Commit Graph

2587 Commits

Author SHA1 Message Date
Miroslav Stampar
6b826ef64d Reintroducing option --cookie-del 2013-07-31 20:41:19 +02:00
Miroslav Stampar
eaacbe0b12 Minor language fix 2013-07-31 09:24:34 +02:00
Miroslav Stampar
4f58e0af0c Minor fix 2013-07-31 08:45:04 +02:00
Miroslav Stampar
a585aa4bff Adding support for ~ 2013-07-29 20:42:29 +02:00
Miroslav Stampar
de31688c4f Update for an Issue #481 2013-07-29 18:25:27 +02:00
stamparm
dbb0d7f700 Important fix (Issue #489) - we had a bad presumption than only public schema could be used for enumeration (while all schemas inside a current db could be used) 2013-07-19 13:24:35 +02:00
stamparm
28cd50b2f1 Patch for an Issue #490 2013-07-16 14:08:32 +02:00
stamparm
ac2d40e259 Revert of last commit (there is a chance that that big integer value is really valid :) 2013-07-15 13:34:38 +02:00
stamparm
a097ee1505 Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant) 2013-07-15 13:31:56 +02:00
stamparm
dc1623a40f Fix for a bug reported over ML (error: unbalanced parenthesis) 2013-07-11 10:20:58 +02:00
stamparm
01159575b2 Fix for an Issue #488 2013-07-11 10:11:43 +02:00
stamparm
aad102378a Fix for an Issue #487 2013-07-09 11:00:43 +02:00
stamparm
be5ce760b6 Fix for an Issue #485 (failing back to single-thread mode if over some bisection length) 2013-07-09 10:24:48 +02:00
stamparm
8d3435ab0b Removing reflective warning for parsing heuristic test 2013-07-08 11:48:33 +02:00
stamparm
db536427f0 Adding a question for storing hashes to a temporary file (after a mention of it on Twitter) 2013-07-04 15:34:00 +02:00
stamparm
f97b35dcc1 Patch for an Issue #475 2013-07-01 13:43:38 +02:00
stamparm
017ce22a2f Minor consistency patch (Issue #475) 2013-07-01 13:01:53 +02:00
stamparm
5ff09aff63 Some more adjustments (Issue #475) 2013-07-01 12:50:12 +02:00
stamparm
04046f38eb Minor update (Issue #475) 2013-07-01 12:26:57 +02:00
stamparm
f7d15cb465 Official naming is HSQLDB (and/or HyperSQL) 2013-07-01 11:57:47 +02:00
Miroslav Stampar
aeb83ba651 Merge pull request #475 from Meatballs1/hsql_clean
HSQL Payloads and Query Support
2013-07-01 02:38:04 -07:00
Meatballs
4595b2c287 decodeHexValue 2013-06-24 23:45:39 +01:00
Meatballs
09e1dc814d Fix concat 2013-06-24 23:20:34 +01:00
Meatballs
ed40a76c9d Fix dummy table 2013-06-24 23:18:47 +01:00
Meatballs
9212b05eeb Add call to execute statements 2013-06-24 15:01:44 +01:00
Meatballs
62000c6406 Remaining files 2013-06-24 14:42:58 +01:00
Meatballs
7b6cc3d183 Add hsql settings 2013-06-24 14:38:44 +01:00
Meatballs
20a5d9a16e Include HSQL dummy table 2013-06-24 14:37:42 +01:00
Miroslav Stampar
0355e29b7c Minor fix (NoneType has no attribute split) 2013-06-24 14:49:53 +02:00
Miroslav Stampar
fca6772df6 Implementation for an Issue #468 2013-06-22 00:13:46 +02:00
stamparm
a53823f9b7 Minor refactoring 2013-06-19 10:59:26 +02:00
stamparm
9a6f5a95f5 Minor patch for SQLAlchemy/MSSQL 2013-06-18 09:36:09 +02:00
Miroslav Stampar
63d0e9bb12 Adding support for MsSQL >=2012 hash format (based on commit 70107f74f0be5357654f170a3f321e3e55e81881) 2013-06-13 21:50:35 +02:00
Miroslav Stampar
cdb434805a Using alpha character as a boundary in union/error techniques (instead of ':') to support wider range of (output filtering) cases 2013-06-10 22:14:45 +02:00
