sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 18:13:46 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	569e060aab	important improvement	2010-12-26 13:20:52 +00:00
Miroslav Stampar	b472b96f92	bug fix, refactoring and improved extractErrorMessage capabilities	2010-12-25 10:16:20 +00:00
Miroslav Stampar	2c23a59ba5	fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside)	2010-12-24 12:13:48 +00:00
Miroslav Stampar	a09716a701	minor update	2010-12-24 10:07:56 +00:00
Miroslav Stampar	cb17e61f35	bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959)	2010-12-24 02:54:26 +00:00
Miroslav Stampar	017ea9e686	update	2010-12-23 14:06:22 +00:00
Miroslav Stampar	8fc60215ed	lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called.	2010-12-22 19:12:46 +00:00
Bernardo Damele	250608660d	Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not)	2010-12-22 13:41:36 +00:00
Miroslav Stampar	385e208f38	code refactoring regarding standard output suppression and some threading issues	2010-12-21 14:21:24 +00:00
Miroslav Stampar	6b37ddada4	removed some blank trailing spaces (with extra/shutils/blanks.sh)	2010-12-21 10:31:56 +00:00
Miroslav Stampar	d554460aec	minor fix	2010-12-21 01:09:39 +00:00
Miroslav Stampar	416755c0b7	minor adjustments	2010-12-21 00:25:03 +00:00
Miroslav Stampar	29001a4fce	minor update	2010-12-20 23:21:01 +00:00
Miroslav Stampar	8fd3e7ba1f	thread based data added	2010-12-20 22:45:01 +00:00
Miroslav Stampar	c948bced61	should solve the problem with timeout problems in time-based payloads	2010-12-20 16:45:41 +00:00
Miroslav Stampar	eaf8929085	more minor updates	2010-12-20 10:48:53 +00:00
Miroslav Stampar	108a96c6b4	some fixes	2010-12-17 21:45:20 +00:00
Miroslav Stampar	f7344a5fc3	update	2010-12-11 21:28:11 +00:00
Miroslav Stampar	435f48b8cc	polite cosmetics	2010-12-10 15:28:56 +00:00
Bernardo Damele	9230877d98	cosmetics	2010-12-09 13:57:38 +00:00
Miroslav Stampar	196131bbca	minor cosmetics	2010-12-09 10:42:00 +00:00
Miroslav Stampar	3fd1c37d53	update	2010-12-09 07:49:18 +00:00
Miroslav Stampar	40fadf2f35	minor update	2010-12-08 14:33:10 +00:00
Miroslav Stampar	01cf1394a4	code refactoring	2010-12-08 14:26:40 +00:00
Miroslav Stampar	47bb31fb47	code refactoring	2010-12-08 11:30:25 +00:00
Miroslav Stampar	1ae2fa7f1a	update regarding time based payloads	2010-12-08 11:26:54 +00:00
Miroslav Stampar	a4a63f5b1e	minor update	2010-12-07 23:49:00 +00:00
Miroslav Stampar	293ce18fed	two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one)	2010-12-07 23:32:33 +00:00
Miroslav Stampar	dc651d59ec	little mathematics here and there (used "Rules for normally distributed data")	2010-12-07 19:19:12 +00:00
Miroslav Stampar	294119d2ec	more advanced time technique(s)	2010-12-07 16:04:53 +00:00
Miroslav Stampar	0dc630203f	code refactoring	2010-12-07 13:34:06 +00:00
Miroslav Stampar	9e5f933ace	some updates	2010-12-04 15:47:02 +00:00
Bernardo Damele	5d37df6104	Ugly code to set the cookies when got them from a 302 redirect too	2010-12-03 17:41:10 +00:00
Miroslav Stampar	e735f2960a	minor update	2010-11-29 15:25:45 +00:00
