Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b56a77e573 
							
						 
					 
					
						
						
							
							removing obsolete switches (--threshold, --excl-reg, --excl-str)  
						
						
						
					 
					
						2011-02-03 15:55:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							402c1b622e 
							
						 
					 
					
						
						
							
							removing urlencode from UA  
						
						
						
					 
					
						2011-02-02 15:18:06 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a37f5e05b9 
							
						 
					 
					
						
						
							
							Refactoring  
						
						
						
					 
					
						2011-02-01 22:27:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9b342a4c95 
							
						 
					 
					
						
						
							
							Bug fixes and proper packing/unpacking of custom statements and predefined queries for both error-based and UNION query techniques.  
						
						... 
						
						
						
						Now it deals in UNION query also with --start and --stop and resume has been enhanced for both techniques too. 
						
					 
					
						2011-02-01 22:07:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6761933f75 
							
						 
					 
					
						
						
							
							Just.. cosmetics ;)  
						
						
						
					 
					
						2011-01-31 22:51:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							35b6d7278a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-31 22:50:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2fd9621499 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						... 
						
						
						
						Cosmetics 
						
					 
					
						2011-01-31 21:22:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							60a2364f2b 
							
						 
					 
					
						
						
							
							now union technique parses headers too  
						
						
						
					 
					
						2011-01-31 12:41:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fc9c626f9e 
							
						 
					 
					
						
						
							
							minor refactoring (removed URL_ENCODE_PAYLOAD)  
						
						
						
					 
					
						2011-01-30 17:03:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ddf23ba7cc 
							
						 
					 
					
						
						
							
							refactoring  
						
						
						
					 
					
						2011-01-30 11:36:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							367d0639f0 
							
						 
					 
					
						
						
							
							refactoring (class names should always be Capital cased)  
						
						
						
					 
					
						2011-01-28 16:36:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b98cbeee04 
							
						 
					 
					
						
						
							
							page for handling binary files  
						
						
						
					 
					
						2011-01-27 22:00:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e74c571bc 
							
						 
					 
					
						
						
							
							centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels  
						
						
						
					 
					
						2011-01-27 19:44:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							81722b6881 
							
						 
					 
					
						
						
							
							major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values)  
						
						
						
					 
					
						2011-01-27 18:36:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03413bd5e0 
							
						 
					 
					
						
						
							
							minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload)  
						
						
						
					 
					
						2011-01-27 16:55:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							430fd5cd63 
							
						 
					 
					
						
						
							
							minor fixes  
						
						
						
					 
					
						2011-01-25 16:05:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cab86871fe 
							
						 
					 
					
						
						
							
							fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment)  
						
						
						
					 
					
						2011-01-25 11:02:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4093599f38 
							
						 
					 
					
						
						
							
							added parseTargetUrl to redirect choice  
						
						
						
					 
					
						2011-01-24 14:45:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							47fa600c04 
							
						 
					 
					
						
						
							
							Minor fix and cosmetics  
						
						
						
					 
					
						2011-01-24 11:12:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							97573693be 
							
						 
					 
					
						
						
							
							Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT  
						
						
						
					 
					
						2011-01-20 21:59:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f6f4b5e9dd 
							
						 
					 
					
						
						
							
							bug fix for charset used in inference for pages retrieved with --null-connection  
						
						
						
					 
					
						2011-01-20 11:01:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							bade0e3124 
							
						 
					 
					
						
						
							
							Major code refactoring - centralized all kb.dbms* info for both retrieval and set.  
						
						
						
					 
					
						2011-01-19 23:06:15 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							daebb0010b 
							
						 
					 
					
						
						
							
							Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based.  
						
						... 
						
						
						
						Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup. 
						
					 
					
						2011-01-18 23:02:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3822b494ea 
							
						 
					 
					
						
						
							
							Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.  
						
						
						
					 
					
						2011-01-17 23:43:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							041abb56e2 
							
						 
					 
					
						
						
							
							you can't believe how much man can learn when having good testing points  
						
						
						
					 
					
						2011-01-17 13:59:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34d13be0d3 
							
						 
					 
					
						
						
							
							minor update regarding default page encoding  
						
						
						
					 
					
						2011-01-17 10:23:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							30d6791968 
							
						 
					 
					
						
						
							
							update regarding time based data retrieval  
						
						
						
					 
					
						2011-01-16 17:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71391874eb 
							
						 
					 
					
						
						
							
							slightly faster and thread safer inference  
						
						
						
					 
					
						2011-01-16 10:52:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6e4b65a822 
							
						 
					 
					
						
						
							
							Minor refactoring  
						
						
						
					 
					
						2011-01-15 23:28:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1fa8f0cba7 
							
						 
					 
					
						
						
							
							code reviewing part 2  
						
						
						
					 
					
						2011-01-15 12:53:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fb9d7cdfaa 
							
						 
					 
					
						
						
							
							refactoring, code clearing and removal of obsolete switch --longest-common  
						
						
						
					 
					
						2011-01-14 14:37:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2ac8debea0 
							
						 
					 
					
						
						
							
							Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.  
						
						... 
						
						
						
						Minor bug fixes thanks to previous refactoring too. 
						
					 
					
						2011-01-13 17:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							af9725214a 
							
						 
					 
					
						
						
							
							Properly deal with partial (single entry) UNION injections.  
						
						... 
						
						
						
						Got rid of kb.union*, now it's all stored/used from kb.injection.
Minor bug fix with where=2 detection phase. 
						
					 
					
						2011-01-12 12:01:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							300128042c 
							
						 
					 
					
						
						
							
							First big commit to move UNION query tests to detection phase - there are some improvements and tuning to do yet though.  
						
						... 
						
						
						
						Major refactoring to Agent.payload() method.
Minor bug fixes, some code refactoring and a lot of core adjustments here and there.
Added more checks for injection in GROUP BY and ORDER BY. 
						
					 
					
						2011-01-11 22:18:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							06230e4d92 
							
						 
					 
					
						
						
							
							Minor code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-11 21:46:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b313a20a3f 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2011-01-07 16:39:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1c86ec374e 
							
						 
					 
					
						
						
							
							Code refactoring and cosmetics  
						
						
						
					 
					
						2011-01-07 15:41:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							694a65f6f1 
							
						 
					 
					
						
						
							
							minor fix/update  
						
						
						
					 
					
						2011-01-05 13:32:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7411052456 
							
						 
					 
					
						
						
							
							minor update regarding last commit  
						
						
						
					 
					
						2011-01-05 12:09:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							042e3f76ba 
							
						 
					 
					
						
						
							
							bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded)  
						
						
						
					 
					
						2011-01-05 11:36:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aa81ed4033 
							
						 
					 
					
						
						
							
							implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers)  
						
						
						
					 
					
						2011-01-04 15:49:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb11f5b2e0 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-04 13:07:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1dc73d0a1 
							
						 
					 
					
						
						
							
							minor, just in case update related to the previous commit  
						
						
						
					 
					
						2011-01-04 12:56:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							709a7d156b 
							
						 
					 
					
						
						
							
							fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...)  
						
						
						
					 
					
						2011-01-04 12:51:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d288c6d6e3 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2011-01-04 08:40:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0eabca9fd4 
							
						 
					 
					
						
						
							
							update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is)  
						
						
						
					 
					
						2011-01-03 22:31:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							08ccbf2c1e 
							
						 
					 
					
						
						
							
							important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding)  
						
						
						
					 
					
						2011-01-03 22:02:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							07129371bf 
							
						 
					 
					
						
						
							
							bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests)  
						
						
						
					 
					
						2011-01-03 13:04:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da138c46c1 
							
						 
					 
					
						
						
							
							added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly)  
						
						
						
					 
					
						2011-01-02 07:37:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ef27fd5ea1 
							
						 
					 
					
						
						
							
							there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) ( http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html ,  http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html )  
						
						
						
					 
					
						2011-01-01 15:20:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							281d124fa6 
							
						 
					 
					
						
						
							
							minor bug fix  
						
						
						
					 
					
						2010-12-31 12:04:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d1f5c1d7b7 
							
						 
					 
					
						
						
							
							now when we "decode page" based on a charset, sanitizeAsciiString only brings unneeded filtering  
						
						
						
					 
					
						2010-12-29 15:10:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							93838fb155 
							
						 
					 
					
						
						
							
							"patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError)  
						
						
						
					 
					
						2010-12-28 14:40:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c0423761e8 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-27 18:27:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9fb0e0fc85 
							
						 
					 
					
						
						
							
							resume of brute forced data is now available  
						
						
						
					 
					
						2010-12-27 14:17:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f2373121d0 
							
						 
					 
					
						
						
							
							noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more)  
						
						
						
					 
					
						2010-12-26 14:36:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							569e060aab 
							
						 
					 
					
						
						
							
							important improvement  
						
						
						
					 
					
						2010-12-26 13:20:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cd337d9f39 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-26 09:46:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							562a6440d1 
							
						 
					 
					
						
						
							
							fix for a bug reported by nightman (same as  http://bugs.python.org/issue8797 )  
						
						
						
					 
					
						2010-12-26 09:33:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b472b96f92 
							
						 
					 
					
						
						
							
							bug fix, refactoring and improved extractErrorMessage capabilities  
						
						
						
					 
					
						2010-12-25 10:16:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2c23a59ba5 
							
						 
					 
					
						
						
							
							fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)  
						
						
						
					 
					
						2010-12-24 12:13:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aab14fa2d3 
							
						 
					 
					
						
						
							
							minor refactoring/cosmetics  
						
						
						
					 
					
						2010-12-24 11:06:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a09716a701 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-24 10:07:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d5eebb1cbf 
							
						 
					 
					
						
						
							
							fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6  
						
						
						
					 
					
						2010-12-24 09:49:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cb17e61f35 
							
						 
					 
					
						
						
							
							bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959)  
						
						
						
					 
					
						2010-12-24 02:54:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8470de7b76 
							
						 
					 
					
						
						
							
							bug fix for boolean proxy when using time based payloads  
						
						
						
					 
					
						2010-12-23 23:46:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							017ea9e686 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-23 14:06:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fc60215ed 
							
						 
					 
					
						
						
							
							lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.  
						
