Miroslav Stampar
1db6953f08
Proper fix for #2236
2016-10-18 20:17:51 +02:00
Miroslav Stampar
d431c7d155
Fixes #2236
2016-10-18 20:07:19 +02:00
Miroslav Stampar
5ab4d54df0
Minor update of THIRD-PARTY.md
2016-10-18 13:49:29 +02:00
Miroslav Stampar
877d46e9f7
Fixes #2234
2016-10-18 13:46:56 +02:00
Miroslav Stampar
7e69cc112f
Fixes #2235
2016-10-18 13:37:36 +02:00
Miroslav Stampar
5b14eecd25
Bug fix (reconnecting in case of timeouted direct connection)
2016-10-17 22:55:07 +02:00
Miroslav Stampar
24eaf55dc8
Removing bad decision for -d (user should be able to choose)
2016-10-17 22:32:23 +02:00
Miroslav Stampar
6be10b307d
Minor patch
2016-10-17 22:02:41 +02:00
Miroslav Stampar
91ad71b1e0
Minor cosmetics
2016-10-17 12:36:42 +02:00
Miroslav Stampar
d6255de205
Fixes #2231
2016-10-17 12:33:07 +02:00
Miroslav Stampar
c293a6a25a
Fixes #2229 and #2230
2016-10-15 09:53:12 +02:00
Miroslav Stampar
b1175017f9
Minor update regarding to the last commit
2016-10-15 00:54:32 +02:00
Miroslav Stampar
75c9f91f11
Fixes #2226
2016-10-15 00:51:35 +02:00
Miroslav Stampar
9ff2dcf1c1
Fixes #2228
2016-10-15 00:16:53 +02:00
Miroslav Stampar
6c4e9ae427
Updating SocksiPy to PySocks (updated fork)
2016-10-14 23:16:26 +02:00
Miroslav Stampar
748e94dcee
Minor update for #2224
2016-10-13 23:25:46 +02:00
Miroslav Stampar
f389bd71c0
Implementation for an Issue #2224
2016-10-13 23:17:54 +02:00
Miroslav Stampar
1126ff86ce
Fixes #2223
2016-10-13 23:07:11 +02:00
Miroslav Stampar
79377fedab
Minor update
2016-10-13 23:06:04 +02:00
Miroslav Stampar
5d2972f362
Implementation for an Issue #2221
2016-10-11 17:33:36 +02:00
Miroslav Stampar
ae465bbaf8
Minor revert of leftover
2016-10-11 01:09:30 +02:00
Miroslav Stampar
1b95dd2d9d
Fix for a bug reported privately by user (in some cases data has not been retrieved)
2016-10-11 01:07:31 +02:00
Miroslav Stampar
6130185ac6
Minor consistency update with the wiki
2016-10-11 00:35:39 +02:00
Miroslav Stampar
c92fde120d
Implements #2220
2016-10-10 23:27:41 +02:00
Miroslav Stampar
7eab1bcbf9
Automating even more switch --tor
2016-10-10 14:19:44 +02:00
Miroslav Stampar
4c05307357
Disabling socket pre-connect in case of --tor, --proxy and --proxy-file
2016-10-10 01:57:55 +02:00
Miroslav Stampar
0037c28e9e
Preventing obnoxious 'install git' on MacOS
2016-10-10 01:35:22 +02:00
Miroslav Stampar
2b279233b6
Fixes #2219
2016-10-09 14:19:40 +02:00
Miroslav Stampar
b51b80b174
Fix for a privately reported bug
2016-10-08 21:11:43 +02:00
Miroslav Stampar
e4b0ac9ae5
Minor update of common user columns
2016-10-07 14:48:05 +02:00
Miroslav Stampar
7f416846b7
Minor revisit of MsSQL error-based payloads
2016-10-06 23:50:32 +02:00
Miroslav Stampar
5b7254af96
Minor patch
2016-10-06 22:27:29 +02:00
Miroslav Stampar
c83d417298
Fixes #2212
2016-10-05 23:02:20 +02:00
Miroslav Stampar
b42dc6e7a5