Miroslav Stampar
3583f45ee7 Fix for an Issue #461 2013-06-10 11:44:56 +02:00
Miroslav Stampar
c1592e8508 Code refactoring (moving import ctypes to be used only when needed) 2013-06-04 22:23:44 +02:00
Miroslav Stampar
213d0ecfb9 Minor fix 2013-06-03 23:32:57 +02:00
Miroslav Stampar
351c70b390 Locale module screws string.letters, etc. in some cases (e.g. IDLE run) 2013-06-01 14:06:58 +02:00
Miroslav Stampar
b7989f93c5 Trivial update regarding last commit 2013-05-30 12:04:56 +02:00
Miroslav Stampar
ed8f16e754 Minor update on user's request 2013-05-30 12:01:13 +02:00
Miroslav Stampar
12870e6ff3 Minor fix 2013-05-30 11:42:27 +02:00
Miroslav Stampar
793a8ad349 Minor fix 2013-05-30 11:38:24 +02:00
stamparm
c3038fcb65 Minor cosmetic update 2013-05-29 15:46:59 +02:00
stamparm
dfd6ee20bb Patch for an Issue #454 2013-05-29 15:26:11 +02:00
stamparm
60df3e9d1e Minor cosmetic update (displaying 'Technique: DIRECT' instead of 'Technique: None' in case of direct access) 2013-05-29 15:04:14 +02:00
stamparm
e28b056028 Dummy fix 2013-05-29 14:26:00 +02:00
Miroslav Stampar
f3f752d85c Patch for an Issue #452 2013-05-25 18:52:59 +02:00
Miroslav Stampar
a85a0e53de Fix for an Issue 'ValueError: Invalid IPv6 URL' 2013-05-25 18:00:21 +02:00
Miroslav Stampar
e7ddc2fcab Minor fix 2013-05-23 12:57:33 +04:00
Miroslav Stampar
eb8e12b7c2 Minor adjustment (for headers like 'name:http://asdas') 2013-05-23 11:29:43 +04:00
stamparm
1b3f1a4016 More appropriate naming (also, preventing ambiguities with --smart) 2013-05-22 23:21:43 +04:00
Miroslav Stampar
1a4ea186ca Consistency fix 2013-05-19 23:00:40 +02:00
Miroslav Stampar
ea5c742595 Update (lagging checking is now always done once when time based compare is done; not only in case if statistical model is being filled) 2013-05-18 21:30:21 +02:00
Miroslav Stampar
b2b3b3b5a6 Minor bug fix (level names not properly used in non-logger output) 2013-05-18 16:44:21 +02:00
Miroslav Stampar
dcea745576 Minor update (not displaying safe enclosings in table dumps) 2013-05-18 16:13:34 +02:00
stamparm
76b4e1ccb9 Implementation for an Issue #450 2013-05-17 15:04:25 +02:00
stamparm
cb9ea67c8d Code refactoring (moving progress.py to lib/utils) 2013-05-13 14:48:39 +02:00
stamparm
936815128d Minor fix 2013-05-13 13:42:43 +02:00
Miroslav Stampar
034e123b0c Minor fix (to accept -p cookie without need for raising --level / as it's already done for referer and user_agent) 2013-05-12 16:24:13 +02:00
Miroslav Stampar
6676eaf88f Minor fix 2013-05-12 14:02:50 +02:00
Miroslav Stampar
f8cef1fc6f Minor fix for a test case 211 2013-05-09 21:20:17 +02:00
stamparm
3873805dab Partial implementation for an Issue #189 (error-based; still partial union left) 2013-05-09 16:23:57 +02:00
stamparm
9fe5a8832f Update for an Issue #189 (code refactoring of ProgressBar so it could be ready for usage in non-inference cases out of box) 2013-05-09 15:52:18 +02:00
stamparm
fc57b7565d Implementation for an Issue #432 2013-05-09 14:26:29 +02:00
stamparm
ebe8ee3500 Fix for crawler and redirection case 2013-04-30 18:08:26 +02:00
stamparm
d2a5548889 Some more reordering 2013-04-30 14:32:11 +02:00
stamparm