						
						
					 
					
						2010-12-22 19:12:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							250608660d 
							
						 
					 
					
						
						
							
							Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not)  
						
						
						
					 
					
						2010-12-22 13:41:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5be9c04e44 
							
						 
					 
					
						
						
							
							update regarding Sybase syntax  
						
						
						
					 
					
						2010-12-22 10:39:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a525f28d4 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-21 15:26:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b2e7f9484d 
							
						 
					 
					
						
						
							
							minor tuning (2 techniques MAX per value used)  
						
						
						
					 
					
						2010-12-21 15:24:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							385e208f38 
							
						 
					 
					
						
						
							
							code refactoring regarding standard output suppression and some threading issues  
						
						
						
					 
					
						2010-12-21 14:21:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6b37ddada4 
							
						 
					 
					
						
						
							
							removed some blank trailing spaces (with extra/shutils/blanks.sh)  
						
						
						
					 
					
						2010-12-21 10:31:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d554460aec 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-21 01:09:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							416755c0b7 
							
						 
					 
					
						
						
							
							minor adjustments  
						
						
						
					 
					
						2010-12-21 00:25:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							29001a4fce 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-20 23:21:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fd3e7ba1f 
							
						 
					 
					
						
						
							
							thread based data added  
						
						
						
					 
					
						2010-12-20 22:45:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5852bad963 
							
						 
					 
					
						
						
							
							some refactoring  
						
						
						
					 
					
						2010-12-20 18:56:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c948bced61 
							
						 
					 
					
						
						
							
							should solve the problem with timeout problems in time-based payloads  
						
						
						
					 
					
						2010-12-20 16:45:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaf8929085 
							
						 
					 
					
						
						
							
							more minor updates  
						
						
						
					 
					
						2010-12-20 10:48:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe67d3827c 
							
						 
					 
					
						
						
							
							code refactoring and some fixes  
						
						
						
					 
					
						2010-12-18 09:51:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							108a96c6b4 
							
						 
					 
					
						
						
							
							some fixes  
						
						
						
					 
					
						2010-12-17 21:45:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b4450c6ddd 
							
						 
					 
					
						
						
							
							added one more level of MSSQL version check (if first fails for some reason)  
						
						
						
					 
					
						2010-12-17 21:01:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							95b2c0803b 
							
						 
					 
					
						
						
							
							minor fix  
						
						
						
					 
					
						2010-12-15 20:51:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cda00c7501 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-15 12:43:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3f34b06a24 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-15 12:34:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							445cc3bf3c 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-15 12:15:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1c525aaea 
							
						 
					 
					
						
						
							
							quick fix of a fix  
						
						
						
					 
					
						2010-12-15 12:10:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							270ae0f080 
							
						 
					 
					
						
						
							
							just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False  
						
						
						
					 
					
						2010-12-14 09:05:00 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a02dd6b55b 
							
						 
					 
					
						
						
							
							Minor enhancement to speedup active dbms fingerprint (-f).  
						
						... 
						
						
						
						Code cleanup and refactoring. 
						
					 
					
						2010-12-13 21:33:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a3c4485e6 
							
						 
					 
					
						
						
							
							minor update (removing extra ())  
						
						
						
					 
					
						2010-12-12 14:44:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f7344a5fc3 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-11 21:28:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e6c66fa37c 
							
						 
					 
					
						
						
							
							update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available  
						
						
						
					 
					
						2010-12-11 17:55:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e32fa9df43 
							
						 
					 
					
						
						
							
							further update regarding bugtrace's report  
						
						
						
					 
					
						2010-12-11 17:32:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5d18c98ec2 
							
						 
					 
					
						
						
							
							quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment)  
						
						
						
					 
					
						2010-12-11 17:20:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							03447acc1d 
							
						 
					 
					
						
						
							
							avoiding some trashy match ratios  
						
						
						
					 
					
						2010-12-11 17:12:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3dc0a51d34 
							
						 
					 
					
						
						
							
							major bug fix with boolean expressions  
						
						
						
					 
					
						2010-12-11 08:46:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac9080c07b 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-11 08:24:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							66db80804d 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-12-10 16:03:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							435f48b8cc 
							
						 
					 
					
						
						
							
							polite cosmetics  
						
						
						
					 
					
						2010-12-10 15:28:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							977988c0ab 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-10 15:24:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fa8d378e80 
							
						 
					 
					
						
						
							
							another update  
						
						
						
					 
					
						2010-12-10 15:18:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ef44cfe60 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-12-10 15:06:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fe186cde55 
							
						 
					 
					
						
						
							
							proper fix  
						
						
						
					 
					
						2010-12-10 13:26:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9957881040 
							
						 
					 
					
						
						
							
							you won't believe commit  
						
						
						
					 
					
						2010-12-10 13:20:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1fc9ed10a8 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-12-10 12:30:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4d8628e8fb 
							
						 
					 
					
						
						
							
							fix for booleans  
						
						
						
					 
					
						2010-12-10 12:26:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							471d9ccd65 
							
						 
					 
					
						
						
							
							another fix of my lala  
						
						
						
					 
					
						2010-12-10 10:11:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							029a6abba2 
							
						 
					 
					
						
						
							
							quick fix  
						
						
						
					 
					
						2010-12-10 09:54:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							441fc8dbd9 
							
						 
					 
					
						
						
							
							update regarding boolean based expressions  
						
						
						
					 
					
						2010-12-09 21:15:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1492823de0 
							
						 
					 
					
						
						
							
							it wasn't pretty, now it's pretty  
						
						
						
					 
					
						2010-12-09 20:06:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9230877d98 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-12-09 13:57:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							196131bbca 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-09 10:42:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3fd1c37d53 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-09 07:49:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b5c6527c72 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2010-12-09 00:25:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f5ce739bdf 
							
						 
					 
					
						
						
							
							Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.  
						
						
						
					 
					
						2010-12-08 23:52:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							54f6673609 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-08 22:38:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d6077273e0 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-12-08 22:14:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							40fadf2f35 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-08 14:33:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							01cf1394a4 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-08 14:26:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6223f25dd9 
							
						 
					 
					
						
						
							
							code beautification  
						
						
						
					 
					
						2010-12-08 13:04:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							64cc2588f1 
							
						 
					 
					
						
						
							
							now resume is available for time-based blinds too  
						
						
						
					 
					
						2010-12-08 12:49:26 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							537b619165 
							
						 
					 
					
						
						
							
							removing junk  
						
						
						
					 
					
						2010-12-08 12:30:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b5e45939e3 
							
						 
					 
					
						
						
							
							sqlmap premiere of blind time based query/bisection  
						
						
						
					 
					
						2010-12-08 12:28:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							47bb31fb47 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-08 11:30:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1ae2fa7f1a 
							
						 
					 
					
						
						
							
							update regarding time based payloads  
						
						
						
					 
					
						2010-12-08 11:26:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bdff4aba6a 
							
						 
					 
					
						
						
							
							switching to quick_ratio  
						
						
						
					 
					
						2010-12-07 23:57:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c1b82cf09c 
							
						 
					 
					
						
						
							
							ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results  
						
						
						
					 
					
						2010-12-07 23:53:44 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a4a63f5b1e 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-12-07 23:49:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							293ce18fed 
							
						 
					 
					
						
						
							
							two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)  
						
						
						
					 
					
						2010-12-07 23:32:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc651d59ec 
							
						 
					 
					
						
						
							
							little mathematics here and there (used "Rules for normally distributed data")  
						
						
						
					 
					
						2010-12-07 19:19:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							81e7465ed2 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-12-07 17:16:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							294119d2ec 
							
						 
					 
					
						
						
							
							more advanced time technique(s)  
						
						
						
					 
					
						2010-12-07 16:04:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e53fef546e 
							
						 
					 
					
						
						
							
							update regarding session page templates  
						
						
						
					 
					