Update of Oracle and PostgreSQL system databases/schemas
2016-10-05 17:58:35 +02:00
Miroslav Stampar
8124fe391d
Bug fix for using --search in combination with -D CD
2016-10-05 17:43:57 +02:00
Miroslav Stampar
833ca4b640
Minor refactoring
2016-10-05 17:41:02 +02:00
Miroslav Stampar
3b244858f8
Adding performance_schema as one more of MySQL's system database
2016-10-05 17:33:24 +02:00
Miroslav Stampar
6107696e25
Minor patch (--help should display basic help)
2016-10-05 17:01:58 +02:00
Miroslav Stampar
af1c9c7fb2
Related to the last commit
2016-10-04 23:48:09 +02:00
Miroslav Stampar
06b54ab134
Better choice of used table (INFORMATION_SCHEMA.CHARACTER_SETS can also be found in MsSQL and PgSQL; mysql.db can have permission problems)
2016-10-04 23:43:00 +02:00
Miroslav Stampar
fee5c7bd7c
Adding two new payloads and minor cosmetics
2016-10-04 23:39:18 +02:00
Miroslav Stampar
fb8afc6add
Adding a new payload (Oracle boolean based on error response)
2016-10-04 22:12:00 +02:00
Miroslav Stampar
6c372a09bd
Minor update
2016-10-04 11:55:16 +02:00
Miroslav Stampar
171cf6f54d
Minor fine tuning for SQLi heuristic check
2016-10-04 11:32:06 +02:00
Miroslav Stampar
029bb5554d
Minor cleanup of user-agents
2016-10-04 10:48:10 +02:00
Miroslav Stampar
c69cb79d66
Fixes #2208
2016-10-04 10:39:28 +02:00
Miroslav Stampar
dc8301689e
Implementation for an Issue #2204
2016-10-02 11:13:40 +02:00
Miroslav Stampar
d8dd37510c
Fixes #2202
2016-10-01 21:02:40 +02:00
Miroslav Stampar
d1680b04f3
Minor code consistency update
2016-09-29 21:26:47 +02:00
Miroslav Stampar
102d4b4119
Bug fix for uploading files in case of web subdirectories
2016-09-29 21:14:28 +02:00
Miroslav Stampar
b3b49b3492
Minor patch for --parse-errors
2016-09-29 18:07:00 +02:00
Miroslav Stampar
7a89433251
Minor patch
2016-09-29 18:02:20 +02:00
Miroslav Stampar
ced6711128
Playing a bit with logo
2016-09-29 15:59:28 +02:00
Miroslav Stampar
bdf76f8d4d
Revisiting user-agents (newer versions of mainstream browsers)
2016-09-29 15:21:32 +02:00
Miroslav Stampar
571ae174bd
Minor language update
2016-09-29 14:55:43 +02:00
Miroslav Stampar
332726356c
Minor language update
2016-09-29 14:03:46 +02:00
Miroslav Stampar
4ea9d3b884
Replacing generic concatenation || with CONCAT (far better choice)
2016-09-29 13:35:16 +02:00
Miroslav Stampar
3409953538
Revisiting default level 1 payloads (MySQL stacked queries are as frequent as double rainbows)
2016-09-29 12:59:51 +02:00
Miroslav Stampar
3b3ab072e6
Adding short option(s) for setting verbosity (e.g. -vvv)
2016-09-29 11:19:25 +02:00
Miroslav Stampar
fef407e09c
Making HTTP requests up to 20% smaller (fine tuning the request headers)
2016-09-29 10:44:00 +02:00
Miroslav Stampar
5afccce3c6
Minor patch
2016-09-28 16:56:47 +02:00
Miroslav Stampar
e439095593
Bug fix for MySQL's --os-pwn
2016-09-28 15:39:34 +02:00
