sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-10-31 16:07:55 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	c3f20a136f	Minor update for an Issue #287	2012-12-12 14:03:03 +01:00
Miroslav Stampar	760519dbe9	Removing redundant piece of code	2012-12-11 15:21:27 +01:00
Miroslav Stampar	a54c261496	Minor update for Issues #292 & #293 (only single alert per target)	2012-12-11 14:44:43 +01:00
Miroslav Stampar	5c2451d83c	Implementation for an Issue #293	2012-12-11 12:48:58 +01:00
Miroslav Stampar	562044577b	Implementation for an Issue #292	2012-12-11 12:02:06 +01:00
Miroslav Stampar	5677db02b7	Minor update	2012-12-10 12:40:28 +01:00
Miroslav Stampar	42f4c2bac9	Minor fix when --dbms is enforced	2012-12-10 11:42:10 +01:00
Miroslav Stampar	974407396e	Doing some more style updating (capitalization of exception classes; using _ is enough for private members - __ is used in Python specific methods)	2012-12-06 14:14:19 +01:00
Miroslav Stampar	ab67344448	Removed unused imports and variables (pyflake-ing)	2012-12-06 11:15:05 +01:00
Miroslav Stampar	775e0df04b	Update for an Issue #278	2012-12-05 10:45:17 +01:00
Miroslav Stampar	949fcb77cf	Minor style update	2012-12-05 10:22:16 +01:00
Miroslav Stampar	a52dbc575b	Patch for an Issue #246	2012-11-13 10:21:11 +01:00
Miroslav Stampar	2de52927f3	Code refactoring (epecially Google search code)	2012-10-30 18:38:10 +01:00
Miroslav Stampar	ca427af8b3	Minor refactoring/improvement	2012-10-28 01:42:08 +02:00
Miroslav Stampar	bcdba7b7bb	Dealing with rare cases when getIdentifiedDbms is needed prior to DBMS isfingerprinted and there are multiples of dbmses inside details	2012-10-28 01:11:50 +02:00
Miroslav Stampar	c1b8226329	Massive renaming (proper naming is inband = union & error techniques! - query naming stays as they are/in code things like forgeInbandQuery are renamed to forgeUnionQuery)	2012-10-28 00:36:09 +02:00
Miroslav Stampar	235cc656b9	Fix for an Issue #224	2012-10-25 15:25:31 +02:00
Miroslav Stampar	bcf708f4b1	Minor update	2012-10-25 13:37:33 +02:00
Miroslav Stampar	fdcdd11cb9	Minor update for an Issue #222	2012-10-25 13:35:44 +02:00
Miroslav Stampar	8a5844a364	Implementation for an Issue #222	2012-10-25 13:21:32 +02:00
Miroslav Stampar	d65d9e25cd	Implementation for an Issue #2	2012-10-19 11:02:14 +02:00
Miroslav Stampar	9ad58cb531	Implementation for an Issue #204	2012-10-16 10:24:05 +02:00
Miroslav Stampar	cc3f387551	Patch for an Issue #127	2012-10-05 10:49:31 +02:00
Miroslav Stampar	f71b937add	Minor language cleanup	2012-10-04 18:28:36 +02:00
Miroslav Stampar	2fbd05c98f	Minor language update	2012-10-04 18:04:55 +02:00
Miroslav Stampar	dee6d2f9ff	Minor language update	2012-10-04 11:34:14 +02:00
Miroslav Stampar	6eae7013b6	Minor cosmetics	2012-09-26 15:03:12 +02:00
Miroslav Stampar	687f3991de	Cleaning/refactoring of bunch of stacked/suffix/comment stuff (e.g.	2012-09-26 11:27:43 +02:00
Miroslav Stampar	9ca7b3e20e	Implementation for an Issue #194	2012-09-25 09:25:35 +02:00
Miroslav Stampar	c3d191e626	Minor update for an Issue #2	2012-09-06 14:13:54 +02:00
Miroslav Stampar	c1c65a7167	Fix for an Issue #166	2012-08-29 20:21:45 +02:00