16866119b8 Another minor update 2013-04-30 14:11:56 +02:00
stamparm
08fbfda5d2 Minor update 2013-04-30 14:06:04 +02:00
stamparm
69e3a2cb9e Minor update 2013-04-30 14:06:04 +02:00
stamparm
03c4eb8338 Minor update 2013-04-30 14:06:04 +02:00
stamparm
46557198a5 Minor update of doc root names 2013-04-29 11:29:59 +02:00
stamparm
63d7707346 Adding support for appending to the existing table dump if --start/--stop is used 2013-04-24 16:08:40 +02:00
stamparm
8d382f00e8 Minor style update 2013-04-22 11:38:47 +02:00
Miroslav Stampar
a475116853 Minor check 2013-04-21 21:42:23 +02:00
stamparm
0d92145fc6 Minor bug fix 2013-04-19 15:40:25 +02:00
stamparm
0cb3ce5765 Bug fix (maybe it will have repercusions in future as this was a silent bug) 2013-04-19 10:10:06 +02:00
stamparm
b7d4afcc63 Moving '--pivot-column' to a General section (Issue #437) 2013-04-18 17:12:32 +02:00
stamparm
9d045e14e8 Implementation for an Issue #437 2013-04-18 17:06:45 +02:00
stamparm
2defc30dc6 From now on --dbms-cred can be used also in combination with -d (more flexibility as spotted that one user used in that way on ML) 2013-04-17 11:12:15 +02:00
stamparm
feed2274c3 Patch for an Issue #435 2013-04-17 10:48:17 +02:00
stamparm
c73489aff3 Adding a couple of new option validation checks 2013-04-16 14:31:10 +02:00
stamparm
7204ec5616 Adding a basic validation check (-d with --url) 2013-04-16 14:23:27 +02:00
stamparm
1c47b33020 Few bug fixes in -d (there were late values in payloads in some cases; sqlalchemy returns RowProxy for tuple) 2013-04-15 15:23:45 +02:00
stamparm
aed738d6e6 Update for an Issue #361 2013-04-15 14:20:21 +02:00
stamparm
a9a0d1a3f9 Minor update 2013-04-15 11:56:19 +02:00
stamparm
10fbeaed7b Code refactoring 2013-04-15 11:49:11 +02:00
stamparm
349f885f08 Minor patch 2013-04-15 11:41:53 +02:00
stamparm
3e65037a05 Introducing lib/utils/sqlalchemy.py (Issue #361) 2013-04-15 10:33:25 +02:00
Miroslav Stampar
b6fee638ef Neutralizing time of cookie expiration (in case of --load-cookies) 2013-04-14 01:13:08 +02:00
stamparm
7edd7ee2aa Trivial code change 2013-04-12 16:25:24 +02:00
Miroslav Stampar
0b449bb1d9 Fix for an Issue #433 2013-04-10 19:33:31 +02:00
stamparm
f67148a9a4 Update for an Issue #431 2013-04-10 16:43:57 +02:00
stamparm
8c9da95343 Style and consistency update (url -> URL) 2013-04-09 11:48:42 +02:00
stamparm
3948b527dd Update for an Issue #429 2013-04-09 11:36:33 +02:00
stamparm
cce541cc33 Patch for an Issue #429 2013-04-09 10:39:20 +02:00
Miroslav Stampar
7614c815ed Minor update/patch 2013-04-07 21:32:03 +02:00
Miroslav Stampar
50ac3aab7a Minor patch 2013-04-06 01:56:24 +02:00
stamparm
a75d3ed0b8 Minor style update 2013-04-06 01:56:23 +02:00
Miroslav Stampar
f387333415 Minor cosmetics 2013-04-02 17:34:56 +02:00
Miroslav Stampar
4b5335a323 Moving --force-ssl from [Request] to [General] options 2013-04-02 17:18:21 +02:00
Miroslav Stampar
76a0d20799 Minor patch 2013-04-01 22:18:41 +02:00
Miroslav Stampar
b67f342975 Minor patch 2013-04-01 17:32:16 +02:00
stamparm
a371f182ac Minor patch (previous combination is not working well with oriental characters - 0 length normalized unicode string is being returned) 2013-03-28 15:37:14 +01:00
stamparm