Miroslav Stampar
e77126e847
Removing obsolete functionality
2016-09-28 15:00:26 +02:00
Miroslav Stampar
3ef01f0e31
Minor update
2016-09-28 14:48:33 +02:00
Miroslav Stampar
d36b5c0a4b
Adding time-based blind (heavy query) payloads for Informix (Issue #552 )
2016-09-28 10:30:09 +02:00
Miroslav Stampar
e5a758bdf4
Fixes #2192
2016-09-28 09:55:14 +02:00
Miroslav Stampar
617509869d
Minor patch for Informix --parse-errors
2016-09-27 14:58:10 +02:00
Miroslav Stampar
5079c42788
Adding Informix parameter replacement payloads (Issue #552 )
2016-09-27 14:39:17 +02:00
Miroslav Stampar
bc7ab01066
Bug fix for generic parameter replacement (CASE)
2016-09-27 14:29:18 +02:00
Miroslav Stampar
212c1ec1f2
Couple of fixes and some testing stuff
2016-09-27 14:03:59 +02:00
Miroslav Stampar
381deb68ff
Implementation for an Issue #2137
2016-09-27 13:26:11 +02:00
Miroslav Stampar
ba0facb5eb
Removal of unused imports
2016-09-27 11:23:31 +02:00
Miroslav Stampar
7151df16f6
Adding extra validation step in case of boolean-based blind (e.g. if unexpected 500 occurs)
2016-09-27 11:21:12 +02:00
Miroslav Stampar
8994bf2dba
Further dealing with time-based SQLi (Issue #1973 )
2016-09-27 10:32:22 +02:00
Miroslav Stampar
09617c8243
Introducing extra validation property in case of time-based SQLi (HTTP code) - Issue #1973
2016-09-27 10:20:36 +02:00
Miroslav Stampar
556b4d289e
Minor cosmetic patch (removing multiple same content '...appears...' messages)
2016-09-26 17:02:40 +02:00
Miroslav Stampar
978f56ad10
One more commit for #552 (--passwords)
2016-09-26 16:38:03 +02:00
Miroslav Stampar
aa0b97b562
Support for Informix --roles/--privileges (Issue #552 )
2016-09-26 14:20:04 +02:00
Miroslav Stampar
df645d7d3d
Update for column types (Issue #552 )
2016-09-23 18:03:31 +02:00
Miroslav Stampar
035137ef4e
Bug fix in detection engine (abstract URI header sometimes caused problems - e.g. when automatic --string used)
2016-09-23 17:38:14 +02:00
Miroslav Stampar
484d9a4825
Implementation of --dump for Informix (Issue #552 )
2016-09-23 17:21:48 +02:00
Miroslav Stampar
65c305cff0
Fixes #2174
2016-09-23 15:41:12 +02:00
Miroslav Stampar
9a5fc5ccf4
New auxiliary (extra) file (for administration purposes)
2016-09-23 13:57:18 +02:00
Miroslav Stampar
51a1973224
Stripping PostgreSQL .so files for size issues (Issue #2173 )
2016-09-23 13:52:57 +02:00
Miroslav Stampar
2f2a63334a
Minor cleanup
2016-09-23 13:39:27 +02:00
Miroslav Stampar
23afeb4c7a
Fixes #2176
2016-09-23 13:37:44 +02:00
Miroslav Stampar
b387fb219d
Fixes #2175
2016-09-23 12:45:06 +02:00
Miroslav Stampar
1b48ff223d
Adding initial support for Informix (Issue #552 )
2016-09-23 12:33:27 +02:00
Miroslav Stampar
640e605412
More CTF friendly (common column and table name flag :)
2016-09-23 12:31:28 +02:00
Miroslav Stampar
e10bb42597
Minor tweak