						2010-12-07 14:35:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							add6235b16 
							
						 
					 
					
						
						
							
							removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session  
						
						
						
					 
					
						2010-12-07 14:06:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0dc630203f 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-07 13:34:06 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d77ddbee47 
							
						 
					 
					
						
						
							
							OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND)  
						
						
						
					 
					
						2010-12-06 18:20:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17449754fe 
							
						 
					 
					
						
						
							
							Got rid of UNION false cond  
						
						
						
					 
					
						2010-12-05 16:16:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9e5f933ace 
							
						 
					 
					
						
						
							
							some updates  
						
						
						
					 
					
						2010-12-04 15:47:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eeb199375b 
							
						 
					 
					
						
						
							
							usage of compiled regexes in case of dynamic markings and other refactoring  
						
						
						
					 
					
						2010-12-04 13:23:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0fc7a8f9e8 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-12-04 10:13:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							04714374f9 
							
						 
					 
					
						
						
							
							now you can use kb.pageTemplate to set a page which will be used as a template in comparison process (at least in '-[RANDNUM] OR' cases we'll need to use different template(s))  
						
						
						
					 
					
						2010-12-04 10:05:18 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5764816891 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-12-03 22:28:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5d37df6104 
							
						 
					 
					
						
						
							
							Ugly code to set the cookies when got them from a 302 redirect too  
						
						
						
					 
					
						2010-12-03 17:41:10 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							11058667e4 
							
						 
					 
					
						
						
							
							Better naming  
						
						
						
					 
					
						2010-12-03 14:45:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							22de82634a 
							
						 
					 
					
						
						
							
							Important update to parse correctly the <where> tag during exploitation phase.  
						
						... 
						
						
						
						Minor code cleanup. 
						
					 
					
						2010-12-03 10:44:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							283a04e29a 
							
						 
					 
					
						
						
							
							On my way to properly parse test's <where> tag in exploitation phase  
						
						
						
					 
					
						2010-12-01 23:32:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							089c16a1b8 
							
						 
					 
					
						
						
							
							Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.  
						
						... 
						
						
						
						Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders. 
						
					 
					
						2010-12-01 17:09:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							025361c970 
							
						 
					 
					
						
						
							
							Higher precedence to union query sql inj than error-based  
						
						
						
					 
					
						2010-12-01 10:57:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e735f2960a 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-29 15:25:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							472f4465a6 
							
						 
					 
					
						
						
							
							Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.  
						
						... 
						
						
						
						Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring. 
						
					 
					
						2010-11-28 21:27:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7e3b24afe6 
							
						 
					 
					
						
						
							
							Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.  
						
						... 
						
						
						
						All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work! 
						
					 
					
						2010-11-28 18:10:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							253eafb643 
							
						 
					 
					
						
						
							
							paranoid cosmetics  
						
						
						
					 
					
						2010-11-24 12:03:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							17486e472a 
							
						 
					 
					
						
						
							
							Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!  
						
						
						
					 
					
						2010-11-17 22:00:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3d25071d06 
							
						 
					 
					
						
						
							
							another minor improvement regarding logging of http traffic  
						
						
						
					 
					
						2010-11-17 12:16:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3e569a1693 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-17 12:04:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5abbea4a9f 
							
						 
					 
					
						
						
							
							fix for a bug reported by nightman (unknown charset 'null')  
						
						
						
					 
					
						2010-11-17 09:57:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3487429eac 
							
						 
					 
					
						
						
							
							minor cosmetics  
						
						
						
					 
					
						2010-11-16 14:41:46 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3640dbf745 
							
						 
					 
					
						
						
							
							fix for --parse-errors (on IIS HTTP error is raised which need to be processed)  
						
						
						
					 
					
						2010-11-16 14:33:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6232397129 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-16 10:52:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6ef3846400 
							
						 
					 
					
						
						
							
							update regarding error parsing (and reporting)  
						
						
						
					 
					
						2010-11-16 10:42:42 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							71cb982039 
							
						 
					 
					
						
						
							
							Another bug fix to --union-test  
						
						
						
					 
					
						2010-11-15 21:42:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							06a872fc99 
							
						 
					 
					
						
						
							
							update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))  
						
						
						
					 
					
						2010-11-12 22:57:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							27735b14df 
							
						 
					 
					
						
						
							
							update (--string and --regex should be done regardless of wasLastRequestError)  
						
						
						
					 
					
						2010-11-12 22:44:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							697b32554c 
							
						 
					 
					
						
						
							
							fix for a bug "ordinal not in range(128)" reported by bugtrace  
						
						
						
					 
					
						2010-11-12 11:48:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f83dd2251b 
							
						 
					 
					
						
						
							
							Properly save error-based enumerated data in session file, able to be resumed like with other techniques  
						
						
						
					 
					
						2010-11-12 11:40:37 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a14e4d9668 
							
						 
					 
					
						
						
							
							Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.  
						
						
						
					 
					
						2010-11-12 10:16:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19c1bfa368 
							
						 
					 
					
						
						
							
							just a precaution (now i really need to go for a sleep)  
						
						
						
					 
					
						2010-11-09 23:38:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							88c00e61d3 
							
						 
					 
					
						
						
							
							another update  
						
						
						
					 
					
						2010-11-09 23:35:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							47720a43dd 
							
						 
					 
					
						
						
							
							minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)  
						
						
						
					 
					
						2010-11-09 23:21:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5ebd5d935c 
							
						 
					 
					
						
						
							
							another name change  
						
						
						
					 
					
						2010-11-09 22:49:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							06f00cf8c1 
							
						 
					 
					
						
						
							
							name change  
						
						
						
					 
					
						2010-11-09 22:48:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fef60d5cb7 
							
						 
					 
					
						
						
							
							some fixes :)  
						
						
						
					 
					
						2010-11-09 22:32:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1cc99e2247 
							
						 
					 
					
						
						
							
							Possible quick fix for missing of True/False comparison of stable-but-not-really pages  
						
						
						
					 
					
						2010-11-09 21:39:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							45ec8c169a 
							
						 
					 
					
						
						
							
							Consistency between --*-test switches/output  
						
						
						
					 
					
						2010-11-08 16:46:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							fda8752dca 
							
						 
					 
					
						
						
							
							revert of some HTTP headers handling  
						
						
						
					 
					
						2010-11-08 13:26:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							78d7b17483 
							
						 
					 
					
						
						
							
							More replacements for refactoring.  
						
						... 
						
						
						
						Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters. 
						
					 
					
						2010-11-08 12:36:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eb999de0f1 
							
						 
					 
					
						
						
							
							added Range handler (dealing with 206 HTTP messages)  
						
						
						
					 
					
						2010-11-08 12:26:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							875781bf97 
							
						 
					 
					
						
						
							
							another minor fix  
						
						
						
					 
					
						2010-11-08 11:55:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4a4a3051e5 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-11-08 11:39:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3de10e3a2 
							
						 
					 
					
						
						
							
							new option -t  
						
						
						
					 
					
						2010-11-08 11:22:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0d0e2a2228 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-08 09:49:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d551423379 
							
						 
					 
					
						
						
							
							further enum refactoring  
						
						
						
					 
					
						2010-11-08 09:44:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							862395ced1 
							
						 
					 
					
						
						
							
							further refactoring (all enumerations are now put into enums.py)  
						
						
						
					 
					
						2010-11-08 09:20:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8e44aa605a 
							
						 
					 
					
						
						
							
							refactoring regarding injection place (more left)  
						
						
						
					 
					
						2010-11-08 08:02:36 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b6da946883 
							
						 
					 
					
						
						
							
							Added one new verbose level, -v 3 now shows the full injected payload.  
						
						... 
						
						
						
						Fixed also -d verbose output. 
						
