117 Commits

Author	SHA1	Message	Date
Miroslav Stampar	7ae5192070	adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)	2011-01-05 10:25:07 +00:00
Miroslav Stampar	edcf1a0872	few bug fixes	2010-12-24 18:40:48 +00:00
Miroslav Stampar	385e208f38	code refactoring regarding standard output suppression and some threading issues	2010-12-21 14:21:24 +00:00
Miroslav Stampar	5852bad963	some refactoring	2010-12-20 18:56:06 +00:00
Miroslav Stampar	36862e2efa	update	2010-12-18 15:57:47 +00:00
Miroslav Stampar	6a24048aa6	urllib2 doesn't play well with '\n' when non unescaped chars used	2010-12-11 21:17:54 +00:00
Miroslav Stampar	f021548bd0	added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)	2010-12-11 10:52:04 +00:00
Miroslav Stampar	c17f444aab	minor fix	2010-12-11 10:22:18 +00:00
Miroslav Stampar	fe2039f5ba	coollyy little commits	2010-12-10 11:32:46 +00:00
Miroslav Stampar	cdff29ada7	update	2010-12-09 11:23:44 +00:00
Bernardo Damele	f5ce739bdf	Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.	2010-12-08 23:52:31 +00:00
Miroslav Stampar	01cf1394a4	code refactoring	2010-12-08 14:26:40 +00:00
Miroslav Stampar	6223f25dd9	code beautification	2010-12-08 13:04:48 +00:00
Miroslav Stampar	b5e45939e3	sqlmap premiere of blind time based query/bisection	2010-12-08 12:28:54 +00:00
Bernardo Damele	c22338ce90	Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).	2010-11-29 11:47:58 +00:00
Bernardo Damele	7e3b24afe6	Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. ... All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!	2010-11-28 18:10:54 +00:00
Bernardo Damele	17486e472a	Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!	2010-11-17 22:00:09 +00:00
Bernardo Damele	45ec8c169a	Consistency between --*-test switches/output	2010-11-08 16:46:25 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Bernardo Damele	ea1b0d31be	Avoid displaying single retrieved character when --verbose > 2	2010-11-07 22:42:56 +00:00
Bernardo Damele	b6da946883	Added one new verbose level, -v 3 now shows the full injected payload. ... Fixed also -d verbose output.	2010-11-07 22:34:29 +00:00
Miroslav Stampar	d3e7e89e60	major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces	2010-11-07 21:18:09 +00:00
Miroslav Stampar	3f0a443b83	some updates	2010-11-04 23:08:59 +00:00
Miroslav Stampar	cd0d4135ac	implemented --banner for MaxDB and some minor fixes	2010-11-02 20:51:55 +00:00
Miroslav Stampar	5269cb8c08	some code refactoring and beautification	2010-11-02 09:06:38 +00:00
Miroslav Stampar	13e93f564a	one bug fix in dynamic content engine and some code refactoring	2010-11-02 07:32:08 +00:00
Miroslav Stampar	73b33ed765	fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic	2010-11-01 20:56:13 +00:00
Bernardo Damele	486a113560	Consolidate logger messages for --*-test switches	2010-10-31 16:58:38 +00:00
Miroslav Stampar	5a38ac7ea9	important update regarding (Bug #209) - probably more will be needed	2010-10-29 16:11:50 +00:00
Bernardo Damele	215175e3b7	Minor code adjustments	2010-10-25 14:11:47 +00:00
Miroslav Stampar	98f5586b87	minor update	2010-10-23 08:05:24 +00:00
Miroslav Stampar	bc79eec702	removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)	2010-10-21 13:13:12 +00:00
Miroslav Stampar	4009ef385e	more update regarding error based injection support	2010-10-19 18:17:34 +00:00
Bernardo Damele	64b9f94fcf	Renamed --common-prediction switch to --predict-output	2010-10-16 23:50:13 +00:00
Bernardo Damele	2129935e06	Split character for tamper scripts (--tamper option) is now comma, not semi-colon. ... Minor enhancement	2010-10-16 21:52:16 +00:00
Miroslav Stampar	1336b97c2c	removed --useBetween switch and added new tampering module ./tamper/between.py	2010-10-15 23:48:07 +00:00
Miroslav Stampar	4f7f20b94f	sorry, cosmetics	2010-10-14 23:18:29 +00:00
Bernardo Damele	1674142d82	Minor cosmetic fixes	2010-10-14 15:28:54 +00:00
Miroslav Stampar	8b48833136	large commit with copyright header modifications	2010-10-14 14:41:14 +00:00
Miroslav Stampar	b37dca1c2c	minor adjustment	2010-07-19 09:06:19 +00:00
Miroslav Stampar	9edd468caf	multithreading save to session on abort	2010-07-19 08:37:45 +00:00
Bernardo Damele	7349f3a70f	Closes #197	2010-07-01 15:25:57 +00:00
Miroslav Stampar	bb9401ba52	minor minor fixup	2010-07-01 14:14:43 +00:00
Miroslav Stampar	9d28ae23ca	fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)	2010-07-01 14:11:45 +00:00
Bernardo Damele	17e228024b	Minor enhancements and bug fixes to "good samaritan" feature - see #4	2010-06-21 14:40:12 +00:00
Bernardo Damele	b98f6ac71c	Minor layout adjustment	2010-06-17 13:27:43 +00:00
Bernardo Damele	fd76f048b6	Added common pattern value support to bisection algorithm	2010-06-17 11:38:32 +00:00
Miroslav Stampar	35642a0450	some more adjustments	2010-06-10 15:03:08 +00:00
Miroslav Stampar	1b30c46348	fix for an bug reported by David Guimaraes	2010-06-10 14:52:33 +00:00
Miroslav Stampar	7fbeebc4d9	grammar fix	2010-06-03 08:55:13 +00:00