2016-09-22 10:22:48 +02:00
Miroslav Stampar
9902018cab
Implementation for an Issue #2172
2016-09-21 15:45:55 +02:00
Miroslav Stampar
56a918c408
Minor refactoring
2016-09-20 10:03:00 +02:00
Miroslav Stampar
bcd62ecc5b
Minor optimization (avoiding unnecessary deepcopies)
2016-09-20 09:56:08 +02:00
Miroslav Stampar
e519484230
Patching live-testing
2016-09-19 15:51:28 +02:00
Miroslav Stampar
a2c8f1deb1
Update PgSQL fingerprinting payloads
2016-09-19 14:23:51 +02:00
Miroslav Stampar
12dc53f687
Minor update
2016-09-19 13:54:06 +02:00
Miroslav Stampar
b3b5bd267d
Adding new tamper script (on request from @MilanGabor)
2016-09-15 17:59:01 +02:00
Miroslav Stampar
921a53e314
Patch for counter in --smoke-test
2016-09-09 14:59:22 +02:00
Miroslav Stampar
32dd4a938c
Minor patch of message
2016-09-09 11:37:16 +02:00
Miroslav Stampar
9930f1b55b
Speed optimization(s)
2016-09-09 11:06:38 +02:00
Miroslav Stampar
8581d9e2ca
Minor improvement of SELECT_FROM_TABLE_REGEX
2016-09-09 09:45:48 +02:00
Miroslav Stampar
1a613ed9a8
Minor update
2016-09-08 14:08:14 +02:00
Miroslav Stampar
78e398d9c4
Fixes #2136
2016-09-06 15:03:17 +02:00
Miroslav Stampar
e3c3c2c185
Fixes #2148
2016-09-06 14:25:29 +02:00
Miroslav Stampar
4e36bbaff9
Update related to the last commit
2016-09-04 03:09:28 +02:00
Miroslav Stampar
603e9739ae
Fixes #2146
2016-09-04 01:33:52 +02:00
Miroslav Stampar
6b91b7b7fa
Minor cosmetics
2016-09-02 16:10:11 +02:00
Miroslav Stampar
2e62fda57d
Minor update
2016-09-02 15:55:33 +02:00
Miroslav Stampar
5ad27264a2
Patches #2143
2016-09-02 15:52:07 +02:00
Miroslav Stampar
c4d8cab50c
Version string bug fix
2016-09-02 14:25:56 +02:00
Miroslav Stampar
577e346774
Fixes #2144
2016-09-02 14:20:17 +02:00
Miroslav Stampar
375abd50ee
Minor update for #2134
2016-08-30 12:36:32 +02:00
Miroslav Stampar
4a815ab56f
Patch for an Issue #1250
2016-08-27 23:54:09 +02:00
Miroslav Stampar
6564adc984
Minor patch for buffered write into checksum.md5
2016-08-27 23:34:12 +02:00
Miroslav Stampar
ad5b8017f5
Minor refactoring
2016-08-26 12:28:35 +02:00
Miroslav Stampar
72e5a79288
Fixes #2106
2016-08-19 11:07:42 +02:00
Miroslav Stampar
63f4b3462f
Fixes #2105
2016-08-15 18:35:04 +02:00
Miroslav Stampar
a45a90df94
Adding new WAF script (Yunsuo)
2016-08-12 14:32:03 +02:00
Miroslav Stampar
ec1ac81e0a
Minor refactoring
2016-08-08 16:08:16 +02:00
Miroslav Stampar
6ba46bf7cf
Update for #2086 (lowercasing only the command)
2016-08-08 15:55:39 +02:00
deadworoz
9c2c3894d6
Converting a command to lowercase breaks a case-sensitive URL
...
To reproduce the bug:
1. Start the server: ./sqlmapapi.py -s
2. Start the client: ./sqlmapapi.py -c
3. Add a new task with a case-sensitive URL: new -u "http://vbox.lc/bWAPP/sqli_4.php?title=iron+man&action=search "
4. Check the log:
...
"message": "testing connection to the target URL"
...