					 
					
						2010-11-07 22:34:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a96467b3e2 
							
						 
					 
					
						
						
							
							Refactoring  
						
						
						
					 
					
						2010-11-07 21:55:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7a6c086a27 
							
						 
					 
					
						
						
							
							setting direct query info output to same level as payload info (logger.DEBUG)  
						
						
						
					 
					
						2010-11-07 21:42:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d3e7e89e60 
							
						 
					 
					
						
						
							
							major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces  
						
						
						
					 
					
						2010-11-07 21:18:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							620fa1c8fb 
							
						 
					 
					
						
						
							
							trust me, i know what i am doing :)  
						
						
						
					 
					
						2010-11-07 20:33:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							4d81da6bc8 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-11-07 16:23:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							00dfd55830 
							
						 
					 
					
						
						
							
							added powerful switch --longest-common for dealing with heavy dynamicity  
						
						
						
					 
					
						2010-11-07 08:52:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							508b9cc763 
							
						 
					 
					
						
						
							
							dynamicity engine update  
						
						
						
					 
					
						2010-11-07 00:12:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3619fc5127 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-11-06 08:31:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0e895fa512 
							
						 
					 
					
						
						
							
							update of dynamicity testing and few misc fixes  
						
						
						
					 
					
						2010-11-05 13:14:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ef1809464d 
							
						 
					 
					
						
						
							
							bug fix for that BadStatusLine ( http://bugs.python.org/issue8450 )  
						
						
						
					 
					
						2010-11-05 11:58:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6295a59a30 
							
						 
					 
					
						
						
							
							minor update/fix  
						
						
						
					 
					
						2010-11-05 11:39:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5f7f4bf15b 
							
						 
					 
					
						
						
							
							minor debug update (probably temporary)  
						
						
						
					 
					
						2010-11-05 11:04:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							29b7c5366c 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-11-04 17:22:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e1cec8c02b 
							
						 
					 
					
						
						
							
							fix for all that stable, dynamic mambo jambo :)  
						
						
						
					 
					
						2010-11-04 16:44:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f1f7e0bfe0 
							
						 
					 
					
						
						
							
							fix for "unknown charset 'en_us'" (reported by ToR)  
						
						
						
					 
					
						2010-11-04 13:56:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b152b1a04d 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-11-03 22:07:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71d0b1bcd7 
							
						 
					 
					
						
						
							
							several bug fixes  
						
						
						
					 
					
						2010-11-03 21:51:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							44678fa320 
							
						 
					 
					
						
						
							
							fix for a bug reported by ToR (TypeError: unsupported operand type(s) for *: 'float' and 'NoneType')  
						
						
						
					 
					
						2010-11-03 12:40:11 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6adee3792a 
							
						 
					 
					
						
						
							
							removed all trailing spaces from blank lines  
						
						
						
					 
					
						2010-11-03 10:08:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							861706fb31 
							
						 
					 
					
						
						
							
							fix for bug reported by ToR (unknown charset 'utf-8, text/html')  
						
						
						
					 
					
						2010-11-02 18:01:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							685a8e7d2c 
							
						 
					 
					
						
						
							
							refactoring of hard coded dbms names  
						
						
						
					 
					
						2010-11-02 11:59:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5269cb8c08 
							
						 
					 
					
						
						
							
							some code refactoring and beautification  
						
						
						
					 
					
						2010-11-02 09:06:38 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							13e93f564a 
							
						 
					 
					
						
						
							
							one bug fix in dynamic content engine and some code refactoring  
						
						
						
					 
					
						2010-11-02 07:32:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							486a113560 
							
						 
					 
					
						
						
							
							Consolidate logger messages for --*-test switches  
						
						
						
					 
					
						2010-10-31 16:58:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3eda4510e2 
							
						 
					 
					
						
						
							
							Properly encode the cookie  
						
						
						
					 
					
						2010-10-31 11:26:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3a48bee9b0 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2010-10-31 11:03:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8cf0ebde1e 
							
						 
					 
					
						
						
							
							Cosmetics  
						
						
						
					 
					
						2010-10-29 23:00:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cbf38436f2 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-10-29 16:15:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5a38ac7ea9 
							
						 
					 
					
						
						
							
							important update regarding (Bug  #209 ) - probably more will be needed  
						
						
						
					 
					
						2010-10-29 16:11:50 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							895efd28a6 
							
						 
					 
					
						
						
							
							one more update regarding Bug  #205  
						
						
						
					 
					
						2010-10-28 23:22:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							788eb8fb50 
							
						 
					 
					
						
						
							
							update regarding Bug  #205  
						
						
						
					 
					
						2010-10-28 22:59:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f5904d0bc0 
							
						 
					 
					
						
						
							
							Major bug fix to --union-test  
						
						
						
					 
					
						2010-10-25 23:39:55 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							228ac0cde5 
							
						 
					 
					
						
						
							
							refactoring regarding --check-payload  
						
						
						
					 
					
						2010-10-25 18:38:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							378653a1ec 
							
						 
					 
					
						
						
							
							added IDS payload testing  
						
						
						
					 
					
						2010-10-25 15:37:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							215175e3b7 
							
						 
					 
					
						
						
							
							Minor code adjustments  
						
						
						
					 
					
						2010-10-25 14:11:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							24c5d7b313 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-10-25 14:06:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							9c94a233a1 
							
						 
					 
					
						
						
							
							conf.md5hash thrown out  
						
						
						
					 
					
						2010-10-25 13:52:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							32728d14b7 
							
						 
					 
					
						
						
							
							fix for --union-use with --error-test  
						
						
						
					 
					
						2010-10-25 12:25:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71543092b7 
							
						 
					 
					
						
						
							
							update regarding comparison engine  
						
						
						
					 
					
						2010-10-25 12:00:59 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8df7c88174 
							
						 
					 
					
						
						
							
							implementation of a new dynamic content removal engine  
						
						
						
					 
					
						2010-10-25 10:41:37 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							db260c44d3 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-10-24 22:25:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dec4d858b3 
							
						 
					 
					
						
						
							
							fix for Bug  #207  
						
						
						
					 
					
						2010-10-22 14:01:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bc79eec702 
							
						 
					 
					
						
						
							
							removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)  
						
						
						
					 
					
						2010-10-21 13:13:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							be443c6947 
							
						 
					 
					
						
						
							
							refactoring regarding __START__,...  
						
						
						
					 
					
						2010-10-21 09:51:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							2668c95ef4 
							
						 
					 
					
						
						
							
							added default HTTP version used by httplib and urllib2  
						
						
						
					 
					
						2010-10-21 09:10:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7f1aa3b94f 
							
						 
					 
					
						
						
							
							Removed unused imports  
						
						
						
					 
					
						2010-10-20 22:48:51 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							934adb5e8d 
							
						 
					 
					
						
						
							
							code refactoring  
						
						
						
					 
					
						2010-10-20 09:09:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b032fdbf74 
							
						 
					 
					
						
						
							
							added randInt to error injection vectors  
						
						
						
					 
					
						2010-10-20 08:56:58 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dabbcf9e23 
							
						 
					 
					
						
						
							
							fix for that 'Subquery returns more than 1 row'  
						
						
						
					 
					
						2010-10-20 08:50:05 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							82f44989ce 
							
						 
					 
					
						
						
							
							update of error based injection and bug fix for --roles on MSSQL server  
						
						
						
					 
					
						2010-10-20 06:40:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8776db872c 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-10-19 23:05:24 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1b376c99a6 
							
						 
					 
					
						
						
							
							removed temp dictionary and replaced with kb.misc  
						
						
						
					 
					
						2010-10-19 23:00:19 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7927e97007 
							
						 
					 
					
						
						
							
							update  
						
						
						
					 
					
						2010-10-19 18:34:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							415524bd5a 
							
						 
					 
					
						
						
							
							remove --error, now it's only --error-test (it needs to return True to be able to use it)  
						
						
						
					 
					
						2010-10-19 18:34:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4009ef385e 
							
						 
					 
					
						
						
							
							more update regarding error based injection support  
						
						
						
					 
					
						2010-10-19 18:17:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b2e0b615f8 
							
						 
					 
					
						
						
							
							fix for that MySQL checking  
						
						
						
					 
					
						2010-10-19 17:38:39 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34d7de1d46 
							
						 
					 
					
						
						
							
							cosmetics  
						
						
						
					 
					
						2010-10-19 15:28:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d7622bb9cf 
							
						 
					 
					
						
						
							
							major fix for MySQL error based injections  
						
						
						
					 
					
						2010-10-19 15:17:16 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							80505de15b 
							
						 
					 
					
						
						
							
							now --users work on Oracle and Postgre (tested)  
						
						
						
					 
					
						2010-10-19 14:56:57 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4bc541ec3c 
							
						 
					 
					
						
						
							
							error based update  
						
						
						
					 
					
						2010-10-19 14:47:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d0ebe428da 
							
						 
					 
					
						
						
							
							i've left error flag  
						
						
						
					 
					
						2010-10-19 14:12:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bf850af2d8 
							
						 
					 
					
						
						
							
							fix for Oracle error based query "space" problem  
						
						
						
					 
					
						2010-10-19 14:10:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a8b1046d4 
							
						 
					 
					
						
						
							
							first successfull run of error based sqlmap in history :). tested --banner, --current-user, --current-db on 4 major DBMSes. still hidden from users (turn on flag error in getValue() in inject.py)  
						
						
						
					 
					
						2010-10-19 12:02:04 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b8fff41fe 
							
						 
					 
					
						
						
							
							cosmetics (adding html parsed DBMS) regarding heuristic check  
						
						
						
					 
					
						2010-10-18 12:11:16 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							36bc410333 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-10-18 09:50:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							149837ebf5 
							
						 
					 
					
						
						
							
							added the same for proxy authorization header  
						
						
						
					 
					
						2010-10-18 09:02:56 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							aaebb4336e 
							
						 
					 
					
						
						
							
							fix for Bug  #202  
						
						
						
					 
					
						2010-10-18 08:54:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dcb9c2103a 
							
						 
					 
					
						
						
							
							just in case update  
						
						
						
					 
					
						2010-10-15 11:20:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5f6d88a418 
							
						 
					 
					
						
						
							
							Minor comment  
						
						
						
					 
					
