sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-26 19:43:48 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,207 Commits 4 Branches 117 Tags 97 MiB
771020abd6
Commit Graph

1539 Commits

Author SHA1 Message Date
Miroslav Stampar
6c87bd1c63 added maskSensitiveData function 2011-02-02 14:25:16 +00:00
Bernardo Damele
5f0114a2a8 Minor bug fix 2011-02-02 14:06:40 +00:00
Miroslav Stampar
8134c2154a adding WHERE enum for payloads 2011-02-02 13:34:09 +00:00
Miroslav Stampar
d6c9515f78 minor update 2011-02-02 13:03:24 +00:00
Miroslav Stampar
847b648e4a minor update 2011-02-02 12:42:55 +00:00
Miroslav Stampar
e73a147fb5 minor update 2011-02-02 11:49:59 +00:00
Miroslav Stampar
e33428b833 adding __findUnionCharCount function 2011-02-02 11:22:35 +00:00
Miroslav Stampar
99aa38b58f minor refactoring 2011-02-02 10:10:28 +00:00
Miroslav Stampar
23c95107ed we must do this because people tend to use ignorantly huge number threads resulting in lots of CRITICAL (timeout) connection messages (also, avoiding DoS) 2011-02-02 09:24:37 +00:00
Miroslav Stampar
af99105c27 lol. sybase and maxdb were just ignored while fingerprinted because they weren't in dbmsDict screwing half of dbms related functions (most notably aliasToDbmsEnum) 2011-02-01 22:45:38 +00:00
Bernardo Damele
a37f5e05b9 Refactoring 2011-02-01 22:27:36 +00:00
Bernardo Damele
9b342a4c95 Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques. 
Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too.
 2011-02-01 22:07:42 +00:00
Bernardo Damele
2619e4895f Properly handle --technique at save/resume phase 2011-02-01 22:05:48 +00:00
Bernardo Damele
3d966bd569 You never know.. 2011-02-01 22:05:12 +00:00
Bernardo Damele
d875d848ce Better sort 2011-02-01 22:04:48 +00:00
Miroslav Stampar
705d45f4db minor cosmetics 2011-02-01 11:10:23 +00:00
Miroslav Stampar
196e2d35b2 maybe we could ask user "are you willing to import local data content into error report" and use this function respectably 2011-02-01 11:06:56 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Miroslav Stampar
35b6d7278a minor update 2011-01-31 22:50:54 +00:00
Miroslav Stampar
25c175a9a5 minor bug fix 2011-01-31 22:34:57 +00:00
Bernardo Damele
b04e1a0313 More detailed message for unhandled exception 2011-01-31 21:23:40 +00:00
Bernardo Damele
2fd9621499 Minor adjustments 
Cosmetics
 2011-01-31 21:22:39 +00:00
Bernardo Damele
ec9ebb3479 Set threads to 4 when optimization switch is provided, -o 2011-01-31 21:21:13 +00:00
Bernardo Damele
8397c526d8 Minor adjustment 2011-01-31 21:20:23 +00:00
Bernardo Damele
e3a3ae11cc Proper return from error-based technique enumeration 2011-01-31 21:13:29 +00:00
Miroslav Stampar
fa58a9c86b update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) 2011-01-31 20:36:01 +00:00
Miroslav Stampar
777a19cfa9 LOL. removing that debug 'True' 2011-01-31 16:22:55 +00:00
Miroslav Stampar
a80fe28631 one more thing ;) 2011-01-31 16:21:28 +00:00
Miroslav Stampar
933d701667 cosmetics 2011-01-31 16:14:44 +00:00
Miroslav Stampar
b1dc928e68 implemented validation for time-based inference 2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c fix for a bug (--predict-output) noticed by Bernardo 2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Miroslav Stampar
a6f2cd56ff removed junky import 2011-01-31 11:59:58 +00:00
Miroslav Stampar
fb3513650d adding ID properties 2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8 refactoring of MSSQL XML banner parsing 2011-01-31 11:38:00 +00:00
Miroslav Stampar
7175efcae1 another minor cosmetic update 2011-01-31 10:59:51 +00:00
Miroslav Stampar
97328c3104 minor fix 2011-01-31 10:54:13 +00:00
Miroslav Stampar
5e768be509 minor bug fix 2011-01-31 09:34:54 +00:00
Miroslav Stampar
f7feebe0df fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments) 2011-01-31 09:28:16 +00:00
Bernardo Damele
2a0b03e5c6 Unused import 2011-01-30 17:07:27 +00:00
Miroslav Stampar
fc9c626f9e minor refactoring (removed URL_ENCODE_PAYLOAD) 2011-01-30 17:03:06 +00:00
Bernardo Damele
21e7223779 perhaps this is better english 2011-01-30 16:34:13 +00:00
Bernardo Damele
8278d821ac Another layout adjustment 2011-01-30 16:23:19 +00:00
Bernardo Damele
71d82e6f57 Minor layout adjustment 2011-01-30 16:19:58 +00:00
Bernardo Damele
02e5c4b1e6 Minor bug fix for --sql-query/-shell with error-based technique 2011-01-30 14:19:50 +00:00
Miroslav Stampar
bc8f1142c9 minor revert 2011-01-30 11:41:58 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
3060c369a5 minor fix for previous commit 2011-01-30 07:44:47 +00:00
Miroslav Stampar
1abf354630 minor update 2011-01-30 07:41:09 +00:00