"message": "page not found (404)"
...
"message": "HTTP error codes detected during run:\n404 (Not Found) - 1 times"
5. Check that sqlmap.py correcty work with same parameters: ./sqlmap.py -u "http://vbox.lc/bWAPP/sqli_4.php?title=iron+man&action=search "
[INFO] testing connection to the target URL
[INFO] checking if the target is protected by some kind of WAF/IPS/IDS
2016-08-08 14:48:25 +04:00
Miroslav Stampar
b92fc840fe
Adding pypi script to the repository
2016-08-02 13:21:05 +02:00
Miroslav Stampar
ef79bbf7d2
Minor patch
2016-08-02 12:38:57 +02:00
Miroslav Stampar
fba1199cd2
Minor consistency update
2016-08-02 12:05:39 +02:00
Miroslav Stampar
4022a68523
Removing last debug commit
2016-08-02 12:01:49 +02:00
Miroslav Stampar
67bc3ed359
Trying out the last commit
2016-08-02 12:01:02 +02:00
Miroslav Stampar
a0ddd99087
Minor update for automatic PyPI packaging
2016-08-02 12:00:21 +02:00
Miroslav Stampar
2a7ef58c9f
Minor refactoring
2016-08-02 11:55:11 +02:00
Miroslav Stampar
35010006a1
Some cosmetic changes
2016-08-02 11:50:42 +02:00
Miroslav Stampar
acfe788c95
Preparing for #1250
2016-08-02 00:17:59 +02:00
Miroslav Stampar
5ccb73a1ee
Minor patch for Python3 check
2016-07-29 15:30:59 +02:00
Miroslav Stampar
6ac5b6b759
Minor refactoring
2016-07-28 17:04:15 +02:00
Miroslav Stampar
d82f20abc4
Fixes #2068
2016-07-28 17:02:27 +02:00
Miroslav Stampar
10eafa35fd
Adding CloudFlare CAPTCHA warning
2016-07-23 23:02:15 +02:00
Miroslav Stampar
9105f259cd
Fixes #2060 (ParseError has been added in Python 2.7)
2016-07-23 15:27:25 +02:00
Miroslav Stampar
7cca56edfa
Fixes #2052
2016-07-21 09:38:52 +02:00
Miroslav Stampar
e21d751834
Fixes #2049
2016-07-20 20:04:44 +02:00
Miroslav Stampar
ebb73b71fa
Fixes #2045
2016-07-20 16:49:27 +02:00
Miroslav Stampar
1ca633ae64
Fixes #2031
2016-07-17 23:30:40 +02:00
Miroslav Stampar
3e22cbfed7
Minor update
2016-07-17 00:34:14 +02:00
Miroslav Stampar
c7f615f707
Renaming payload files (consistency with the rest of the project)
2016-07-17 00:21:16 +02:00
Miroslav Stampar
b83ee92cd1
Minor modification
2016-07-17 00:09:09 +02:00
Miroslav Stampar
571d669a09
Minor modification
2016-07-17 00:07:58 +02:00
Miroslav Stampar
e485531b71
Adding integrity checks in case of unhandled exceptions
2016-07-17 00:04:30 +02:00
Miroslav Stampar
7427b554e3
Adding support for integrity checks
2016-07-16 23:25:13 +02:00
Miroslav Stampar
1a818ceccd
Adding error message regarding #2030
2016-07-16 22:47:16 +02:00
Miroslav Stampar
7fea8d608e
Fixes #2028
2016-07-16 22:42:15 +02:00
Miroslav Stampar
1e6191e3b1
Fixes #2026
2016-07-16 15:51:09 +02:00
Miroslav Stampar
c10b2825d7
Patch for --os-shell against Windows/MySQL where resulting \r caused trouble
2016-07-15 11:56:51 +02:00
Miroslav Stampar
c200b2cb19
Another fix (related to the last commit)
2016-07-15 11:45:59 +02:00