						2010-10-15 11:17:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c5e385f77a 
							
						 
					 
					
						
						
							
							More layout adjustments  
						
						
						
					 
					
						2010-10-15 10:28:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							207bef7f19 
							
						 
					 
					
						
						
							
							fix for that SQLite3 vs SQLite2 issue  
						
						
						
					 
					
						2010-10-15 09:39:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4f7f20b94f 
							
						 
					 
					
						
						
							
							sorry, cosmetics  
						
						
						
					 
					
						2010-10-14 23:18:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1674142d82 
							
						 
					 
					
						
						
							
							Minor cosmetic fixes  
						
						
						
					 
					
						2010-10-14 15:28:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b48833136 
							
						 
					 
					
						
						
							
							large commit with copyright header modifications  
						
						
						
					 
					
						2010-10-14 14:41:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							162d01abed 
							
						 
					 
					
						
						
							
							commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)  
						
						
						
					 
					
						2010-10-14 11:06:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc50543ea4 
							
						 
					 
					
						
						
							
							major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)  
						
						
						
					 
					
						2010-10-13 23:01:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36ef8ca575 
							
						 
					 
					
						
						
							
							bug fix  
						
						
						
					 
					
						2010-10-13 22:42:48 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							02a14d4c45 
							
						 
					 
					
						
						
							
							added Referer (part of Feature  #37 )  
						
						
						
					 
					
						2010-10-13 22:08:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34580f56fc 
							
						 
					 
					
						
						
							
							added --tamper option  
						
						
						
					 
					
						2010-10-12 22:45:25 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2ec132469 
							
						 
					 
					
						
						
							
							added --text-only switch  
						
						
						
					 
					
						2010-10-12 19:41:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1369529103 
							
						 
					 
					
						
						
							
							minor cosmetic update  
						
						
						
					 
					
						2010-10-11 13:52:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							43892cddbb 
							
						 
					 
					
						
						
							
							some updates  
						
						
						
					 
					
						2010-10-11 12:26:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8fcad29bbf 
							
						 
					 
					
						
						
							
							new feature --forms (still unfinished)  
						
						
						
					 
					
						2010-10-10 18:56:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							adf2231edb 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-10-06 13:38:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							cf17debf79 
							
						 
					 
					
						
						
							
							changed connection message priority to critical (when verbose=0 it's displayed too)  
						
						
						
					 
					
						2010-09-27 13:34:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							13bb3a6212 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-09-23 14:07:23 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							da8ae5578b 
							
						 
					 
					
						
						
							
							first commit regarding Feature  #144  
						
						
						
					 
					
						2010-09-22 11:56:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							975b96ae28 
							
						 
					 
					
						
						
							
							minor refactoring  
						
						
						
					 
					
						2010-09-16 09:47:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1741801ade 
							
						 
					 
					
						
						
							
							implementation of HEAD/Range methods  
						
						
						
					 
					
						2010-09-16 09:32:09 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b745331974 
							
						 
					 
					
						
						
							
							added null connection check  
						
						
						
					 
					
						2010-09-16 08:43:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ecd6b573f7 
							
						 
					 
					
						
						
							
							added method parameter to the queryPage function  
						
						
						
					 
					
						2010-09-15 14:17:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							34a8cd75e3 
							
						 
					 
					
						
						
							
							added support for setting HTTP method manualy  
						
						
						
					 
					
						2010-09-15 12:45:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							798ab4989b 
							
						 
					 
					
						
						
							
							fix for a Bug  #200  
						
						
						
					 
					
						2010-09-14 10:35:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							19fb2e3dcf 
							
						 
					 
					
						
						
							
							fix for Bug  #165  
						
						
						
					 
					
						2010-09-13 13:31:01 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							53289c6a42 
							
						 
					 
					
						
						
							
							fix for bug reported by Marek Sarvas (unicode)  
						
						
						
					 
					
						2010-09-09 14:03:45 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							27d76847fe 
							
						 
					 
					
						
						
							
							fix for bug reported by Truong Duc Luong  
						
						
						
					 
					
						2010-09-01 08:46:21 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							436b7d82fb 
							
						 
					 
					
						
						
							
							fixed a bug reported by Marek Sarvas  
						
						
						
					 
					
						2010-08-22 08:52:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							057ec8a6b2 
							
						 
					 
					
						
						
							
							added --ratio option for direct manipulation of conf.matchRatio parameter  
						
						
						
					 
					
						2010-08-10 19:53:29 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6a6ff09c9a 
							
						 
					 
					
						
						
							
							fix for a bug reported by Marek Sarvas  
						
						
						
					 
					
						2010-07-26 08:11:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d2f88b6ebe 
							
						 
					 
					
						
						
							
							detecting infinite redirect loops (Feature  #192 )  
						
						
						
					 
					
						2010-07-19 12:38:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							48a67d6d51 
							
						 
					 
					
						
						
							
							fix for "unknown charset 'windows-874'" reported by Phat R.  
						
						
						
					 
					
						2010-07-15 08:44:42 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							0d08903bc3 
							
						 
					 
					
						
						
							
							some charset fix up  
						
						
						
					 
					
						2010-06-30 12:09:33 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9ea72f9640 
							
						 
					 
					
						
						
							
							Minor bug fixes to -d  
						
						
						
					 
					
						2010-06-25 13:24:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9bce22683b 
							
						 
					 
					
						
						
							
							Minor bug fix and adjustment to deal with Keep-Alive also against Google (-g)  
						
						
						
					 
					
						2010-06-11 10:08:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							fea2414759 
							
						 
					 
					
						
						
							
							Display HTTP request in -v>=3 even if connection failed  
						
						
						
					 
					
						2010-06-10 14:42:17 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5bb8e154eb 
							
						 
					 
					
						
						
							
							Minor code improvements  
						
						
						
					 
					
						2010-06-10 14:15:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							36953221f8 
							
						 
					 
					
						
						
							
							few quick changes  
						
						
						
					 
					
						2010-06-10 11:34:17 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							eaef068c90 
							
						 
					 
					
						
						
							
							major bug fix (different HTTP content charsets are now properly handled)  
						
						
						
					 
					
						2010-06-09 14:40:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							12a5ec9f3d 
							
						 
					 
					
						
						
							
							more unicode refactoring  
						
						
						
					 
					
						2010-06-02 12:45:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e98b049e7f 
							
						 
					 
					
						
						
							
							Added unicode support also to PostgreSQL connector - see  #184 .  
						
						
						
					 
					
						2010-05-29 11:46:41 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e811101dce 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-05-28 23:39:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ac6ce478a0 
							
						 
					 
					
						
						
							
							just removing unneded and possible future source of confusion  
						
						
						
					 
					
						2010-05-28 14:19:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a3db3c03c1 
							
						 
					 
					
						
						
							
							str() -> unicode()  
						
						
						
					 
					
						2010-05-28 13:05:02 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							94354d0862 
							
						 
					 
					
						
						
							
							removing previous fix  
						
						
						
					 
					
						2010-05-28 11:53:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							f26de89216 
							
						 
					 
					
						
						
							
							Minor bug fix to correctly deal with unicode queries with -d  
						
						
						
					 
					
						2010-05-28 11:32:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							dc83f794ea 
							
						 
					 
					
						
						
							
							fix regarding proper string isinstance checking (including unicode)  
						
						
						
					 
					
						2010-05-25 10:09:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5d5ebd49b6 
							
						 
					 
					
						
						
							
							introducing regex caching mechanism  
						
						
						
					 
					
						2010-05-21 14:42:59 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							cda8da288c 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2010-05-21 12:18:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f6bffb61d3 
							
						 
					 
					
						
						
							
							minor adjustment  
						
						
						
					 
					
						2010-05-21 11:51:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							460a1ba872 
							
						 
					 
					
						
						
							
							fix for my imperfect calculations :)  
						
						
						
					 
					
						2010-05-21 11:41:49 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							68e13c3872 
							
						 
					 
					
						
						
							
							periodical commit  
						
						
						
					 
					
						2010-05-21 09:35:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							b8a5a54395 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-05-15 20:44:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4984ceac49 
							
						 
					 
					
						
						
							
							some code refactoring and minor speed up (jump prediction rule)  
						
						
						
					 
					
						2010-05-14 15:20:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ed20f1cf33 
							
						 
					 
					
						
						
							
							some more speed up (one time compilation of popular regexes)  
						
						
						
					 
					
						2010-05-14 14:48:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3ead88c364 
							
						 
					 
					
						
						
							
							minor tweak  
						
						
						
					 
					
						2010-05-14 14:36:54 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							131789a6e4 
							
						 
					 
					
						
						
							
							some code refactoring  
						
						
						
					 
					
						2010-05-14 14:21:13 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5396f13bab 
							
						 
					 
					
						
						
							
							added CPU throttling for lowering sqlmap's CPU intensivity  
						
						
						
					 
					
						2010-05-13 15:19:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ca3e12ae73 
							
						 
					 
					
						
						
							
							added calculateDeltaSeconds method for dealing with non-deterministic time behaviour in some cases (e.g. WAITFOR DELAY in case of MSSQL)  
						