Miroslav Stampar	e9ae44c6fc	Implementation for an #162	2012-08-22 16:50:01 +02:00
Miroslav Stampar	0ad3846451	Minor language update	2012-08-22 16:10:56 +02:00
Miroslav Stampar	a62a874d59	Update for an Issue #161 (changing default readInput value regarding the conf.multipleTargets)	2012-08-22 16:06:09 +02:00
Miroslav Stampar	4ab4fd1cb4	Minor update	2012-08-22 15:53:40 +02:00
Miroslav Stampar	52351e5d81	Update for an Issue #161 (now detecting format error messages too)	2012-08-22 15:51:47 +02:00
Miroslav Stampar	7b93108e7d	Favoring non-string specific boundaries in case of digit-like parameter values	2012-08-22 13:58:52 +02:00
Miroslav Stampar	25ee333e66	Minor language update	2012-08-22 12:00:17 +02:00
Miroslav Stampar	8a5042b6a4	Update for an #161 (preventing further skipping of non-heuristic parameters in ignore casted case)	2012-08-22 11:56:30 +02:00
Miroslav Stampar	7d0662da23	Update for an #161	2012-08-22 11:42:06 +02:00
Miroslav Stampar	61151447fe	Implementation of an Issue #161	2012-08-22 11:27:58 +02:00
Miroslav Stampar	6210ddfbd6	Minor refactoring	2012-08-22 11:00:39 +02:00
Miroslav Stampar	a927d94d39	Update for an Issue #155	2012-08-22 10:57:31 +02:00
Miroslav Stampar	6f450ac8bf	Implementation for an Issue #155	2012-08-20 12:14:01 +02:00
Miroslav Stampar	823dde73ab	Minor cleanup	2012-08-20 11:40:49 +02:00
Miroslav Stampar	2b6123c4f8	Minor style update	2012-08-20 11:29:23 +02:00
Miroslav Stampar	e0d9fa8666	Minor style update	2012-08-20 11:28:41 +02:00
Miroslav Stampar	76338add17	Fix for an Issue #152	2012-08-20 10:41:43 +02:00
Miroslav Stampar	f358ab2e73	Implementation of an Issue #147	2012-08-15 16:37:18 +02:00
Miroslav Stampar	6f529542e3	Making those --string tips (containing escaped characters) decodable by sqlmap	2012-07-31 11:32:53 +02:00
Miroslav Stampar	142fc887f1	Fix for an Issue #129	2012-07-31 11:03:44 +02:00
Miroslav Stampar	b3552494c4	Minor preparation for an Issue #48	2012-07-26 12:26:57 +02:00
Miroslav Stampar	30f8d09651	Implementation for an Issue #70	2012-07-26 12:06:02 +02:00
Miroslav Stampar	2b60e61d54	Minor update for #119	2012-07-25 10:57:19 +02:00
Miroslav Stampar	922ea9d1f4	Update for Issue #118	2012-07-24 15:43:29 +02:00
Miroslav Stampar	3279ce53a8	Minor style update	2012-07-23 13:57:38 +02:00
Bernardo Damele	318a01b867	minor typo fixes	2012-07-17 00:25:02 +01:00
Miroslav Stampar	87ecf205cb	More work for Issue #66	2012-07-14 17:01:04 +02:00
Miroslav Stampar	805120ac52	Minor refactoring	2012-07-14 11:01:30 +02:00
Bernardo Damele	162da75a04	modified homepage address	2012-07-12 18:38:03 +01:00
Bernardo Damele	53c0336b48	added --hostname switch to retrieve DBMS server hostname - closes issue #69	2012-07-12 00:01:57 +01:00
Bernardo Damele	c4af7b9aa0	initial work for issue #33	2012-07-10 00:27:08 +01:00
Miroslav Stampar	e948e4d45b	Some more refactoring	2012-07-06 17:18:22 +02:00
Miroslav Stampar	7ad6697446	Fix for Issue #57	2012-07-04 20:21:44 +02:00
jekil	c39e5a85ba	Removed $id$ tags	2012-06-27 20:56:43 +02:00
Miroslav Stampar	302d782a0f	minor style update	2012-06-19 08:33:51 +00:00
Miroslav Stampar	3da8f86e97	minor fix	2012-06-15 21:01:27 +00:00