e1ffdde532 Little cleaning a mess with url encoding and post hint types 2013-03-27 13:39:27 +01:00
stamparm
0882fe0ce3 Minor update related to the last two 2013-03-26 16:04:56 +01:00
stamparm
eb1bfc20cb Update related to the last commit 2013-03-26 15:36:44 +01:00
stamparm
2fe6aea0eb Minor fix 2013-03-26 15:07:14 +01:00
stamparm
825aa4b8dd Minor language update 2013-03-26 14:27:51 +01:00
stamparm
473a39b820 Minor language fix 2013-03-26 14:11:17 +01:00
stamparm
ad039c335d Implementation for an Issue #423 2013-03-21 11:28:44 +01:00
stamparm
7447773237 Update for consistency (all other enums are using _ in between words) 2013-03-20 11:10:24 +01:00
Miroslav Stampar
8acf033715 Code refactoring 2013-03-19 19:24:14 +01:00
stamparm
6969874c02 Switch --no-cast is incompatible with switch --hex (integer values are not being casted in case of --no-cast --hex which is causing unwanted decodings of returned values) 2013-03-19 10:52:37 +01:00
stamparm
10e6c70c22 Trivial style update (undoing last dummy commit) 2013-03-19 10:43:29 +01:00
stamparm
70265fd3b5 Trivial style update 2013-03-19 10:43:03 +01:00
stamparm
5adac57ca9 Trivial style update 2013-03-19 10:42:50 +01:00
Miroslav Stampar
5df1f5528e More general update for an Issue #421 2013-03-15 22:49:09 +01:00
Miroslav Stampar
f0a419bdec Patch for an Issue #421 2013-03-15 22:08:15 +01:00
Miroslav Stampar
4cb378ce3e Another update for an Issue #352 and couple of fixes 2013-03-13 21:57:09 +01:00
Miroslav Stampar
b35122a42c Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-03-13 19:52:17 +01:00
Miroslav Stampar
eb08c8d752 Another update for an Issue #352 2013-03-13 19:42:22 +01:00
Bernardo Damele
dea62189b2 fixes #420 2013-03-12 22:16:42 +00:00
Miroslav Stampar
2f43c3eb9b Minor fix (digest live test case) and some refactoring 2013-03-12 21:16:44 +01:00
Miroslav Stampar
65306f1ac1 Update for an Issue #352 2013-03-12 20:10:32 +01:00
Miroslav Stampar
db0a1e58b9 Update for an Issue #352 2013-03-11 14:58:05 +01:00
Miroslav Stampar
d6fc10092f Minor refactoring 2013-03-11 13:31:50 +01:00
Miroslav Stampar
1e731f87a4 Patch for an Issue #419 (Authentication header is now properly being cached - no more one reauth per each request) 2013-03-09 19:33:04 +01:00
Miroslav Stampar
8e6692d793 Minor fix (for JSON values with :) 2013-03-05 20:12:24 +01:00
Miroslav Stampar
9e49d8c68f Adding support for SHA2 hash functions 2013-03-05 11:04:46 +01:00
Miroslav Stampar
2ada9e9b84 Patch for an Issue Issue #416 2013-03-04 18:05:40 +01:00
Miroslav Stampar
084cfc797a Fix for an Issue #415 2013-03-02 09:55:12 +01:00
stamparm
55f33da85a Fix for invalid logical test cases 2013-03-01 12:04:49 +01:00
Miroslav Stampar
0e89cc62a2 Adding a hidden switch --dummy used for dummy runs (getPage() returns random data) - usefull for testing purposes for skipping connections 2013-02-28 20:20:08 +01:00
stamparm
9ef79df23d Cleaning up cases with Set-Cookie (conf.cj is handling it automatically; also, default redirector needed to be patched) 2013-02-28 13:51:08 +01:00
stamparm
be50192d8d Refactoring WAF scripts 2013-02-26 15:54:50 +01:00
stamparm
e5835dc74f Update for WAF scripts 2013-02-26 15:30:11 +01:00
stamparm
17fa0f568c Minor patch for an Issue #404 2013-02-26 12:55:09 +01:00
stamparm
