sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-13 18:10:38 +03:00
Code Issues Packages Projects Releases Wiki Activity
2,249 Commits 4 Branches 122 Tags 99 MiB
83d7803ce7
Commit Graph

1573 Commits

Author SHA1 Message Date
Miroslav Stampar
196e2d35b2 maybe we could ask user "are you willing to import local data content into error report" and use this function respectably 2011-02-01 11:06:56 +00:00
Bernardo Damele
6761933f75 Just.. cosmetics ;) 2011-01-31 22:51:14 +00:00
Miroslav Stampar
35b6d7278a minor update 2011-01-31 22:50:54 +00:00
Miroslav Stampar
25c175a9a5 minor bug fix 2011-01-31 22:34:57 +00:00
Bernardo Damele
b04e1a0313 More detailed message for unhandled exception 2011-01-31 21:23:40 +00:00
Bernardo Damele
2fd9621499 Minor adjustments 
Cosmetics
 2011-01-31 21:22:39 +00:00
Bernardo Damele
ec9ebb3479 Set threads to 4 when optimization switch is provided, -o 2011-01-31 21:21:13 +00:00
Bernardo Damele
8397c526d8 Minor adjustment 2011-01-31 21:20:23 +00:00
Bernardo Damele
e3a3ae11cc Proper return from error-based technique enumeration 2011-01-31 21:13:29 +00:00
Miroslav Stampar
fa58a9c86b update (now URIs like www.site.com/id82 are automatically treated as possible URI injectable) 2011-01-31 20:36:01 +00:00
Miroslav Stampar
777a19cfa9 LOL. removing that debug 'True' 2011-01-31 16:22:55 +00:00
Miroslav Stampar
a80fe28631 one more thing ;) 2011-01-31 16:21:28 +00:00
Miroslav Stampar
933d701667 cosmetics 2011-01-31 16:14:44 +00:00
Miroslav Stampar
b1dc928e68 implemented validation for time-based inference 2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c fix for a bug (--predict-output) noticed by Bernardo 2011-01-31 15:00:41 +00:00
Miroslav Stampar
60a2364f2b now union technique parses headers too 2011-01-31 12:41:39 +00:00
Miroslav Stampar
8ef47307db added checking of header values for GREP (error); still UNION to do 2011-01-31 12:21:17 +00:00
Miroslav Stampar
a6f2cd56ff removed junky import 2011-01-31 11:59:58 +00:00
Miroslav Stampar
fb3513650d adding ID properties 2011-01-31 11:41:28 +00:00
Miroslav Stampar
f9eac97fe8 refactoring of MSSQL XML banner parsing 2011-01-31 11:38:00 +00:00
Miroslav Stampar
7175efcae1 another minor cosmetic update 2011-01-31 10:59:51 +00:00
Miroslav Stampar
97328c3104 minor fix 2011-01-31 10:54:13 +00:00
Miroslav Stampar
5e768be509 minor bug fix 2011-01-31 09:34:54 +00:00
Miroslav Stampar
f7feebe0df fix for a bug reported by malice.anon@gmail.com (TypeError: encode() takes no keyword arguments) 2011-01-31 09:28:16 +00:00
Bernardo Damele
2a0b03e5c6 Unused import 2011-01-30 17:07:27 +00:00
Miroslav Stampar
fc9c626f9e minor refactoring (removed URL_ENCODE_PAYLOAD) 2011-01-30 17:03:06 +00:00
Bernardo Damele
21e7223779 perhaps this is better english 2011-01-30 16:34:13 +00:00
Bernardo Damele
8278d821ac Another layout adjustment 2011-01-30 16:23:19 +00:00
Bernardo Damele
71d82e6f57 Minor layout adjustment 2011-01-30 16:19:58 +00:00
Bernardo Damele
02e5c4b1e6 Minor bug fix for --sql-query/-shell with error-based technique 2011-01-30 14:19:50 +00:00
Miroslav Stampar
bc8f1142c9 minor revert 2011-01-30 11:41:58 +00:00
Miroslav Stampar
ddf23ba7cc refactoring 2011-01-30 11:36:03 +00:00
Miroslav Stampar
3060c369a5 minor fix for previous commit 2011-01-30 07:44:47 +00:00
Miroslav Stampar
1abf354630 minor update 2011-01-30 07:41:09 +00:00
Miroslav Stampar
d63339ca26 minor bug fix 2011-01-30 07:34:07 +00:00
Miroslav Stampar