						
						
					 
					
						2010-05-13 11:05:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8b74c405f5 
							
						 
					 
					
						
						
							
							Minor output bug fix  
						
						
						
					 
					
						2010-05-11 14:15:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							457d32c73e 
							
						 
					 
					
						
						
							
							Proper displaying of debug messages (-v >= 2)  
						
						
						
					 
					
						2010-05-11 13:58:53 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							44ea8f1861 
							
						 
					 
					
						
						
							
							Minor adjustment  
						
						
						
					 
					
						2010-05-06 11:00:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							147e14356d 
							
						 
					 
					
						
						
							
							Major bug fix (reported by Thierry Zoller)  
						
						
						
					 
					
						2010-05-06 10:52:40 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							4928c684b3 
							
						 
					 
					
						
						
							
							one more thing  
						
						
						
					 
					
						2010-05-04 08:45:10 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							789dd6c66f 
							
						 
					 
					
						
						
							
							more quick fixes  
						
						
						
					 
					
						2010-05-04 08:43:14 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							af701cdaa2 
							
						 
					 
					
						
						
							
							better way to handle that last commit problem  
						
						
						
					 
					
						2010-05-04 08:36:35 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							5bc07426e0 
							
						 
					 
					
						
						
							
							added exception handler around block reported by Thierry Zoller  
						
						
						
					 
					
						2010-05-04 08:03:48 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							90d9900371 
							
						 
					 
					
						
						
							
							Minor bug fix to consider --start and --stop also in partial UNION query SQL injection  
						
						
						
					 
					
						2010-04-30 15:48:40 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a1b1f960cc 
							
						 
					 
					
						
						
							
							Finally fixed and adapted all code around to the new isWindowsDriveLetterPath() function  
						
						
						
					 
					
						2010-04-23 16:34:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1aeaa5db47 
							
						 
					 
					
						
						
							
							implementation of Feature  #176  (Safe URL: avoid being kicked out after N unsuccessful requests)  
						
						
						
					 
					
						2010-04-16 12:44:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5e86087cb1 
							
						 
					 
					
						
						
							
							Minor bug fix for -d to avoid resuming queries when they're SELECT on sqlmap own tables, aligned to same resume of -u now.  
						
						
						
					 
					
						2010-04-15 10:06:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eecee3b274 
							
						 
					 
					
						
						
							
							Added resume functionality to -d and fixed logging with -d  
						
						
						
					 
					
						2010-04-12 09:35:20 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b72ddb6f1e 
							
						 
					 
					
						
						
							
							Fixes non-deterministic unsorted results for most of the DBMSes - see  #185  
						
						
						
					 
					
						2010-04-09 15:48:53 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							63c70018ca 
							
						 
					 
					
						
						
							
							fix for that update (conf.cj) problem mentioned by shiftzwei@gmail.com  
						
						
						
					 
					
						2010-04-09 10:16:15 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							6e7be5edb0 
							
						 
					 
					
						
						
							
							another fix  
						
						
						
					 
					
						2010-04-06 15:51:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							c303feab17 
							
						 
					 
					
						
						
							
							fix  
						
						
						
					 
					
						2010-04-06 15:14:32 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e2810003ae 
							
						 
					 
					
						
						
							
							more update  
						
						
						
					 
					
						2010-04-06 15:12:52 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5fdebb5d5b 
							
						 
					 
					
						
						
							
							Added support to directly connect also to Microsoft SQL Server database.  
						
						... 
						
						
						
						Fixed direct connection to always use the same query as of UNION query SQL injection (= one query with multiple columns/entries output).
Minor fixes to Firebird/Access/SQLite connectors to use connector's execute()/fetchall() as wrapper for third-party libraries' methods.
Forced conf.timeout to 10 seconds when directly connecting to database.
Slightly improved regular expression to parse -d parameter.
Added import check for all connectors' third-party libraries.
Code refactoring:
* Moved conf.direct request to direct() function in lib/request/direct.py (code reused where needed).
* Back-delegated to generic connector close() and other methods. 
						
					 
					
						2010-03-31 10:50:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							bfc12e93c5 
							
						 
					 
					
						
						
							
							ms access returns -1 for True  
						
						
						
					 
					
						2010-03-30 11:33:51 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a0290a257b 
							
						 
					 
					
						
						
							
							Added support to connect directly also to Oracle - see  #158  
						
						
						
					 
					
						2010-03-27 21:50:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1416cd0d86 
							
						 
					 
					
						
						
							
							Major enhancement to directly connect to the dbms without passing via a sql injection: adapted code accordingly - see  #158 . This feature relies on python third-party libraries to be able to connect to the database. For the moment it has been implemented for MySQL (with python-mysqldb module) and PostgreSQL (with python-psycopg2 module).  
						
						... 
						
						
						
						Minor layout adjustments. 
						
					 
					
						2010-03-26 23:23:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e57767c48 
							
						 
					 
					
						
						
							
							Fixes   #180  - properly url encode sqlmap payload in POST/Cookie too, like for GET  
						
						
						
					 
					
						2010-03-23 10:27:39 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d13ad8b2d7 
							
						 
					 
					
						
						
							
							fixes   #181  - proper save/resume information about single entry UNION SQL injection  
						
						
						
					 
					
						2010-03-22 15:39:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							72f3674844 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2010-03-18 17:36:58 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0d559d14df 
							
						 
					 
					
						
						
							
							Initial support for SQLite (90% approx).  
						
						... 
						
						
						
						Initial support for Firebird (30% approx).
Initial support for Access (10% approx).
Shared libraries code/installation scripts ported to 64bit, directory structure adapted.
Minor code adjustments. 
						
					 
					
						2010-03-18 17:20:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							466df89c4a 
							
						 
					 
					
						
						
							
							Fixes   #178  and  #179  - proper handling of custom redirects  
						
						
						
					 
					
						2010-03-16 14:30:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							3b3353e05b 
							
						 
					 
					
						
						
							
							Revert last commit  
						
						
						
					 
					
						2010-03-16 13:56:36 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							1dfe558d3d 
							
						 
					 
					
						
						
							
							Fix for Issue  #177  
						
						
						
					 
					
						2010-03-16 13:11:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							323cf2b7f2 
							
						 
					 
					
						
						
							
							Fixes   #177  - Don't exit at exception if in "multiple targets" mode (-l or -g)  
						
						
						
					 
					
						2010-03-16 12:14:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							6d0ea86414 
							
						 
					 
					
						
						
							
							Fixes   #59  - proper customizable redirect (302 and 301)  
						
						
						
					 
					
						2010-03-15 14:24:43 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							91dd609e26 
							
						 
					 
					
						
						
							
							fixed threading bug (difflib :)  
						
						
						
					 
					
						2010-03-10 14:14:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							156fdd96ef 
							
						 
					 
					
						
						
							
							Updated copyright  
						
						
						
					 
					
						2010-03-03 15:26:27 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a0f5c3d885 
							
						 
					 
					
						
						
							
							minor update  
						
						
						
					 
					
						2010-02-25 13:45:28 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							3e152f8b20 
							
						 
					 
					
						
						
							
							minor code refactoring  
						
						
						
					 
					
						2010-02-25 13:33:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							28d5248c04 
							
						 
					 
					
						
						
							
							one more fix regarding localhost/global proxy issue  
						
						
						
					 
					
						2010-02-25 13:30:22 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							542b01993e 
							
						 
					 
					
						
						
							
							minor fix regarding exception handling of multi-part post handler  
						
						
						
					 
					
						2010-02-09 14:02:47 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							a6674edf8a 
							
						 
					 
					
						
						
							
							regular expressions revisited  
						
						
						
					 
					
						2010-02-09 13:01:08 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ec63fc4036 
							
						 
					 
					
						
						
							
							code refactoring - added functions posixToNtSlashes and ntToPosixSlashes  
						
						
						
					 
					
						2010-02-04 14:37:00 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							e4699f389d 
							
						 
					 
					
						
						
							
							some bug fixes regarding --os-shell usage against windows servers  
						
						
						
					 
					
						2010-02-04 09:49:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							ea045eaa2f 
							
						 
					 
					
						
						
							
							fixed serious issue with adding file paths into kb.absFilePaths (dirname was wrongly added, and afterwards getDirs used dirname of dirname)  
						
						... 
						