Miroslav Stampar	76584ff0fa	unhidding --test-filter	2012-06-14 14:36:53 +00:00
Miroslav Stampar	d2bbfa4aad	minor style update	2012-05-28 14:04:17 +00:00
Miroslav Stampar	dc20bff1d0	minor update	2012-05-25 08:30:24 +00:00
Miroslav Stampar	7657bbeaf9	minor update	2012-05-24 22:32:06 +00:00
Miroslav Stampar	86fdad2bfa	minor update	2012-05-24 22:07:50 +00:00
Miroslav Stampar	1e18168cc8	fix for one silent bug and small language update	2012-05-23 16:35:40 +00:00
Miroslav Stampar	2538e2d5b4	fixing an issue with --file-read and ROW() MySQL payload (it's internal caching mechanism prevents error message if FROM part is not unique enough dumping only partial file content); minor refactoring	2012-05-22 09:33:22 +00:00
Miroslav Stampar	7fb1f3fc70	minor renaming	2012-05-09 18:26:02 +00:00
Miroslav Stampar	11d9859199	making nice code	2012-05-09 18:25:04 +00:00
Miroslav Stampar	b0a8238774	minor fixes	2012-05-09 14:58:16 +00:00
Miroslav Stampar	6177317a17	minor update	2012-05-09 10:06:23 +00:00
Miroslav Stampar	deec97dfe3	adding Frontbase to error message regexes	2012-05-08 17:02:58 +00:00
Miroslav Stampar	80ee687b41	minor beauty patch	2012-05-07 13:51:31 +00:00
Miroslav Stampar	6f67dc85ee	adding --invalid-bignum (Havij like bignum style for invalidating/negating values); renaming --logical-negate to --invalid-logical	2012-04-25 20:29:07 +00:00
Miroslav Stampar	3532d23933	automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established)	2012-04-23 13:41:36 +00:00
Miroslav Stampar	6ebb621228	adding support for (custom) POST injection (marking injection point with '*' in conf.data)	2012-04-17 14:23:00 +00:00
Miroslav Stampar	54576ab3a6	making a random choice from candidates	2012-04-13 10:54:30 +00:00
Miroslav Stampar	bbbcc95fe5	use it only if page is stable	2012-04-13 10:19:26 +00:00
Miroslav Stampar	052d9455fe	warning user in cases of "User xyz already has more than 'max_user_connections' active connections"	2012-04-12 09:44:54 +00:00
Miroslav Stampar	b45ae10da4	minor fixes	2012-04-11 21:36:37 +00:00
Miroslav Stampar	e33ea7c33a	minor fix	2012-04-10 22:29:39 +00:00
Miroslav Stampar	a82206cec4	minor cosmetics	2012-04-10 21:57:00 +00:00
Miroslav Stampar	119eec3598	improving "boolean detection" by automatic recognition of convenient --string candidate	2012-04-10 21:48:34 +00:00
Miroslav Stampar	56638f9e95	making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection	2012-03-30 10:50:01 +00:00
Miroslav Stampar	637a8d8273	improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism	2012-03-29 14:33:27 +00:00
Miroslav Stampar	ce4c697bbd	disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code	2012-03-29 13:39:12 +00:00
Miroslav Stampar	c9cac957bb	adding one more case for false positive check (Generic tests without any DBMS knowledge)	2012-03-29 09:56:09 +00:00
Miroslav Stampar	3abcd6910a	strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test	2012-03-22 00:06:50 +00:00
Miroslav Stampar	0fc4288a7c	modifying redirection code for only two choices	2012-03-18 17:27:08 +00:00
Miroslav Stampar	577caac4de	putting kb.negativeLogic setting to the safe place	2012-03-16 09:17:11 +00:00