e8883de2c6 minor update regarding unicode decoding of supplied arguments 2011-01-29 23:01:39 +00:00
Miroslav Stampar
367d0639f0 refactoring (class names should always be Capital cased) 2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d added some more info to unhandled exception message(s) 2011-01-28 16:15:45 +00:00
Miroslav Stampar
a184a4c772 major of majors bug fix 2011-01-28 14:31:25 +00:00
Miroslav Stampar
0f4fb156d3 major bug fix 2011-01-28 14:09:28 +00:00
Miroslav Stampar
b98cbeee04 page for handling binary files 2011-01-27 22:00:34 +00:00
Miroslav Stampar
8e74c571bc centralization of urlencoding should be (only) in connect.py and we are from now on handling non-urlencoded data at other levels 2011-01-27 19:44:24 +00:00
Miroslav Stampar
49aeb41be8 quick bug fix for FALSE positives with UNION based technique 2011-01-27 18:49:44 +00:00
Miroslav Stampar
81722b6881 major bug fix reported by Ahmed Shawky (there was a possibility of double url encoding of parameter values) 2011-01-27 18:36:28 +00:00
Miroslav Stampar
03413bd5e0 minor refactoring before a huge bug fix reported by Ahmed Shawky (we are falsely urlencoding ORIGINAL part of the injection payload) 2011-01-27 16:55:58 +00:00
Miroslav Stampar
539168dcca sanitizeStr screws html error parsing in some cases as new lines are removed (FALSE positives here and there) 2011-01-27 13:40:42 +00:00
Miroslav Stampar
bb6e36fb02 minor updates 2011-01-27 12:38:39 +00:00
Miroslav Stampar
10b723f196 minor fix for a bug reported by yonnym@googlemail.com 2011-01-25 22:26:28 +00:00
Miroslav Stampar
430fd5cd63 minor fixes 2011-01-25 16:05:06 +00:00
Miroslav Stampar
d3ddaba7be minor refactoring 2011-01-25 13:04:13 +00:00
Miroslav Stampar
cab86871fe fix for a bug reported by mhackmail@gmail.com (local variable 'code' referenced before assignment) 2011-01-25 11:02:41 +00:00
Miroslav Stampar
5692506131 this was bad thing to have 2011-01-25 01:08:38 +00:00
Miroslav Stampar
6cc69f5e16 now --technique is appliable also after the injections have been identified 2011-01-24 16:47:24 +00:00
Miroslav Stampar
81011be0d7 minor update of parseTargetUrl method 2011-01-24 14:52:50 +00:00
Miroslav Stampar
4093599f38 added parseTargetUrl to redirect choice 2011-01-24 14:45:35 +00:00
Bernardo Damele
e1db2700f0 Minor bug fix to properly deal --prefix and --suffix and parameter replace payloads 2011-01-24 12:25:45 +00:00
Miroslav Stampar
8d0c2efbe2 unescaping of char marked payloads 2011-01-24 12:00:16 +00:00
Miroslav Stampar
4441e11f68 fix for case -r with no params and cookie available 2011-01-24 11:26:51 +00:00
Bernardo Damele
47fa600c04 Minor fix and cosmetics 2011-01-24 11:12:33 +00:00
Miroslav Stampar
a3e3387113 fix for proper Firebird resume of version 2011-01-24 11:04:32 +00:00
Miroslav Stampar
c1145c244e fix for user-agent injections 2011-01-23 23:23:30 +00:00
Miroslav Stampar
818c9787b2 minor update 2011-01-23 21:20:16 +00:00
Miroslav Stampar
b18397fbc7 major revisit of --os-shell methods 2011-01-23 20:47:06 +00:00
Miroslav Stampar
ff7707579f minor improvement 2011-01-23 11:35:24 +00:00
Miroslav Stampar
f5ff78d40c revert 2011-01-23 11:21:27 +00:00
Miroslav Stampar
97f66a87c5 minor improvement over last version - case insensitive and takes in count cases like " UNION ALL selects " from MySQL error message 2011-01-23 10:51:57 +00:00
Miroslav Stampar
3a5f0760f6 minor optimization (only way to prematurely stop SAX parser) 2011-01-23 10:12:01 +00:00
