MSSQL as normal tables tend to not play well with normal TOP 1 ..NOT IN..ORDER BY mechanism if the argument for ORDER BY is not the unique one (returns only number of rows equal to the number of distinct values for that field) 2011-04-08 15:17:57 +00:00
Bernardo Damele
beb98140b3 Minor improvement to --check-payload 2011-04-08 14:34:00 +00:00
Miroslav Stampar
228cc68747 fix for those ugly DEBUG messages in brute mode 2011-04-08 11:02:21 +00:00
Bernardo Damele
5b21352656 cosmeticados ;) 2011-04-08 10:39:07 +00:00
Miroslav Stampar
be11e2535e one more minor update 2011-04-08 00:05:44 +00:00
Miroslav Stampar
3435d549a9 minor update regarding the last commit 2011-04-07 23:35:51 +00:00
Miroslav Stampar
726155383d higher compatibility with MSSQL 2000 ("ORDER BY items must appear in the select list if the statement contains a UNION operator.") as we always take the first field from the list as the one for referencing (field = expressionFieldsList[0]) 2011-04-07 23:32:07 +00:00
Miroslav Stampar
b288e5ef57 implemented DNS caching mechanism 2011-04-07 21:39:18 +00:00
Miroslav Stampar
ae4ea0af45 fix for a bug reported by m4l1c3 (AttributeError: 'NoneType' object has no attribute 'replace') 2011-04-07 13:57:07 +00:00
Miroslav Stampar
6a8a5db9aa minor code restyling 2011-04-07 13:27:29 +00:00
Miroslav Stampar
e33a48d40f minor refactoring 2011-04-07 12:54:30 +00:00
Bernardo Damele
c6b9d89d31 Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly 2011-04-07 11:10:35 +00:00
Bernardo Damele
9e8c933333 cosmetics 2011-04-07 10:40:58 +00:00
Miroslav Stampar
68828d68a5 removed integers from --technique 2011-04-07 10:37:48 +00:00
Miroslav Stampar
fced81b6be minor update 2011-04-07 10:32:39 +00:00
Miroslav Stampar
845533e92f minor refactoring 2011-04-07 10:27:22 +00:00
Bernardo Damele
1880f18367 Minor layout adjustments 2011-04-07 10:07:52 +00:00
Bernardo Damele
17844eb87c Refactoring to --technique 2011-04-07 10:00:47 +00:00
Bernardo Damele
05d12790f1 closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message) 2011-04-06 14:41:44 +00:00
Bernardo Damele
8b14a9eaa7 Minor code adjustments 2011-04-06 14:40:45 +00:00
Miroslav Stampar
a379463213 cosmeticado 2011-04-06 08:40:06 +00:00
Miroslav Stampar
b327bbcd9b minor fix (it was quite ... to have this check at the later stage) 2011-04-06 08:39:24 +00:00
Miroslav Stampar
fdef6726cf minor update 2011-04-06 08:30:50 +00:00
Bernardo Damele
d436ba2da5 Minor "fix" when reading hashes from a local sqlite3 (result of --replicate) and there is an int as value 2011-04-06 08:19:56 +00:00
Bernardo Damele
81034140c0 Reduced number of threads to 3 when -o is provided 2011-04-06 08:15:20 +00:00
Miroslav Stampar
265fa52600 minor code cosmetics 2011-04-04 18:24:16 +00:00
Miroslav Stampar
018b6b9430 fix for a charset encoding reported by Kirill 2011-04-04 18:20:09 +00:00
Miroslav Stampar
2c01fc56e6 minor update regarding misusage of --proxy and --ignore-proxy switches 2011-04-04 09:19:43 +00:00
Miroslav Stampar
e957c4400c minor revisit of tampering script(s) functionality (urlencode one is removed as it's currently obsolete regarding the whole process of automatic urlencoding) 2011-04-04 08:04:47 +00:00
Miroslav Stampar
305115a68b important improvement of data handling (POST data and header values) 2011-04-03 15:02:52 +00:00
Miroslav Stampar
bbd4c128b0 minor update related to the last commit 2011-04-01 22:19:42 +00:00
Miroslav Stampar
cd7e4f5afc improvement for lots of multiple-selection forms (now by default the first one is selected - till now it was left unchecked which lead to blank get/post data for the whole form) 2011-04-01 22:12:24 +00:00
Bernardo Damele
c3b54cc222 Cosmetics 2011-04-01 16:40:28 +00:00
Miroslav Stampar
e27afef6be minor update regarding --current-db on Oracle 2011-04-01 15:56:11 +00:00
Bernardo Damele
eb99f68a7a Minor improvement to --wizard. This does not mean I like the kiddie feature though ;) 2011-04-01 14:55:39 +00:00
Miroslav Stampar
