280 Commits

Author	SHA1	Message	Date
Miroslav Stampar	e735f2960a	minor update	2010-11-29 15:25:45 +00:00
Bernardo Damele	472f4465a6	Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase. ... Minor bug fix to properly handle the case that no injections are found. Nicer display of injection vulnerabilities detected. Minor code refactoring.	2010-11-28 21:27:47 +00:00
Bernardo Damele	7e3b24afe6	Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own. ... All (hopefully) functionalities should still be working. Added two switches, --level and --risk to specify which injection tests and boundaries to use. The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!	2010-11-28 18:10:54 +00:00
Bernardo Damele	253eafb643	paranoid cosmetics	2010-11-24 12:03:01 +00:00
Bernardo Damele	17486e472a	Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!	2010-11-17 22:00:09 +00:00
Miroslav Stampar	3d25071d06	another minor improvement regarding logging of http traffic	2010-11-17 12:16:48 +00:00
Miroslav Stampar	3e569a1693	minor update	2010-11-17 12:04:33 +00:00
Miroslav Stampar	5abbea4a9f	fix for a bug reported by nightman (unknown charset 'null')	2010-11-17 09:57:32 +00:00
Miroslav Stampar	3487429eac	minor cosmetics	2010-11-16 14:41:46 +00:00
Miroslav Stampar	3640dbf745	fix for --parse-errors (on IIS HTTP error is raised which need to be processed)	2010-11-16 14:33:30 +00:00
Miroslav Stampar	6232397129	minor update	2010-11-16 10:52:49 +00:00
Miroslav Stampar	6ef3846400	update regarding error parsing (and reporting)	2010-11-16 10:42:42 +00:00
Bernardo Damele	71cb982039	Another bug fix to --union-test	2010-11-15 21:42:56 +00:00
Miroslav Stampar	06a872fc99	update/fix for an issue reported by nightman (IncompleteRead: IncompleteRead(1284 bytes read))	2010-11-12 22:57:33 +00:00
Miroslav Stampar	27735b14df	update (--string and --regex should be done regardless of wasLastRequestError)	2010-11-12 22:44:15 +00:00
Miroslav Stampar	697b32554c	fix for a bug "ordinal not in range(128)" reported by bugtrace	2010-11-12 11:48:25 +00:00
Bernardo Damele	f83dd2251b	Properly save error-based enumerated data in session file, able to be resumed like with other techniques	2010-11-12 11:40:37 +00:00
Bernardo Damele	a14e4d9668	Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually.	2010-11-12 10:16:39 +00:00
Miroslav Stampar	19c1bfa368	just a precaution (now i really need to go for a sleep)	2010-11-09 23:38:29 +00:00
Miroslav Stampar	88c00e61d3	another update	2010-11-09 23:35:37 +00:00
Miroslav Stampar	47720a43dd	minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result)	2010-11-09 23:21:21 +00:00
Miroslav Stampar	5ebd5d935c	another name change	2010-11-09 22:49:31 +00:00
Miroslav Stampar	06f00cf8c1	name change	2010-11-09 22:48:22 +00:00
Miroslav Stampar	fef60d5cb7	some fixes :)	2010-11-09 22:32:05 +00:00
Bernardo Damele	1cc99e2247	Possible quick fix for missing of True/False comparison of stable-but-not-really pages	2010-11-09 21:39:58 +00:00
Bernardo Damele	45ec8c169a	Consistency between --*-test switches/output	2010-11-08 16:46:25 +00:00
Miroslav Stampar	fda8752dca	revert of some HTTP headers handling	2010-11-08 13:26:45 +00:00
Bernardo Damele	78d7b17483	More replacements for refactoring. ... Minor layout adjustments. Alignment of conffile/optiondict/cmdline parameters.	2010-11-08 12:36:48 +00:00
Miroslav Stampar	eb999de0f1	added Range handler (dealing with 206 HTTP messages)	2010-11-08 12:26:13 +00:00
Miroslav Stampar	875781bf97	another minor fix	2010-11-08 11:55:56 +00:00
Miroslav Stampar	4a4a3051e5	fix	2010-11-08 11:39:07 +00:00
Miroslav Stampar	a3de10e3a2	new option -t	2010-11-08 11:22:47 +00:00
Miroslav Stampar	0d0e2a2228	minor update	2010-11-08 09:49:57 +00:00
Miroslav Stampar	d551423379	further enum refactoring	2010-11-08 09:44:32 +00:00
Miroslav Stampar	862395ced1	further refactoring (all enumerations are now put into enums.py)	2010-11-08 09:20:02 +00:00
Miroslav Stampar	8e44aa605a	refactoring regarding injection place (more left)	2010-11-08 08:02:36 +00:00
Bernardo Damele	b6da946883	Added one new verbose level, -v 3 now shows the full injected payload. ... Fixed also -d verbose output.	2010-11-07 22:34:29 +00:00
Bernardo Damele	a96467b3e2	Refactoring	2010-11-07 21:55:24 +00:00
Miroslav Stampar	7a6c086a27	setting direct query info output to same level as payload info (logger.DEBUG)	2010-11-07 21:42:36 +00:00
Miroslav Stampar	d3e7e89e60	major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces	2010-11-07 21:18:09 +00:00
Miroslav Stampar	620fa1c8fb	trust me, i know what i am doing :)	2010-11-07 20:33:33 +00:00
Bernardo Damele	4d81da6bc8	Cosmetics	2010-11-07 16:23:03 +00:00
Miroslav Stampar	00dfd55830	added powerful switch --longest-common for dealing with heavy dynamicity	2010-11-07 08:52:09 +00:00
Miroslav Stampar	508b9cc763	dynamicity engine update	2010-11-07 00:12:00 +00:00
Miroslav Stampar	3619fc5127	minor update	2010-11-06 08:31:11 +00:00
Miroslav Stampar	0e895fa512	update of dynamicity testing and few misc fixes	2010-11-05 13:14:12 +00:00
Miroslav Stampar	ef1809464d	bug fix for that BadStatusLine (http://bugs.python.org/issue8450)	2010-11-05 11:58:20 +00:00
Miroslav Stampar	6295a59a30	minor update/fix	2010-11-05 11:39:35 +00:00
Miroslav Stampar	5f7f4bf15b	minor debug update (probably temporary)	2010-11-05 11:04:00 +00:00
Miroslav Stampar	29b7c5366c	cosmetics	2010-11-04 17:22:33 +00:00