Miroslav Stampar
30cd877c4a fix for URI based injections 2011-01-22 16:23:33 +00:00
Miroslav Stampar
7c4c79477d world premiere of "forced-error blind stacked" payloads (spent 3 hours on pgsql) 2011-01-21 18:32:10 +00:00
Bernardo Damele
03a880c6f1 Got rid of progression log message as it overlaps with WARNINGS (like "Got 500") and with --parse-errors 2011-01-20 22:02:20 +00:00
Bernardo Damele
0f2634c4b0 Minor bug fix to properly cast to string also the COUNT() query in error-based technique (as it's concatenated to random strings for identification in page response) and int-string concatenation is not supported in all DBMS (like Oracle) 2011-01-20 22:01:21 +00:00
Bernardo Damele
97573693be Minor bug fix to properly handle in -d data retrieval statement not starting with SELECT 2011-01-20 21:59:47 +00:00
Bernardo Damele
f1b402b103 Proper handling of CASE in Oracle, finally 2011-01-20 21:58:50 +00:00
Bernardo Damele
4128b2c87f Enforce that when --prefix is provided, --suffix is too and viceversa. 2011-01-20 21:57:54 +00:00
Bernardo Damele
7d1c704575 Moved little precaution from checks.py to common.py. 
Initial refactoring of kb.os* get/set.
 2011-01-20 21:56:10 +00:00
Bernardo Damele
9770db597e Centralization of unescape() 2011-01-20 21:55:13 +00:00
Bernardo Damele
e734efcda7 Removed deprecated code 2011-01-20 21:50:58 +00:00
Miroslav Stampar
496a84c356 minor update 2011-01-20 18:32:04 +00:00
Miroslav Stampar
dd7262d9e6 we haven't closed session file for previous target which lead to potentially nasty problems in multi target mode 2011-01-20 17:53:49 +00:00
Miroslav Stampar
ad12242151 LoL (removing those checks because we use same "logic" for parsing Burp log files and request files) 2011-01-20 16:27:59 +00:00
Miroslav Stampar
e8c037de1a minor update 2011-01-20 16:17:38 +00:00
Miroslav Stampar
4e5f0da1ae minor update 2011-01-20 16:07:08 +00:00
Miroslav Stampar
2fa066f892 added support for WebScarab logs 2011-01-20 15:55:50 +00:00
Miroslav Stampar
345e2288e1 important fix regarding encoding stuff 2011-01-20 13:54:18 +00:00
Miroslav Stampar
f6f4b5e9dd bug fix for charset used in inference for pages retrieved with --null-connection 2011-01-20 11:01:01 +00:00
Miroslav Stampar
a4a0f10950 minor minor minor 2011-01-20 09:25:34 +00:00
Bernardo Damele
701947490b Two major bug fixes related to UNION technique query forging 2011-01-19 23:46:39 +00:00
Miroslav Stampar
7a060e756d dummy fix for SQLite schema retrieval (lots of spaces inside) 2011-01-19 23:16:22 +00:00
Bernardo Damele
bade0e3124 Major code refactoring - centralized all kb.dbms* info for both retrieval and set. 2011-01-19 23:06:15 +00:00
Miroslav Stampar
4bdc19d879 minor cosmetics 2011-01-19 22:48:06 +00:00
Miroslav Stampar
c106dc829a more proper way to deal with this because without it warn message is just fast scrolled while leaving users confused (why it doesn't run) 2011-01-19 22:08:56 +00:00
Miroslav Stampar
7ad41f9b19 bug fix (UnboundLocalError: local variable 'colType' referenced before assignment) 2011-01-19 21:46:43 +00:00
Miroslav Stampar
aea43a1e43 minor refactoring 2011-01-19 15:26:57 +00:00
Miroslav Stampar
eadaf680de fuck yea 2011-01-19 15:25:48 +00:00
Miroslav Stampar
89e0fd0709 back to roots 2011-01-19 14:06:26 +00:00
Bernardo Damele
33485198e1 Code cleanup 2011-01-18 23:05:32 +00:00
Bernardo Damele
eda0b41859 Added a precaution when, in some rare circumstances, fingerprinted DBMS differ during detection phase. 