de4e0c7346 minor update related to the problem with request files reported by jorge_a_santos@hotmail.com 2011-04-01 12:09:11 +00:00
Miroslav Stampar
ee15988878 another minor update related to previous commit 2011-03-31 17:34:07 +00:00
Miroslav Stampar
156d24203f speed optimization 2011-03-31 17:16:26 +00:00
Miroslav Stampar
220366b6e8 minor update (ip addresses will not be confused any more for crypt_generic hashes) 2011-03-31 16:56:26 +00:00
Miroslav Stampar
557ed7d665 minor fix for a invalid charset reported by Kirill 2011-03-31 14:39:01 +00:00
Bernardo Damele
fed57282fc Added one more warning message to show what's going on with ctrl+c 2011-03-31 14:26:14 +00:00
Bernardo Damele
3948cd9e77 Minor layout adjustments 2011-03-31 14:13:53 +00:00
Miroslav Stampar
c5de903eab minor improvement ("quick defense against substr fields") 2011-03-31 09:35:09 +00:00
Miroslav Stampar
ce51326bff quick fix 2011-03-31 08:43:17 +00:00
Miroslav Stampar
0916117447 improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names 2011-03-30 18:32:10 +00:00
Miroslav Stampar
dd01d66f13 proper update regarding last commit 2011-03-29 22:10:08 +00:00
Miroslav Stampar
850328df6c minor cosmetics 2011-03-29 22:03:48 +00:00
Miroslav Stampar
b6af80bab3 refactoring, cleanup and improvement 2011-03-29 21:54:15 +00:00
Miroslav Stampar
adfbfef8c1 minor refactoring 2011-03-29 21:01:47 +00:00
Miroslav Stampar
12f3024c8a removing that boring message "reflective value found and filtered out" for headers case (we always include Uri header) 2011-03-29 20:45:21 +00:00
Miroslav Stampar
9f707febf5 minor update 2011-03-29 15:43:17 +00:00
Miroslav Stampar
d0861a00e2 minor improvement 2011-03-29 15:37:57 +00:00
Miroslav Stampar
d28ca5809b adding support for meta HTML header 'refresh' - popular one amongst login pages (stumbled when tested blind injections on Mutillidae login page) 2011-03-29 14:16:28 +00:00
Miroslav Stampar
7cf4ba83dc minor refactoring and comment update 2011-03-29 12:08:07 +00:00
Miroslav Stampar
1821a008af Ctrl+C in dictionary attack phase will now not abort the whole enumeration; also, question for common suffixes will now be asked only once 2011-03-29 12:00:29 +00:00
Miroslav Stampar
5560196648 minor fix 2011-03-29 11:50:12 +00:00
Miroslav Stampar
e20d460809 Bernardo will kill me (added --wizard for total beginners) 2011-03-29 11:42:55 +00:00
Miroslav Stampar
4d78eac938 revert of that thingy as requested by Bernardo 2011-03-29 10:06:35 +00:00
Miroslav Stampar
a9f5d828c6 minor fix avoiding problems with hashing strange characters in usernames 2011-03-29 07:50:07 +00:00
Miroslav Stampar
e8debbe724 minor cosmetics and one minor fix (|= is a nono with None) 2011-03-29 06:38:19 +00:00
Miroslav Stampar
86f93713d3 fix for a bug reported by m4l1c3 (object of type 'NoneType' has no len()) and minor update 2011-03-29 06:25:17 +00:00
Miroslav Stampar
a2d5358b08 minor fix 2011-03-28 23:40:46 +00:00
Miroslav Stampar
9e900ccbac minor comment update 2011-03-28 23:12:04 +00:00
Miroslav Stampar
a61e287d23 making updates for dummy Windows users 2011-03-28 23:09:19 +00:00
Miroslav Stampar
bf0e3c4662 improvement for --forms with empty fields 2011-03-28 22:48:00 +00:00
Miroslav Stampar
1823c116bb minor update for special cases of union testing results 2011-03-28 21:45:38 +00:00
Miroslav Stampar
ae53ad4c30 making an update for special case of timed out response 2011-03-28 21:05:04 +00:00
Miroslav Stampar
1e22ff45de minor update regarding testing of GET parameters if --data and/or --forms is used 2011-03-28 16:14:08 +00:00
Miroslav Stampar
625f124263 little info message 2011-03-28 12:13:17 +00:00
Miroslav Stampar
47924fb92e fix for a bug reported by malice.anon@gmail.co​m (AttributeError: 'unicode' object has no attribute 'geturl') 2011-03-27 13:41:54 +00:00
Miroslav Stampar
76b7e3517d minor update 2011-03-27 07:58:15 +00:00
Miroslav Stampar
dba32306b0 minor update 2011-03-26 22:03:46 +00:00
Miroslav Stampar
d8f7c4bc4c minor update regarding support for crypt(3) 2011-03-26 21:41:37 +00:00
Miroslav Stampar