Bernardo Damele	7e3b24afe6	Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!	2010-11-28 18:10:54 +00:00
Bernardo Damele	253eafb643	paranoid cosmetics	2010-11-24 12:03:01 +00:00
Miroslav Stampar	3d25071d06	another minor improvement regarding logging of http traffic	2010-11-17 12:16:48 +00:00
Miroslav Stampar	3e569a1693	minor update	2010-11-17 12:04:33 +00:00
Miroslav Stampar	3487429eac	minor cosmetics	2010-11-16 14:41:46 +00:00
Miroslav Stampar	3640dbf745	fix for --parse-errors (on IIS HTTP error is raised which need to be processed)	2010-11-16 14:33:30 +00:00
Miroslav Stampar	6232397129	minor update	2010-11-16 10:52:49 +00:00
Miroslav Stampar	6ef3846400	update regarding error parsing (and reporting)	2010-11-16 10:42:42 +00:00
Bernardo Damele	71cb982039	Another bug fix to --union-test	2010-11-15 21:42:56 +00:00
Miroslav Stampar	06a872fc99	update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))	2010-11-12 22:57:33 +00:00
Miroslav Stampar	697b32554c	fix for a bug "ordinal not in range(128)" reported by bugtrace	2010-11-12 11:48:25 +00:00
Bernardo Damele	a14e4d9668	Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.	2010-11-12 10:16:39 +00:00
Miroslav Stampar	fda8752dca	revert of some HTTP headers handling	2010-11-08 13:26:45 +00:00
Bernardo Damele	78d7b17483	More replacements for refactoring. Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters.	2010-11-08 12:36:48 +00:00
Miroslav Stampar	875781bf97	another minor fix	2010-11-08 11:55:56 +00:00
Miroslav Stampar	4a4a3051e5	fix	2010-11-08 11:39:07 +00:00
Miroslav Stampar	a3de10e3a2	new option -t	2010-11-08 11:22:47 +00:00
Miroslav Stampar	0d0e2a2228	minor update	2010-11-08 09:49:57 +00:00
Miroslav Stampar	d551423379	further enum refactoring	2010-11-08 09:44:32 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Miroslav Stampar	8e44aa605a	refactoring regarding injection place (more left)	2010-11-08 08:02:36 +00:00
Bernardo Damele	b6da946883	Added one new verbose level, -v 3 now shows the full injected payload. Fixed also -d verbose output.	2010-11-07 22:34:29 +00:00
Bernardo Damele	a96467b3e2	Refactoring	2010-11-07 21:55:24 +00:00
Miroslav Stampar	d3e7e89e60	major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces	2010-11-07 21:18:09 +00:00
Miroslav Stampar	508b9cc763	dynamicity engine update	2010-11-07 00:12:00 +00:00
Miroslav Stampar	ef1809464d	bug fix for that BadStatusLine (http://bugs.python.org/issue8450 )	2010-11-05 11:58:20 +00:00
Miroslav Stampar	6295a59a30	minor update/fix	2010-11-05 11:39:35 +00:00
Miroslav Stampar	5f7f4bf15b	minor debug update (probably temporary)	2010-11-05 11:04:00 +00:00
Bernardo Damele	b152b1a04d	Cosmetics	2010-11-03 22:07:13 +00:00
Miroslav Stampar	71d0b1bcd7	several bug fixes	2010-11-03 21:51:36 +00:00
Bernardo Damele	3eda4510e2	Properly encode the cookie	2010-10-31 11:26:33 +00:00
Bernardo Damele	3a48bee9b0	Minor code refactoring	2010-10-31 11:03:59 +00:00
Bernardo Damele	8cf0ebde1e	Cosmetics	2010-10-29 23:00:48 +00:00
Miroslav Stampar	cbf38436f2	minor update	2010-10-29 16:15:23 +00:00