Adapted UNION tests' titles when --union-char is provided.
Lots of comment adjustments.
Code cleanup
 2011-01-18 23:03:50 +00:00
Bernardo Damele
cffa17f5a6 Major bug fix - before it raised a traceback, now works. 2011-01-18 23:02:47 +00:00
Bernardo Damele
daebb0010b Major bug fix to properly process custom queries (--sql-query/--sql-shell) when technique in use is error-based. 
Alignment of SQL statement payload packing/unpacking between all of the techniques.
Minor bug fix to use the proper charset (2, numbers) when dealing with COUNT() in custom queries too.
Minor code cleanup.
 2011-01-18 23:02:11 +00:00
Miroslav Stampar
38d0958781 minor fix (for numeric columns with all 0) 2011-01-18 11:42:36 +00:00
Bernardo Damele
3822b494ea Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns. 2011-01-17 23:43:37 +00:00
Bernardo Damele
c2a358561f Proper support for --union-cols 2011-01-17 22:57:33 +00:00
Bernardo Damele
35fb50a6ee Major bug fix 2011-01-17 22:56:04 +00:00
Bernardo Damele
47565f9459 Minor code refactoring 2011-01-17 21:13:59 +00:00
Miroslav Stampar
041abb56e2 you can't believe how much man can learn when having good testing points 2011-01-17 13:59:22 +00:00
Miroslav Stampar
d225c5c9aa was wrong about this one (just now tested on a real site) 2011-01-17 11:00:09 +00:00
Miroslav Stampar
ac0b5e6dbc proper way to handle this (console output has totally different encoding than the page one) 2011-01-17 10:27:36 +00:00
Miroslav Stampar
34d13be0d3 minor update regarding default page encoding 2011-01-17 10:23:37 +00:00
Miroslav Stampar
5c857779c1 important fix for unicode based character inference 2011-01-17 10:15:19 +00:00
Miroslav Stampar
99a3a3b89c minor fix (break if all found) 2011-01-17 09:41:25 +00:00
Miroslav Stampar
0fcca671bd information update regarding common password suffixes 2011-01-17 09:28:25 +00:00
Miroslav Stampar
a835f233ac fix for a bug reported by buawig@gmail.com (AttributeError: 'module' object has no attribute 'set_completer') 2011-01-17 00:17:31 +00:00
Miroslav Stampar
2041361695 minor cosmetics 2011-01-16 23:20:52 +00:00
Miroslav Stampar
e2c821eb81 minor cosmetics 2011-01-16 22:35:54 +00:00
Miroslav Stampar
e881465a9f minor improvement 2011-01-16 20:55:07 +00:00
Miroslav Stampar
f5e36876e7 removing --text-only from that "dynamicity" warning selection (other two are more preferable) and minor cosmetics/consistency 2011-01-16 19:29:06 +00:00
Miroslav Stampar
a6516798c0 proper fix for that previous "stacked" fix (that one screwed other injection types) 2011-01-16 19:25:10 +00:00
Miroslav Stampar
5476a8a27e russian sites are great for testing :) 2011-01-16 19:00:19 +00:00
Miroslav Stampar
19dcaeaabf fix for "Payload: id=1 ; SELECT PG_SLEEP(5);--" (blank space was added in case when prefixes weren't stated) 2011-01-16 18:25:18 +00:00
Miroslav Stampar
718eef8753 minor fix 2011-01-16 18:11:35 +00:00
Miroslav Stampar
30d6791968 update regarding time based data retrieval 2011-01-16 17:52:42 +00:00
Miroslav Stampar
ec1ab3cd2a removing timeSec from injection configuration attributes as it highly depends on current connection "variables" 2011-01-16 12:12:01 +00:00
Miroslav Stampar
2001bad7e1 automatic adjustment of timeSec for delayed queries 2011-01-16 12:04:32 +00:00
Miroslav Stampar
71391874eb slightly faster and thread safer inference 2011-01-16 10:52:42 +00:00
Bernardo Damele
0fc4ebdc1b Major bug fix. 