ecbcd4afe6 Minor update 2013-02-26 12:55:09 +01:00
stamparm
e5e39bc682 Fix for an Issue #410 2013-02-25 11:07:30 +01:00
stamparm
6fbd902265 Minor refactoring (Issue #411) 2013-02-25 10:44:04 +01:00
stamparm
7127869ede Minor bug fix (live test specific verbosity should be valid only inside of it) 2013-02-22 17:26:48 +01:00
stamparm
ad471368f5 Fixing a display bug (cases where messages are just appended after the readInput line in batch mode) introduced with b472d9809a 2013-02-22 11:42:09 +01:00
stamparm
42cbd94fa4 Better update regarding 6acb2480b8 2013-02-22 10:49:45 +01:00
stamparm
44a46d2b10 Fix for an Issue #409 2013-02-22 10:18:22 +01:00
Miroslav Stampar
6acb2480b8 Adding WAF script for SecureIIS 2013-02-21 21:34:26 +01:00
stamparm
08f0670aca Minor refactoring for an Issue #290 2013-02-21 14:39:22 +01:00
stamparm
8e49872d7c Finalizing implementation for an Issue #290 2013-02-21 14:33:12 +01:00
stamparm
6b2981ef4e Update for an Issue #290 (adding tamper-like scripts into (new) directory waf) 2013-02-21 11:14:57 +01:00
Miroslav Stampar
7f293afe74 Proper escaping for SQL identificators in Oracle (also, revert for 9b5f33560b) 2013-02-18 15:18:53 +01:00
Miroslav Stampar
9b5f33560b Oracle is too specific (only column names can be enclosed) - removing it 2013-02-15 17:36:58 +01:00
Miroslav Stampar
bf82506c1b Oracle can't enclose table names with double quotations 2013-02-15 17:36:58 +01:00
Miroslav Stampar
1b3d749488 Proper fix related to the last commit/revert 2013-02-15 17:36:58 +01:00
Miroslav Stampar
5a793cbc7c Minor revert 2013-02-15 17:36:58 +01:00
Miroslav Stampar
799bd51c2e Minor fix when two readInput/dataToStdout are called one at a time 2013-02-15 17:36:58 +01:00
Miroslav Stampar
97c06854a4 Minor fixes 2013-02-15 17:36:58 +01:00
Miroslav Stampar
014e4e0055 Minor represenation fix 2013-02-15 14:48:24 +01:00
Miroslav Stampar
345d10a9e0 Consistency fix (everywhere else we show unsafe format of identificator names) 2013-02-15 14:05:14 +01:00
Bernardo Damele
b472d9809a another consistency fix to readInput() 2013-02-15 09:35:09 +00:00
Bernardo Damele
c3f1e196e1 added missing parameter 2013-02-15 00:43:46 +00:00
Bernardo Damele
4727589135 code consistency 2013-02-15 00:17:13 +00:00
Miroslav Stampar
515be4ee0b Minor just in case commit related to the last one 2013-02-14 19:58:10 +01:00
Miroslav Stampar
fef60b73f4 Minor update for proper display of [PAYLOAD] in JSON/XML/SOAP cases 2013-02-14 19:53:26 +01:00
Bernardo Damele
d91530f885 Merge branch 'master' of github.com:sqlmapproject/sqlmap 2013-02-14 17:16:55 +00:00
Bernardo Damele
52264f544e minor fix for Windows file paths, do not strip the windows drive letter 2013-02-14 17:16:49 +00:00
Miroslav Stampar
fdf00e4842 Fix for an Issue #397 2013-02-14 17:14:36 +01:00
Miroslav Stampar
368a2fd297 Fix for an Issue #393 2013-02-14 16:18:16 +01:00
Miroslav Stampar
f97f575018 Trivial restyling 2013-02-14 15:41:27 +01:00
Miroslav Stampar
605c5b089e Minor style update 2013-02-14 15:38:44 +01:00
Miroslav Stampar
06d8547916 Implementation for an Issue #394 2013-02-14 15:38:44 +01:00
Miroslav Stampar
7944684ff2 This was supposed to be a separate commit (going to commit it in next one) 2013-02-14 15:38:44 +01:00