Miroslav Stampar	5a38ac7ea9	important update regarding (Bug #209 ) - probably more will be needed	2010-10-29 16:11:50 +00:00
Miroslav Stampar	895efd28a6	one more update regarding Bug #205	2010-10-28 23:22:13 +00:00
Miroslav Stampar	788eb8fb50	update regarding Bug #205	2010-10-28 22:59:51 +00:00
Miroslav Stampar	228ac0cde5	refactoring regarding --check-payload	2010-10-25 18:38:54 +00:00
Miroslav Stampar	378653a1ec	added IDS payload testing	2010-10-25 15:37:43 +00:00
Miroslav Stampar	2668c95ef4	added default HTTP version used by httplib and urllib2	2010-10-21 09:10:07 +00:00
Miroslav Stampar	8b8fff41fe	cosmetics (adding html parsed DBMS) regarding heuristic check	2010-10-18 12:11:16 +00:00
Bernardo Damele	36bc410333	Minor bug fix	2010-10-18 09:50:23 +00:00
Miroslav Stampar	149837ebf5	added the same for proxy authorization header	2010-10-18 09:02:56 +00:00
Miroslav Stampar	aaebb4336e	fix for Bug #202	2010-10-18 08:54:08 +00:00
Miroslav Stampar	dcb9c2103a	just in case update	2010-10-15 11:20:19 +00:00
Bernardo Damele	5f6d88a418	Minor comment	2010-10-15 11:17:17 +00:00
Miroslav Stampar	4f7f20b94f	sorry, cosmetics	2010-10-14 23:18:29 +00:00
Miroslav Stampar	8b48833136	large commit with copyright header modifications	2010-10-14 14:41:14 +00:00
Miroslav Stampar	162d01abed	commit of all sorts (bug fix for heuristics and URI injections, fine tunning of tampering modules with SQL keywords,...)	2010-10-14 11:06:28 +00:00
Miroslav Stampar	dc50543ea4	major bug fix for --keep-alive option in multithreading mode (that 'shitty' _headers = {} made a one shared object for all connection objects)	2010-10-13 23:01:23 +00:00
Miroslav Stampar	36ef8ca575	bug fix	2010-10-13 22:42:48 +00:00
Miroslav Stampar	02a14d4c45	added Referer (part of Feature #37 )	2010-10-13 22:08:09 +00:00
Miroslav Stampar	34580f56fc	added --tamper option	2010-10-12 22:45:25 +00:00
Miroslav Stampar	43892cddbb	some updates	2010-10-11 12:26:35 +00:00
Miroslav Stampar	8fcad29bbf	new feature --forms (still unfinished)	2010-10-10 18:56:43 +00:00
Miroslav Stampar	adf2231edb	minor update	2010-10-06 13:38:03 +00:00
Miroslav Stampar	cf17debf79	changed connection message priority to critical (when verbose=0 it's displayed too)	2010-09-27 13:34:52 +00:00
Miroslav Stampar	13bb3a6212	minor update	2010-09-23 14:07:23 +00:00
Miroslav Stampar	da8ae5578b	first commit regarding Feature #144	2010-09-22 11:56:35 +00:00
Miroslav Stampar	975b96ae28	minor refactoring	2010-09-16 09:47:33 +00:00
Miroslav Stampar	1741801ade	implementation of HEAD/Range methods	2010-09-16 09:32:09 +00:00
Miroslav Stampar	b745331974	added null connection check	2010-09-16 08:43:10 +00:00
Miroslav Stampar	ecd6b573f7	added method parameter to the queryPage function	2010-09-15 14:17:17 +00:00
Miroslav Stampar	34a8cd75e3	added support for setting HTTP method manualy	2010-09-15 12:45:41 +00:00
Miroslav Stampar	436b7d82fb	fixed a bug reported by Marek Sarvas	2010-08-22 08:52:15 +00:00
Bernardo Damele	fea2414759	Display HTTP request in -v>=3 even if connection failed	2010-06-10 14:42:17 +00:00

1 2 3 4 5

222 Commits