Minor code refactoring.
 2011-01-16 01:17:09 +00:00
Bernardo Damele
c0d5daee99 More refactoring and cleanup 2011-01-16 00:15:30 +00:00
Miroslav Stampar
29ea0950b6 now False is also affected (along with None and "") 2011-01-15 23:43:26 +00:00
Bernardo Damele
6e4b65a822 Minor refactoring 2011-01-15 23:28:31 +00:00
Bernardo Damele
558f3894f4 Minor improvement 2011-01-15 23:20:52 +00:00
Bernardo Damele
d3a28124b1 More code cleanup 2011-01-15 23:11:36 +00:00
Bernardo Damele
4a35f598b8 Minor refactoring 2011-01-15 22:09:53 +00:00
Miroslav Stampar
0f565c941e bug fix and proper warning message 2011-01-15 16:59:53 +00:00
Miroslav Stampar
e105e1ea32 bug fix (some sites raise 404 during union tests) 2011-01-15 16:42:33 +00:00
Miroslav Stampar
3873d204bb important update for dictionary attack 2011-01-15 15:56:11 +00:00
Miroslav Stampar
e17ac5fdca update 2011-01-15 15:14:22 +00:00
Miroslav Stampar
5bdb50c224 code review part 3 2011-01-15 13:15:10 +00:00
Miroslav Stampar
1fa8f0cba7 code reviewing part 2 2011-01-15 12:53:40 +00:00
Miroslav Stampar
6a0e0cde3c code review of modules in lib/core directory 2011-01-15 12:13:45 +00:00
Miroslav Stampar
05b2a338fe cosmetics 2011-01-14 16:12:44 +00:00
Miroslav Stampar
bff989d348 minor update 2011-01-14 15:43:53 +00:00
Miroslav Stampar
daf5662eab update 2011-01-14 15:33:49 +00:00
Bernardo Damele
1cfd6a6b9d Code cleanup 2011-01-14 15:16:34 +00:00
Miroslav Stampar
08f7e20c51 minor code refactoring 2011-01-14 14:55:59 +00:00
Miroslav Stampar
fb9d7cdfaa refactoring, code clearing and removal of obsolete switch --longest-common 2011-01-14 14:37:03 +00:00
Bernardo Damele
534f51f9fc Minor bug fix 2011-01-14 14:20:28 +00:00
Bernardo Damele
e4e9b11b79 Minor code refactoring and adjustments - kb.dbms is needed in fingerprint.py, not getIdentifiedDBMS because when checkDbms() method is called, it's within the fingerprint phase and at that stage, getIdentifiedDBMS() would always return kb.misc.fpDbms. 2011-01-14 12:47:07 +00:00
Bernardo Damele
3c95d71ea5 Minor bug fix - restored of so called kb.misc.testedDbms (now kb.misc.fpDbms) to force the DBMS (only) during the fingerprint phase 2011-01-14 11:55:20 +00:00
Bernardo Damele
7d9fd5a7b7 Minor bug fix 2011-01-14 09:49:14 +00:00
Miroslav Stampar
b2c7ae77d4 minor update 2011-01-14 09:45:47 +00:00
Miroslav Stampar
676b95b30a minor code refactoring 2011-01-14 09:44:56 +00:00