Miroslav Stampar	7d313ac911	few more fixes for proper redirecting mechanism	2012-03-15 19:47:59 +00:00
Bernardo Damele	4520744b4d	second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now	2012-03-15 16:25:26 +00:00
Miroslav Stampar	a7fbc55748	grammar fix	2012-03-13 22:03:23 +00:00
Miroslav Stampar	c878dd3e5a	doing a dummy test for --os-shell in case of xp_cmdshell	2012-03-09 14:21:41 +00:00
Miroslav Stampar	a0b46963cb	minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup)	2012-03-09 10:28:19 +00:00
Miroslav Stampar	0ead1fd87e	minor update	2012-03-05 09:42:52 +00:00
Miroslav Stampar	1ec56f93ec	minor update	2012-03-01 10:10:19 +00:00
Miroslav Stampar	f142c0f782	minor update	2012-02-28 14:04:13 +00:00
Miroslav Stampar	22b3fa0749	minor update	2012-02-27 15:28:36 +00:00
Miroslav Stampar	a9bf0297f6	moving injection data to HashDB	2012-02-27 13:44:07 +00:00
Miroslav Stampar	f94b91ad87	added helper function for HashDB data storing/retrieval	2012-02-24 13:07:20 +00:00
Miroslav Stampar	6e54cb171f	minor code restyling	2012-02-22 15:53:36 +00:00
Miroslav Stampar	b3bd4144f5	removing of unused imports together with some general code refactoring	2012-02-22 10:40:11 +00:00
Miroslav Stampar	386e98a0e3	using UNION SELECT for where=..NEGATIVE	2012-02-22 09:41:58 +00:00
Miroslav Stampar	844fc8addb	minor cleanup	2012-02-16 10:19:36 +00:00
Miroslav Stampar	23cc8b6974	minor fix for special cases when parameter value contains html encoded characters	2012-02-14 14:08:10 +00:00
Miroslav Stampar	2604e73d88	minor change in workflow	2012-02-13 11:18:47 +00:00
Miroslav Stampar	96f589fc89	minor fix	2012-02-12 19:22:33 +00:00
Miroslav Stampar	249cb48b0b	minor fix	2012-02-10 15:59:11 +00:00
Miroslav Stampar	6be95194a7	matter of concision	2012-02-10 15:37:43 +00:00
Miroslav Stampar	eab7a54e03	cosmetics	2012-02-10 15:34:04 +00:00
Miroslav Stampar	92590d0d59	minor fix	2012-02-10 15:26:55 +00:00
Miroslav Stampar	e36e9de57e	minor update by request	2012-02-10 15:12:23 +00:00
Miroslav Stampar	11af0b1bbc	minor fix	2012-02-07 11:16:03 +00:00
Miroslav Stampar	8405ef59ac	some estetic updates	2012-02-01 14:49:42 +00:00
Miroslav Stampar	23117e72ca	minor improvement	2012-01-13 20:56:06 +00:00
Miroslav Stampar	95f89ab63a	updating copyright date	2012-01-11 14:59:46 +00:00
Miroslav Stampar	1d0b43b1a2	implemented mechanism for merging cookies by request	2012-01-11 14:28:08 +00:00
Miroslav Stampar	1f085a0241	now [SLEEPTIME] is changeable properly in vivo	2012-01-05 14:45:05 +00:00
Miroslav Stampar	94d43a4135	minor bug fix	2011-12-30 14:20:06 +00:00
Miroslav Stampar	22c3fe49bb	some refactoring	2011-12-28 13:50:03 +00:00
Miroslav Stampar	f622995a29	compatibility with partial union and error technique resumed data	2011-12-22 12:20:21 +00:00
Miroslav Stampar	6f8d8a15aa	minor update	2011-12-22 11:55:02 +00:00
Miroslav Stampar	95cd9e2af3	adding support for scanning Host header values (-p host)	2011-12-20 12:52:41 +00:00
Miroslav Stampar	c57941c102	minor beautification	2011-12-15 23:33:44 +00:00
Miroslav Stampar	27d244b326	minor update	2011-12-15 23:29:11 +00:00