4f00b9fa4b minor fix 2011-03-26 21:10:31 +00:00
Miroslav Stampar
afe2be6a9f implementation of Standard DES hashing (crypt) 2011-03-26 20:46:25 +00:00
Miroslav Stampar
1119a85f39 it's a must after all - partial union is specific and as there is no output for fetched value, we have to display something to the user. also, there is a bug fix (removed the leftover parseUnionPage) 2011-03-25 21:31:26 +00:00
Miroslav Stampar
6c6133e8aa revert of the last commit (i was doing some testing against a test case with lots of None(s) which drove me to the conclusion that we need that progress - in normal cases it's fine as it is) 2011-03-25 20:46:37 +00:00
Miroslav Stampar
737b4abf13 this is a must for partial union. there are lots of cases with dumping of huge tables and user doesn't know a squirt if sqlmap is running or not (compromise is that this is only displayed if the verbose level is not touched by the user) 2011-03-25 20:30:15 +00:00
Miroslav Stampar
422967fbcd just an minor update related to the last commit 2011-03-25 12:21:53 +00:00
Miroslav Stampar
c5b6d377fb fix for a bug reported by Kirill Morozov (we haven't expected mixed case/copied results in partial union pages) 2011-03-25 12:14:19 +00:00
Miroslav Stampar
af5342c495 fix for partial inband queries on MSSQL 2011-03-25 11:19:15 +00:00
Miroslav Stampar
e80c9e08d8 minor update regarding --live-test 2011-03-25 09:03:08 +00:00
Miroslav Stampar
ea52d7acad minor revisit of inference 2011-03-24 20:10:40 +00:00
Miroslav Stampar
1f1c4c0e61 better update related to the last commit 2011-03-24 20:04:20 +00:00
Miroslav Stampar
c0cc5d1dad minor update 2011-03-24 17:18:03 +00:00
Miroslav Stampar
f3858a5fcf another fix related to the bug reported by Alone Shell 2011-03-24 17:08:14 +00:00
Miroslav Stampar
e42cdfd138 adding possibility to run only one live test (e.g. --run-case=8) 2011-03-24 12:07:47 +00:00
Miroslav Stampar
2b15ad57c2 basic live tests against 3 major DBMSes 2011-03-24 11:47:01 +00:00
Miroslav Stampar
ecbbfeba6e introduction of --fresh-queries 2011-03-24 10:08:47 +00:00
Miroslav Stampar
762397854e fix for a bug reported by Kirill (unknown charset '8859-1') 2011-03-24 09:27:19 +00:00
Miroslav Stampar
d79fae724c minor refactoring 2011-03-24 09:16:21 +00:00
Miroslav Stampar
0bb08d09d2 fix for a bug reported by Kirill (value is None in attack table phase) and minor fix for loading request file 2011-03-24 08:43:40 +00:00
Miroslav Stampar
bd75fd26e9 implementing a --page-rank switch as requested by l0rda@l0rda.biz 2011-03-23 11:57:57 +00:00
Miroslav Stampar
0f7bce5c66 fixing a huge mess going on because of counting on error and union techniques 2011-03-23 11:36:40 +00:00
Miroslav Stampar
5a1aaecf16 minor fix so concatenated queries could be run in Oracle --sql-shell (e.g. select NAME||chr(58)||OWNER FROM ALL_SOURCE WHERE TYPE='FUNCTION') 2011-03-22 13:07:37 +00:00
Miroslav Stampar
7613134515 it was a real pain in the ass to have SELECT COUNT(*) for all rows (it was processed by a limit logic) 2011-03-22 12:37:05 +00:00
Miroslav Stampar
9479a68eb5 minor fix regarding last commit 2011-03-22 12:21:56 +00:00
Miroslav Stampar
c24ed6e622 minor fix related to a bug reported by warninggp@gmail.com 2011-03-22 09:22:48 +00:00
Miroslav Stampar
cbfb10cbd1 fix of a minor bug reported by syssecurity7@googlemail.com (missing iso-8858...) 2011-03-21 16:43:46 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
1abcd507b8 hidding --group-concat switch 2011-03-21 12:13:21 +00:00
Bernardo Damele
19e2ed9803 Layout fix 2011-03-21 00:40:25 +00:00
Miroslav Stampar
3ca5cddca7 massive BUG FIX (if NULL is one of dumping values it will screw everything in corner cases because "SELECT 1 WHERE NULL IN (NULL)" and "SELECT 1 WHERE NULL NOT IN (NULL)" will always return nothing/nadda/zero/not even NULL) 2011-03-20 23:54:56 +00:00
Miroslav Stampar
9b1f2d82d0 minor update (that .strip() was a leftover) 2011-03-20 23:20:47 +00:00
Miroslav Stampar
db992a0a86 mssql likes to htmlescape error reports 2011-03-20 23:16:34 +00:00