						
						
						also, fixed some issues with Windows paths 
						
					 
					
						2010-02-03 16:40:12 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							7c88e32f9d 
							
						 
					 
					
						
						
							
							bug fix for 404 program termination during shell upload attempt  
						
						
						
					 
					
						2010-02-03 16:16:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							8b0d31a6b7 
							
						 
					 
					
						
						
							
							fix for cases where both posix and nt path versions of windows paths are in parsed web page  
						
						
						
					 
					
						2010-02-03 15:34:20 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							25f1a9c7d0 
							
						 
					 
					
						
						
							
							upgrade of web directory parsing for things like C:/xampp/htdocs/sqlmap/mysql/get_int.php (XAMPP uses this)  
						
						
						
					 
					
						2010-02-03 15:06:41 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							98205cc488 
							
						 
					 
					
						
						
							
							another fix for Bug  #148  
						
						
						
					 
					
						2010-01-23 23:29:34 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							39652bfbf4 
							
						 
					 
					
						
						
							
							update regarding Unicode char logging (Bug  #148 )  
						
						
						
					 
					
						2010-01-23 15:36:55 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							574880ba73 
							
						 
					 
					
						
						
							
							Warn user of HTTP error codes in HTTP responses  
						
						
						
					 
					
						2010-01-19 10:27:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c18a5cb92f 
							
						 
					 
					
						
						
							
							Fixed a minor bug when displaying requested page in -v >= 3  
						
						
						
					 
					
						2010-01-16 21:47:52 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							f5c422efb4 
							
						 
					 
					
						
						
							
							updated and renamed sanitizeCookie to urlEncodeCookieValues because of it's different nature than before  
						
						
						
					 
					
						2010-01-15 11:44:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							505647b00f 
							
						 
					 
					
						
						
							
							Minor bug fix to --cookie-urlencode  
						
						
						
					 
					
						2010-01-15 11:24:30 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							26c7b74e65 
							
						 
					 
					
						
						
							
							changes regarding Data (GET/POST/Cookie) encoding (Bug  #129 )  
						
						
						
					 
					
						2010-01-14 18:05:03 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d07f60578c 
							
						 
					 
					
						
						
							
							implementation of Feature  #17  
						
						
						
					 
					
						2010-01-07 12:59:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							80df1fdcf9 
							
						 
					 
					
						
						
							
							Minor bug fix with --sql-query/shell when providing a statement with DISTINCT  
						
						
						
					 
					
						2010-01-05 16:15:31 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							71547a3496 
							
						 
					 
					
						
						
							
							getDocRoot changes  
						
						
						
					 
					
						2010-01-05 11:30:33 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							d71e47ce56 
							
						 
					 
					
						
						
							
							fix regarding dirnames in Feature  #110  
						
						
						
					 
					
						2010-01-04 12:39:07 +00:00 
						 
				 
			
				
					
						
							
							
								Miroslav Stampar 
							
						 
					 
					
						
						
						
						
							
						
						
							96a033b51d 
							
						 
					 
					
						
						
							
							found and fixed few bugs regarding my "fix" of Bug  #110  
						
						
						
					 
					
						2010-01-03 15:56:29 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d5b1863dec 
							
						 
					 
					
						
						
							
							Updated documentation and svn properties  
						
						
						
					 
					
						2010-01-02 02:07:28 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ce022a3b6e 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc3: Merge from Miroslav Stampar's branch fixing a bug when verbosity > 2, another major bug with urlencoding/urldecoding of POST data and Cookies, adding --drop-set-cookie option, implementing support to automatically decode gzip and deflate HTTP responses, support for Google dork page result (--gpage) and a minor code cleanup.  
						
						
						
					 
					
						2010-01-02 02:02:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9c620da0a5 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2009-12-31 12:34:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c1c14dabd9 
							
						 
					 
					
						
						
							
							Minor bug fix  
						
						
						
					 
					
						2009-12-21 11:21:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e4e081cdc6 
							
						 
					 
					
						
						
							
							sqlmap 0.8-rc2: minor enhancement based on msfencode 3.3.3-dev -t exe-small so that also PostgreSQL supports again the out-of-band via Metasploit payload stager optionally to shellcode execution in-memory via sys_bineval() UDF. Speed up OOB connect back. Cleanup target file system after --os-pwn too. Minor bug fix to correctly forge file system paths with os.path.join() all around. Minor code refactoring and user's manual update.  
						
						
						
					 
					
						2009-12-17 22:04:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							89c43893d4 
							
						 
					 
					
						
						
							
							Merged back from personal branch to trunk (svn merge -r846:940 ...)  
						
						... 
						
						
						
						Changes:
* Major enhancement to the Microsoft SQL Server stored procedure
heap-based buffer overflow exploit (--os-bof) to automatically bypass
DEP memory protection.
* Added support for MySQL and PostgreSQL to execute Metasploit shellcode
via UDF 'sys_bineval' (in-memory, anti-forensics technique) as an
option instead of uploading the standalone payload stager executable.
* Added options for MySQL, PostgreSQL and Microsoft SQL Server to
read/add/delete Windows registry keys.
* Added options for MySQL and PostgreSQL to inject custom user-defined
functions.
* Added support for --first and --last so the user now has even more
granularity in what to enumerate in the query output.
* Minor enhancement to save the session by default in
'output/hostname/session' file if -s option is not specified.
* Minor improvement to automatically remove sqlmap created temporary
files from the DBMS underlying file system.
* Minor bugs fixed.
* Major code refactoring. 
						
					 
					
						2009-09-25 23:03:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							93ee4a01e5 
							
						 
					 
					
						
						
							
							HTTPS requests over HTTP proxy now work on either Python 2.4, 2.5 and 2.6+  
						
						
						
					 
					
						2009-05-20 14:27:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e7282f7c7 
							
						 
					 
					
						
						
							
							Major bug fix to properly pass HTTPS request to HTTP proxy when its provided. It works with both Python 2.4 and Python 2.5 now. It still crashes at httplib level with Python 2.6.  
						
						
						
					 
					
						2009-05-20 13:51:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c5d20b8a86 
							
						 
					 
					
						
						
							
							Initial support for ASP web backdoor functionality  
						
						
						
					 
					
						2009-05-06 12:14:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							58f3eee390 
							
						 
					 
					
						
						
							
							Updated Microsoft SQL Server XML signatures file and minor bug fix in connection library  
						
						
						
					 
					
						2009-04-28 11:11:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1d7de719b9 
							
						 
					 
					
						
						
							
							Almost done with web backdoor functionality  
						
						
						
					 
					
						2009-04-28 11:05:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							16b4530bbe 
							
						 
					 
					
						
						
							
							Minor bug fixes to --os-shell (altought web backdoor functionality still to be reviewed).  
						
						... 
						
						
						
						Minor common library code refactoring.
Code cleanup.
Set back the default User-Agent to sqlmap for comparison algorithm reasons.
Updated THANKS. 
						
					 
					
						2009-04-27 23:05:11 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8c0ac767f4 
							
						 
					 
					
						
						
							
							Updated to sqlmap 0.7 release candidate 1  
						
						
						
					 
					
						2009-04-22 11:48:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							2efee058ea 
							
						 
					 
					
						
						
							
							Major enhancement in comparison algorithm  
						
						
						
					 
					
						2009-02-12 00:17:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ba00a17205 
							
						 
					 
					
						
						
							
							Minor layout adjustment  
						
						
						
					 
					
						2009-02-09 10:58:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							207e96e2b2 
							
						 
					 
					
						
						
							
							Major bug fix in the comparison algorithm to correctly handle also the  
						
						... 
						
						
						
						case that the url is stable and the False response changes the page
content very little. 
						
					 
					
						2009-02-09 10:28:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							770e000cb4 
							
						 
					 
					
						
						
							
							Fixed another bug on Microsoft SQL Server custom "limited" query reported by Konrads Smelkovs  
						
						
						
					 
					
						2009-02-02 23:44:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a8d57bb031 
							
						 
					 
					
						
						
							
							Avoid DeprecationWarning with Python 2.6+  
						
						
						
					 
					
						2009-01-22 23:53:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							793c323b2a 
							
						 
					 
					
						
						
							
							Major bug fixes  
						
						
						
					 
					
						2009-01-22 22:28:27 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							5560f0b68a 
							
						 
					 
					
						
						
							
							Updated the copyright  
						
						
						
					 
					
						2009-01-12 21:35:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9c42a883be 
							
						 
					 
					
						
						
							
							Major bug fix to make it work properly with MSSQL custom limited (SELECT  
						
						... 
						
						
						
						TOP ...) queries with both inferential blind and Full UNION query
injection 
						
					 
					
						2009-01-02 23:26:45 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c83593c044 
							
						 
					 
					
						
						
							
							Limited custom query now works also on Oracle in inferential blind SQL  
						
						... 
						
						
						
						injection technique 
						
					 
					
						2008-12-23 23:34:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							64bb57d786 
							
						 
					 
					
						
						
							
							Minor bug fix to make the Partial UNION query SQL injection technique  
						
						... 
						
						
						
						work properly also on Oracle and Microsoft SQL Server. 
						
					 
					
						2008-12-22 22:48:44 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1f7810e46a 
							
						 
					 
					
						
						
							
							Major bug fix to make partial UNION query sql injection work properly  
						
						... 
						
						
						
						also on Microsoft SQL Server 
						
					 
					
						2008-12-22 19:36:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							35708a0b97 
							
						 
					 
					
						
						
							
							Minor adjustment to UNION query SQL injection detection function.  
						
						... 
						
						
						
						Updated command line help message based upon recent developments.
Updated copyright note of lib/contrib/multipartpost.py. 
						