Miroslav Stampar	563c0c1066	adding switch --tor-type	2011-12-15 23:19:55 +00:00
Miroslav Stampar	0f5d48ff20	minor update	2011-12-05 09:25:56 +00:00
Miroslav Stampar	872a73f631	minor refactoring	2011-11-29 19:17:07 +00:00
Miroslav Stampar	2842c13d75	minor update	2011-11-29 16:59:06 +00:00
Miroslav Stampar	2ed3efba12	speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase)	2011-11-22 08:39:13 +00:00
Miroslav Stampar	eee03871d7	minor refactoring	2011-11-21 21:31:08 +00:00
Miroslav Stampar	49fddaf668	minor update (for cases with 404 original page - e.g. time based injections in some cases)	2011-11-20 23:11:18 +00:00
Miroslav Stampar	8c32b3653b	minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means)	2011-11-20 20:27:30 +00:00
Miroslav Stampar	7314de3490	language update	2011-11-15 11:17:39 +00:00
Miroslav Stampar	20ae1c2187	added switch --logic-negative	2011-10-24 00:40:06 +00:00
Miroslav Stampar	eb240243ea	minor update	2011-10-21 22:21:41 +00:00
Miroslav Stampar	05b9951a8b	minor beautification	2011-10-21 09:19:31 +00:00
Miroslav Stampar	4989e8e6d3	minor update	2011-10-10 17:29:54 +00:00
Miroslav Stampar	a31a0aa8d4	minor update	2011-10-06 22:29:49 +00:00
Miroslav Stampar	b888a84764	minor update	2011-09-27 14:31:58 +00:00
Miroslav Stampar	88f1110c44	adding a new (for now) hidden switch --test-filter for filtering tests by their name	2011-09-27 14:09:25 +00:00
Miroslav Stampar	7e80274fac	refactoring	2011-09-25 21:10:45 +00:00
Miroslav Stampar	d95ff4350d	bug fix	2011-09-20 13:08:35 +00:00
Miroslav Stampar	08e0eb9b61	minor lower/upper case fix	2011-08-29 13:47:32 +00:00
Miroslav Stampar	9be89422da	implemented parameter --skip	2011-08-29 13:29:42 +00:00
Miroslav Stampar	ac00014c4a	implemented --randomize switch by request	2011-08-29 12:50:52 +00:00
Miroslav Stampar	f46baac70b	bug fix (when comment is None this was errornous)	2011-08-17 10:58:29 +00:00
Bernardo Damele	702ed73a65	Added --code switch to match in boolean-based tests against the HTTP response code	2011-08-12 16:48:11 +00:00
Bernardo Damele	fff4c34e33	Search for --string and --regexp matches also in HTTP response headers	2011-08-12 15:33:37 +00:00
Miroslav Stampar	2ad267132a	minor update for empty normal responses (like AJAX requests)	2011-08-05 10:55:21 +00:00
Miroslav Stampar	f7562da754	from now on proper union column count should be displayed in injection info output	2011-08-03 10:34:50 +00:00
Miroslav Stampar	07afcd5440	fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no)	2011-08-02 18:20:21 +00:00
Miroslav Stampar	07c3d4fb18	minor adjustment	2011-08-02 17:35:43 +00:00
Bernardo Damele	6cbb927012	Partial fix for -o not resumed at following runs if missing from command line	2011-07-25 11:05:49 +00:00
Miroslav Stampar	0d6afca7db	adding new switch '--smart' by request	2011-07-10 15:16:58 +00:00
Miroslav Stampar	c517e97a44	few fixes and minor cosmetics	2011-07-08 06:02:31 +00:00
Bernardo Damele	aedcf8c8d7	Changed homepage address	2011-07-07 20:10:03 +00:00
Bernardo Damele	0d28c1e9e7	cosmetics	2011-07-06 20:41:13 +00:00
Miroslav Stampar	93b296e02c	few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation")	2011-07-06 05:44:47 +00:00