Miroslav Stampar
d63339ca26 minor bug fix 2011-01-30 07:34:07 +00:00
Miroslav Stampar
e8883de2c6 minor update regarding unicode decoding of supplied arguments 2011-01-29 23:01:39 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d added some more info to unhandled exception message(s) 2011-01-28 16:15:45 +00:00
Miroslav Stampar
a184a4c772 major of majors bug fix 2011-01-28 14:31:25 +00:00
Miroslav Stampar
0f4fb156d3 major bug fix 2011-01-28 14:09:28 +00:00
Miroslav Stampar
b98cbeee04 page for handling binary files 2011-01-27 22:00:34 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Miroslav Stampar
49aeb41be8 quick bug fix for FALSE positives with UNION based technique 2011-01-27 18:49:44 +00:00
Miroslav Stampar
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) 2011-01-27 18:36:28 +00:00
Miroslav Stampar
03413bd5e0 minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload) 2011-01-27 16:55:58 +00:00
Miroslav Stampar
539168dcca sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there) 2011-01-27 13:40:42 +00:00
Miroslav Stampar
bb6e36fb02 minor updates 2011-01-27 12:38:39 +00:00
Miroslav Stampar
10b723f196 minor fix for a bug reported by yonnym@googlemail.com 2011-01-25 22:26:28 +00:00
Miroslav Stampar
430fd5cd63 minor fixes 2011-01-25 16:05:06 +00:00
Miroslav Stampar
d3ddaba7be minor refactoring 2011-01-25 13:04:13 +00:00
Miroslav Stampar
cab86871fe fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) 2011-01-25 11:02:41 +00:00
Miroslav Stampar
5692506131 this was bad thing to have 2011-01-25 01:08:38 +00:00
Miroslav Stampar
6cc69f5e16 now --technique is appliable also after the injections have been identified 2011-01-24 16:47:24 +00:00
Miroslav Stampar
81011be0d7 minor update of parseTargetUrl method 2011-01-24 14:52:50 +00:00
Miroslav Stampar
4093599f38 added parseTargetUrl to redirect choice 2011-01-24 14:45:35 +00:00
Bernardo Damele
e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads 2011-01-24 12:25:45 +00:00
Miroslav Stampar
8d0c2efbe2 unescaping of char marked payloads 2011-01-24 12:00:16 +00:00
Miroslav Stampar
4441e11f68 fix for case -r with no params and cookie available 2011-01-24 11:26:51 +00:00
Bernardo Damele
47fa600c04 Minor fix and cosmetics 2011-01-24 11:12:33 +00:00
Miroslav Stampar
a3e3387113 fix for proper Firebird resume of version 2011-01-24 11:04:32 +00:00
Miroslav Stampar
c1145c244e fix for user-agent injections 2011-01-23 23:23:30 +00:00
Miroslav Stampar
818c9787b2 minor update 2011-01-23 21:20:16 +00:00
Miroslav Stampar
b18397fbc7 major revisit of --os-shell methods 2011-01-23 20:47:06 +00:00
Miroslav Stampar
ff7707579f minor improvement 2011-01-23 11:35:24 +00:00
Miroslav Stampar
f5ff78d40c revert 2011-01-23 11:21:27 +00:00
Miroslav Stampar
97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message 2011-01-23 10:51:57 +00:00
Miroslav Stampar
3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) 2011-01-23 10:12:01 +00:00
Miroslav Stampar
30cd877c4a fix for URI based injections 2011-01-22 16:23:33 +00:00
Miroslav Stampar
7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) 2011-01-21 18:32:10 +00:00
Bernardo Damele
03a880c6f1 Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors 2011-01-20 22:02:20 +00:00
Bernardo Damele
0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) 2011-01-20 22:01:21 +00:00
Bernardo Damele
97573693be Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT 2011-01-20 21:59:47 +00:00
Bernardo Damele
f1b402b103 Proper handling of CASE in Oracle, finally 2011-01-20 21:58:50 +00:00
Bernardo Damele
4128b2c87f Enforce that when --prefix is provided, --suffix is too and viceversa. 2011-01-20 21:57:54 +00:00
Bernardo Damele
7d1c704575 Moved little precaution from checks.py to common.py. 
Initial refactoring of kb.os* get/set.
 2011-01-20 21:56:10 +00:00
Bernardo Damele
9770db597e Centralization of unescape() 2011-01-20 21:55:13 +00:00
Bernardo Damele
e734efcda7 Removed deprecated code 2011-01-20 21:50:58 +00:00
Miroslav Stampar
496a84c356 minor update 2011-01-20 18:32:04 +00:00
Miroslav Stampar
dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode 2011-01-20 17:53:49 +00:00
Miroslav Stampar
ad12242151 LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) 2011-01-20 16:27:59 +00:00
Miroslav Stampar
e8c037de1a minor update 2011-01-20 16:17:38 +00:00
Miroslav Stampar
4e5f0da1ae minor update 2011-01-20 16:07:08 +00:00
Miroslav Stampar
2fa066f892 added support for WebScarab logs 2011-01-20 15:55:50 +00:00
Miroslav Stampar
345e2288e1 important fix regarding encoding stuff 2011-01-20 13:54:18 +00:00