					 
					
						2008-12-21 16:35:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c18efe5084 
							
						 
					 
					
						
						
							
							Minor adjustments  
						
						
						
					 
					
						2008-12-20 13:21:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8d06975142 
							
						 
					 
					
						
						
							
							Major enhancement to make the comparison algorithm work properly also  
						
						... 
						
						
						
						on url not stables automatically by using the difflib SequenceMatcher
object: this changed a lot into the structure of the code, has to be
extensively beta-tested!
Please, do report bugs on sqlmap-users mailing list if you scout them.
Cheers,
Bernardo 
						
					 
					
						2008-12-20 01:54:08 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ad228e6947 
							
						 
					 
					
						
						
							
							Ahead with the improvements to the comparison algorithm.  
						
						... 
						
						
						
						Added support internally to forge CASE statements, used only by
--is-dba query at the moment.
Allow DDL, DML (INSERT, UPDATE, etc.) from user in SQL query and
SQL shell.
Minor code adjustments. 
						
					 
					
						2008-12-19 20:09:46 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							68354be45a 
							
						 
					 
					
						
						
							
							Ahead with enhancements on comparison algorithm: implemented content-length technique  
						
						
						
					 
					
						2008-12-18 22:49:35 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							afbd66f6d9 
							
						 
					 
					
						
						
							
							Added some comments  
						
						
						
					 
					
						2008-12-18 21:58:05 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							d0d6632c22 
							
						 
					 
					
						
						
							
							Initial support to automatically work around the dynamic page at each refresh  
						
						... 
						
						
						
						(Major refactor to the comparison algorithm (True/False response)) 
						
					 
					
						2008-12-18 20:48:23 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							c32ef9d751 
							
						 
					 
					
						
						
							
							Major bug fix to avoid tracebacks when multiple targets are specified and one  
						
						... 
						
						
						
						of them is not reachable.
Minor bug fix to make the --postfix work even if --prefix is not provided. 
						
					 
					
						2008-12-18 20:38:57 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							dda62ba463 
							
						 
					 
					
						
						
							
							Minor adjustments and bug fixes  
						
						
						
					 
					
						2008-12-17 20:11:18 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							05a8c8d3bf 
							
						 
					 
					
						
						
							
							Added support to test for stacked queries support and improved check for time based blind sql injection.  
						
						... 
						
						
						
						Minor bug fix in --save option 
						
					 
					
						2008-12-16 21:30:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							072eb7154c 
							
						 
					 
					
						
						
							
							Major enhancement to support Partial UNION query SQL injection technique too.  
						
						... 
						
						
						
						Minor code cleanup. 
						
					 
					
						2008-12-10 17:23:07 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9dbad512f1 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc4: minor enhancement to be able to specify extra HTTP headers  
						
						... 
						
						
						
						by providing option --headers. By default Accept, Accept-Language and
Accept-Charset headers are set.
Added support to get the injection payload prefix and postfix from user.
Minor bug fix to exclude image files when parsing (-l) proxies log files.
Minor code adjustments.
Updated documentation. 
						
					 
					
						2008-12-08 21:24:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							38c9627700 
							
						 
					 
					
						
						
							
							Minor enhancemet to support also --regexp, --excl-str and --excl-reg  
						
						... 
						
						
						
						options rather than only --string when comparing HTTP responses page
content 
						
					 
					
						2008-12-05 15:34:13 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							7f055924a7 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc4:  
						
						... 
						
						
						
						Minor enhancement to be able to specify the number of seconds before
timeout the connection, default is set to 10 seconds.
Minor improvement to retry the HTTP request up to three times in case
an exception is raised during the connection to the target url.
Minor bug fix to correctly catch connection exceptions and notify to
the user also if they occur within a thread.
Minor code restyling.
Updated documentation. 
						
					 
					
						2008-12-04 17:40:03 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e3ddbe751f 
							
						 
					 
					
						
						
							
							Minor code refactoring  
						
						
						
					 
					
						2008-12-02 23:49:38 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							b700485a1b 
							
						 
					 
					
						
						
							
							Minor adjustment, still to work on the cookie urlencoding/decoding  
						
						
						
					 
					
						2008-12-02 21:57:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							428612b431 
							
						 
					 
					
						
						
							
							Comment and layout adjustments  
						
						
						
					 
					
						2008-12-01 23:04:01 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9be844cf3e 
							
						 
					 
					
						
						
							
							Adapted the code to support a list of targets from a text file (Burp log file) or from a directory (WebScarab conversations folder) with command line option -l.  
						
						
						
					 
					
						2008-11-20 17:56:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							80425c9ccd 
							
						 
					 
					
						
						
							
							Minor adjustment to ETA feature  
						
						
						
					 
					
						2008-11-20 11:13:04 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							654aecedfe 
							
						 
					 
					
						
						
							
							Minor layout adjustments, minor fixes and updated changelog  
						
						
						
					 
					
						2008-11-17 00:00:54 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							84cbc60659 
							
						 
					 
					
						
						
							
							Major bug fix to correctly handle httplib.BadStatusLine exception.  
						
						... 
						
						
						
						Minor improvement to set by default in all HTTP requests the standard HTTP headers (Accept, Accept-Encoding, etc.)
Updated user's manual. 
						
					 
					
						2008-11-15 12:25:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							ecc4a98071 
							
						 
					 
					
						
						
							
							Properly moved and improved inject.goStacked() function and newly  
						
						... 
						
						
						
						implemented Time based blind SQL injection now is a single test file
within the lib/techniques/ folder.
Renamed lib/techniques/inference to lib/techniques/blind, it is more
approriate and adapted the rest of the libraries.
Updated ChangeLog file. 
						
					 
					
						2008-11-12 23:44:09 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9329f8c9c4 
							
						 
					 
					
						
						
							
							Minor enhancement to be able to enumerate table columns and dump table  
						
						... 
						
						
						
						entries also if the database name is not provided by using the current
database on MySQL and MSSQL, the 'public' scheme on PostgreSQL and the
'USERS' TABLESPACE_NAME on Oracle.
Minor bug fix so that when the user provide as SELECT statement to be
processed an asterisk, now it also work if in the FROM there is no
database name specified.
Minor layout adjustments. 
						
					 
					
						2008-11-12 22:53:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							81ed7c2086 
							
						 
					 
					
						
						
							
							Initial implementation of support for stacked queries.  
						
						... 
						
						
						
						Added method to test for Time based blind SQL injection query stacking
on the affected parameter a SLEEP() or similar DBMS specific function.
Adapted libraries, plugins and XML with the above changes.
Minor layout adjustments. 
						
					 
					
						2008-11-12 00:36:50 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							0c5d3df546 
							
						 
					 
					
						
						
							
							sqlmap 0.6.3-rc1:  
						
						... 
						
						
						
						* Minor enhancement to be able to specify the number of seconds to wait between each HTTP request.
* Minor bug fix to handle session.error and session.timeout in HTTP requests.
* Updated documentation. 
						
					 
					
						2008-11-09 16:57:47 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							206191d164 
							
						 
					 
					
						
						
							
							Major bug fix so that when the expected value of a query (count variable)  
						
						... 
						
						
						
						is an integer and for some reason the resumed value from session file is
a string or a binary file, the query is executed again and and its new
output saved to the session file 
						
					 
					
						2008-11-02 19:21:19 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							9895338630 
							
						 
					 
					
						
						
							
							Major bug fix following the last commit  
						
						
						
					 
					
						2008-10-27 23:56:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							eb6e6f4d03 
							
						 
					 
					
						
						
							
							Major bug fix when the request is POST to also send the GET parameters in the request if they've been provided  
						
						
						
					 
					
						2008-10-27 15:42:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							016118ce7a 
							
						 
					 
					
						
						
							
							Some more fixes and adjustments before 0.6.1 release.  
						
						
						
					 
					
						2008-10-17 15:26:43 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							1f3ffc8ef7 
							
						 
					 
					
						
						
							
							Minor layout adjustment  
						
						
						
					 
					
						2008-10-17 13:23:24 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							66136b48c0 
							
						 
					 
					
						
						
							
							Minor fixes.. should work also for Cookie now the % parsing  
						
						
						
					 
					
						2008-10-17 11:51:12 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							e5aa557bd4 
							
						 
					 
					
						
						
							
							Minor fix  
						
						
						
					 
					
						2008-10-16 15:39:25 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							a5b2366033 
							
						 
					 
					
						
						
							
							Implemented a better way to deal with % characters in parameters' value. Minor code restyle.  
						
						
						
					 
					
						2008-10-16 15:31:02 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							892a7b2f8a 
							
						 
					 
					
						
						
							
							propsets..  
						
						
						
					 
					
						2008-10-15 15:56:32 +00:00 
						 
				 
			
				
					
						
							
							
								Bernardo Damele 
							
						 
					 
					
						
						
						
						
							
						
						
							8e3eb45510 
							
						 
					 
					
						
						
							
							After the storm, a restore..  
						
						
						
					 
					
						2008-10-15 15:38:22 +00:00