Miroslav Stampar	b8ffcf9495	few fixes here and there and multi-core processing for dictionary based hash attack	2011-07-04 19:58:41 +00:00
Miroslav Stampar	8a8b94883b	minor update (that default quit in --batch was bothering me - my original idea and it was bad :)	2011-06-27 14:14:49 +00:00
Bernardo Damele	36c96ef796	Added DB2 support - patch provided by Sebastian Bittig	2011-06-25 09:44:24 +00:00
Miroslav Stampar	c4cb367e65	looks nicer (though --tor is implicitly converted into --proxy)	2011-06-24 19:00:53 +00:00
Miroslav Stampar	2de88bd90b	minor update	2011-06-24 17:19:24 +00:00
Miroslav Stampar	eaa2a4202f	changing to: --crawl=CRAWLDEPTH	2011-06-24 05:40:03 +00:00
Miroslav Stampar	29314f425e	minor fix	2011-06-20 13:42:31 +00:00
Miroslav Stampar	07e2c72943	adding Beautifulsoup (BSD) into extras; adding --crawl to options	2011-06-20 11:32:30 +00:00
Bernardo Damele	f8c32cf6b9	Moved folder	2011-06-18 12:34:41 +00:00
Miroslav Stampar	a0129dcbcb	this is confusing for normal users (i've just get a mail where dude thinks that he needs to use tamper script because of this :)	2011-06-17 16:52:39 +00:00
Miroslav Stampar	6b1d5a0ab8	minor fix	2011-06-16 14:11:30 +00:00
Miroslav Stampar	25b923bbc3	minor fixes and minor updates	2011-06-16 12:12:30 +00:00
Miroslav Stampar	4d51fa8155	minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails)	2011-06-15 17:37:28 +00:00
Miroslav Stampar	9331abb96f	minor update	2011-06-11 08:33:36 +00:00
Miroslav Stampar	71093b1cad	adding one more user friendly message	2011-06-09 09:58:42 +00:00
Bernardo Damele	d217cf71b2	Minor bug fix	2011-06-08 23:32:44 +00:00
Bernardo Damele	70cac24909	Cosmetics	2011-06-08 15:31:27 +00:00
Miroslav Stampar	d8155dfae9	change by request	2011-06-08 14:44:11 +00:00
Bernardo Damele	0d3e8a76d8	Cosmetics and a missing param	2011-06-08 14:40:42 +00:00
Miroslav Stampar	4a9640160e	more concise	2011-06-08 14:35:23 +00:00
Bernardo Damele	cce3208b35	Cleanup	2011-06-08 14:15:34 +00:00
Miroslav Stampar	1c633b7351	i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified	2011-06-07 22:14:18 +00:00
Miroslav Stampar	97d8c60c3f	better language	2011-06-03 15:58:19 +00:00
Miroslav Stampar	0a620bf322	more info to the user	2011-06-03 15:43:50 +00:00
Miroslav Stampar	8aa5625cd0	proper fix related to the last commit	2011-06-01 23:00:18 +00:00
Miroslav Stampar	fd57aae779	bug fix (until this moment we had UNION unfunctional for MSSQL)	2011-06-01 22:47:54 +00:00
Miroslav Stampar	b7088440c2	better sentence	2011-05-30 22:47:17 +00:00
Miroslav Stampar	a8b58afdb2	minor update	2011-05-27 08:21:02 +00:00
Miroslav Stampar	48f52d7697	minor beautification	2011-05-27 08:16:14 +00:00
Miroslav Stampar	45caadbd4a	important update - finally found what was causing headache for UNION payloads in noticeable number of cases	2011-05-26 21:54:19 +00:00
Miroslav Stampar	97bd5355dd	minor update	2011-05-26 21:18:55 +00:00
Miroslav Stampar	5d56e89cf5	minor update	2011-05-26 21:08:46 +00:00
Miroslav Stampar	06108b6da6	minor update related to the last commit	2011-05-26 20:58:24 +00:00

... 2 3 4 5 6 ...

760 Commits