Miroslav Stampar
|
09836dc568
|
backdoor for ASPX revisited
|
2010-11-10 15:35:22 +00:00 |
|
Miroslav Stampar
|
61b6ad64e3
|
JSP backdoor revisited, and in PHP removed trailing spaces from a blank line
|
2010-11-10 15:13:36 +00:00 |
|
Miroslav Stampar
|
19c1bfa368
|
just a precaution (now i really need to go for a sleep)
|
2010-11-09 23:38:29 +00:00 |
|
Miroslav Stampar
|
88c00e61d3
|
another update
|
2010-11-09 23:35:37 +00:00 |
|
Miroslav Stampar
|
47720a43dd
|
minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)
|
2010-11-09 23:21:21 +00:00 |
|
Miroslav Stampar
|
5ebd5d935c
|
another name change
|
2010-11-09 22:49:31 +00:00 |
|
Miroslav Stampar
|
06f00cf8c1
|
name change
|
2010-11-09 22:48:22 +00:00 |
|
Miroslav Stampar
|
6807fb04cc
|
minor update
|
2010-11-09 22:44:23 +00:00 |
|
Miroslav Stampar
|
fef60d5cb7
|
some fixes :)
|
2010-11-09 22:32:05 +00:00 |
|
Bernardo Damele
|
1cc99e2247
|
Possible quick fix for missing of True/False comparison of stable-but-not-really pages
|
2010-11-09 21:39:58 +00:00 |
|
Bernardo Damele
|
2205099a5e
|
Python stylish
|
2010-11-09 21:39:05 +00:00 |
|
Miroslav Stampar
|
cee888b613
|
tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected)
|
2010-11-09 19:14:55 +00:00 |
|
Miroslav Stampar
|
726825ca70
|
minor update
|
2010-11-09 16:59:36 +00:00 |
|
Miroslav Stampar
|
759433f0f1
|
fix of my mistake
|
2010-11-09 16:54:40 +00:00 |
|
Miroslav Stampar
|
b43334165d
|
update regarding brute forcing
|
2010-11-09 16:53:33 +00:00 |
|
Miroslav Stampar
|
a7fa8d4975
|
update regarding brute force retrieval of table names and table column names
|
2010-11-09 16:15:55 +00:00 |
|
Miroslav Stampar
|
45f2d8f5d2
|
trival update
|
2010-11-09 15:46:09 +00:00 |
|
Miroslav Stampar
|
7752b5efe9
|
minor update
|
2010-11-09 09:51:54 +00:00 |
|
Miroslav Stampar
|
4be0631161
|
refactoring of brute force techniques
|
2010-11-09 09:42:43 +00:00 |
|
Miroslav Stampar
|
221f976fbd
|
minor update
|
2010-11-09 01:23:54 +00:00 |
|
Bernardo Damele
|
45ec8c169a
|
Consistency between --*-test switches/output
|
2010-11-08 16:46:25 +00:00 |
|
Bernardo Damele
|
dac7436edf
|
Fix inconsistence with -b --error-test
|
2010-11-08 15:36:07 +00:00 |
|
Miroslav Stampar
|
fda8752dca
|
revert of some HTTP headers handling
|
2010-11-08 13:26:45 +00:00 |
|
Bernardo Damele
|
0c8918bf07
|
Minor bug fix, thanks Alex
|
2010-11-08 12:45:23 +00:00 |
|
Bernardo Damele
|
78d7b17483
|
More replacements for refactoring.
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
|
2010-11-08 12:36:48 +00:00 |
|
Miroslav Stampar
|
eb999de0f1
|
added Range handler (dealing with 206 HTTP messages)
|
2010-11-08 12:26:13 +00:00 |
|
Miroslav Stampar
|
875781bf97
|
another minor fix
|
2010-11-08 11:55:56 +00:00 |
|
Miroslav Stampar
|
4a4a3051e5
|
fix
|
2010-11-08 11:39:07 +00:00 |
|
Miroslav Stampar
|
a3de10e3a2
|
new option -t
|
2010-11-08 11:22:47 +00:00 |
|
Miroslav Stampar
|
4e6d1b5118
|
added "Detection" part in help listing
|
2010-11-08 10:11:43 +00:00 |
|
Miroslav Stampar
|
0d0e2a2228
|
minor update
|
2010-11-08 09:49:57 +00:00 |
|
Miroslav Stampar
|
d551423379
|
further enum refactoring
|
2010-11-08 09:44:32 +00:00 |
|
Miroslav Stampar
|
862395ced1
|
further refactoring (all enumerations are now put into enums.py)
|
2010-11-08 09:20:02 +00:00 |
|
Miroslav Stampar
|
8e44aa605a
|
refactoring regarding injection place (more left)
|
2010-11-08 08:02:36 +00:00 |
|
Miroslav Stampar
|
0482e02c37
|
minor optimization
|
2010-11-07 23:37:15 +00:00 |
|
Miroslav Stampar
|
4f346eab33
|
fix for resume from session
|
2010-11-07 23:25:53 +00:00 |
|
Bernardo Damele
|
ea1b0d31be
|
Avoid displaying single retrieved character when --verbose > 2
|
2010-11-07 22:42:56 +00:00 |
|
Bernardo Damele
|
b6da946883
|
Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
|
2010-11-07 22:34:29 +00:00 |
|
Bernardo Damele
|
27ce4b0cf0
|
Set proper verbose level for dbms direct error messages
|
2010-11-07 22:14:06 +00:00 |
|
Bernardo Damele
|
a96467b3e2
|
Refactoring
|
2010-11-07 21:55:24 +00:00 |
|
Miroslav Stampar
|
7a6c086a27
|
setting direct query info output to same level as payload info (logger.DEBUG)
|
2010-11-07 21:42:36 +00:00 |
|
Miroslav Stampar
|
d3e7e89e60
|
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
|
2010-11-07 21:18:09 +00:00 |
|
Miroslav Stampar
|
620fa1c8fb
|
trust me, i know what i am doing :)
|
2010-11-07 20:33:33 +00:00 |
|
Bernardo Damele
|
73e85bfc75
|
Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now
|
2010-11-07 16:24:44 +00:00 |
|
Bernardo Damele
|
4d81da6bc8
|
Cosmetics
|
2010-11-07 16:23:03 +00:00 |
|
Bernardo Damele
|
6716315a76
|
Minor bug fix to properly set the ratio just before the check for injection, not before the check for dynamicity
|
2010-11-07 15:45:26 +00:00 |
|
Bernardo Damele
|
9669dbdae1
|
Minor cosmetics and adjustments
|
2010-11-07 15:34:52 +00:00 |
|
Miroslav Stampar
|
afba26a53f
|
tiny winy update
|
2010-11-07 09:00:45 +00:00 |
|
Miroslav Stampar
|
2b8c942b4a
|
more update
|
2010-11-07 08:58:24 +00:00 |
|
Miroslav Stampar
|
00dfd55830
|
added powerful switch --longest-common for dealing with heavy dynamicity
|
2010-11-07 08:52:09 +00:00 |
|