Miroslav Stampar
6c0054bc5f Putting that ugly parameter xyz is not inside the Cookie into the debug messages 2013-02-14 15:38:44 +01:00
Bernardo Damele
646df37884 minor bug fix for --reg-read 2013-02-14 13:17:30 +00:00
Miroslav Stampar
c72353321d Minor update for an Issue #392 2013-02-14 13:36:33 +01:00
Bernardo Damele
4b9d8ed673 reverted a previous commit as not all distributions create a link file /usr/bin/python2 to the Python interpreter 2013-02-14 11:32:17 +00:00
Bernardo Damele
a67ef4117f make sure to use Python 2 interpreter when default system Python is version 3 2013-02-14 11:25:04 +00:00
Miroslav Stampar
6629233de5 Minor update 2013-02-14 10:18:40 +01:00
Miroslav Stampar
0a4605644e Minor fix for previous commit 2013-02-13 16:31:03 +01:00
Miroslav Stampar
2b121c938b Minor fix 2013-02-13 16:24:21 +01:00
Miroslav Stampar
c6d29e093e Fixing issue with newlines after the data in -r mode 2013-02-13 12:36:01 +01:00
Miroslav Stampar
965fa04a33 Trivial update 2013-02-13 12:28:51 +01:00
Miroslav Stampar
d78a3e977b Update (allowing regular char * to be inside SOAP/JSON/XML) 2013-02-13 12:24:42 +01:00
Miroslav Stampar
6314d64a70 Renaming --binary to --binary-fields 2013-02-13 11:27:03 +01:00
Miroslav Stampar
7c802ed8cc Minor fix 2013-02-13 11:14:45 +01:00
Miroslav Stampar
dc41484b3f Refactoring of funcionality for finding out if stacking is available 2013-02-13 09:57:16 +01:00
Miroslav Stampar
8b4f72322a Adding (for now hidden) option --binary (works like -C but deliberately retrieves data in hex format and displays in hex format) 2013-02-13 09:56:44 +01:00
Miroslav Stampar
c34f6e25b2 Minor fix for --eval (urldecoded values should be used inside evaluation) 2013-02-12 17:01:47 +01:00
Miroslav Stampar
212e92ea01 Minor update regarding --load-cookies (warning about expired ones) 2013-02-12 14:29:56 +01:00
Miroslav Stampar
c67b39d14d Update for a last update 2013-02-12 12:58:15 +01:00
Miroslav Stampar
72984a578d Update for --load-cookies 2013-02-12 12:42:12 +01:00
Miroslav Stampar
c2672e78fc Support for multiple injection marks inside the same header value (Issue #48) 2013-02-12 12:06:13 +01:00
Miroslav Stampar
c75560ba69 Minor bug fix (getting ? in < 0xf char cases) 2013-02-11 21:16:35 +01:00
Miroslav Stampar
c0e59d94a9 Better naming 2013-02-08 16:28:58 +01:00
Miroslav Stampar
cdfe43560b Update for an Issue #207 (and a potential patch for regression tests) 2013-02-08 16:20:48 +01:00
Bernardo Damele
d015bf98fc renamed variable to avoid confusion 2013-02-07 14:19:07 +00:00
Bernardo Damele
07fe6d44fb unnecessary condition here 2013-02-07 14:18:52 +00:00
Bernardo Damele
b477c56b52 first steps to allow multiple scans on the same taskid - issue #297 2013-02-07 00:05:26 +00:00
Bernardo Damele
5c8335876f minor bug fix to make --disable-coloring work on log messages too 2013-02-06 21:04:54 +00:00
Bernardo Damele
477c66ac4b minor refactoring and trivial bug fix 2013-02-06 17:45:25 +00:00
Bernardo Damele
f7d826fee1 first case where partial output is retrievable via RESTful API - issue #297 2013-02-05 14:43:03 +00:00
Miroslav Stampar
e836629215 Bug fixes for search (safeStringFormat should not replace all if given scalar values) 2013-02-05 11:37:49 +01:00