sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-03-03 11:45:46 +03:00
Code Issues Packages Projects Releases Wiki Activity
1,320 Commits 4 Branches 122 Tags 100 MiB
8cec75656c
Commit Graph

882 Commits

Author SHA1 Message Date
Bernardo Damele
8cec75656c Bug fix to properly save the match ratio only if numeric (to avoid also tracebacks when match is based on --string or --regexp) 2010-11-12 10:31:42 +00:00
Bernardo Damele
a14e4d9668 Referer does not have to be static, it's already a switch (--referer) so that user can specify it manually. 2010-11-12 10:16:39 +00:00
Bernardo Damele
66c82d72e4 Typo fix 2010-11-12 10:02:02 +00:00
Miroslav Stampar
42272ca78c minor update 2010-11-11 22:26:36 +00:00
Miroslav Stampar
8aefd0bbf7 improvement of --common-tables and --common-columns 2010-11-11 20:37:25 +00:00
Miroslav Stampar
2d872f850a quick fix 2010-11-11 19:54:54 +00:00
Miroslav Stampar
24238ccd0b re-renaming of brute force switches. this way is better. 2010-11-11 07:57:44 +00:00
Miroslav Stampar
96d88877ba bug fix (reported by ToR) 2010-11-10 19:44:51 +00:00
Miroslav Stampar
19c1bfa368 just a precaution (now i really need to go for a sleep) 2010-11-09 23:38:29 +00:00
Miroslav Stampar
88c00e61d3 another update 2010-11-09 23:35:37 +00:00
Miroslav Stampar
47720a43dd minor fix (while we've calculated conf.matchRation for stable pages, we've put a constant value (0.900) for dynamic ones - so putting (ratio - conf.matchRatio) > DIFF_TOLERANCE for dynamic pages too would just effectively increase it's value to 0.900 + DIFF_TOLERANCE (in our case to 0.950) which is too narrow space for True result) 2010-11-09 23:21:21 +00:00
Miroslav Stampar
5ebd5d935c another name change 2010-11-09 22:49:31 +00:00
Miroslav Stampar
06f00cf8c1 name change 2010-11-09 22:48:22 +00:00
Miroslav Stampar
6807fb04cc minor update 2010-11-09 22:44:23 +00:00
Miroslav Stampar
fef60d5cb7 some fixes :) 2010-11-09 22:32:05 +00:00
Bernardo Damele
1cc99e2247 Possible quick fix for missing of True/False comparison of stable-but-not-really pages 2010-11-09 21:39:58 +00:00
Bernardo Damele
2205099a5e Python stylish 2010-11-09 21:39:05 +00:00
Miroslav Stampar
cee888b613 tuning detection engine (None results from queryPage/comparison should not be treated as False in checkSqlInjection routine - None is returned when error is detected) 2010-11-09 19:14:55 +00:00
Miroslav Stampar
726825ca70 minor update 2010-11-09 16:59:36 +00:00
Miroslav Stampar
b43334165d update regarding brute forcing 2010-11-09 16:53:33 +00:00
Miroslav Stampar
a7fa8d4975 update regarding brute force retrieval of table names and table column names 2010-11-09 16:15:55 +00:00
Miroslav Stampar
7752b5efe9 minor update 2010-11-09 09:51:54 +00:00
Miroslav Stampar
4be0631161 refactoring of brute force techniques 2010-11-09 09:42:43 +00:00
Miroslav Stampar
221f976fbd minor update 2010-11-09 01:23:54 +00:00
Bernardo Damele
45ec8c169a Consistency between --*-test switches/output 2010-11-08 16:46:25 +00:00
Miroslav Stampar
fda8752dca revert of some HTTP headers handling 2010-11-08 13:26:45 +00:00
Bernardo Damele
78d7b17483 More replacements for refactoring. 
Minor layout adjustments.
Alignment of conffile/optiondict/cmdline parameters.
 2010-11-08 12:36:48 +00:00
Miroslav Stampar
eb999de0f1 added Range handler (dealing with 206 HTTP messages) 2010-11-08 12:26:13 +00:00
Miroslav Stampar
875781bf97 another minor fix 2010-11-08 11:55:56 +00:00
Miroslav Stampar
4a4a3051e5 fix 2010-11-08 11:39:07 +00:00
Miroslav Stampar
a3de10e3a2 new option -t 2010-11-08 11:22:47 +00:00
Miroslav Stampar
4e6d1b5118 added "Detection" part in help listing 2010-11-08 10:11:43 +00:00
Miroslav Stampar
0d0e2a2228 minor update 2010-11-08 09:49:57 +00:00
Miroslav Stampar
d551423379 further enum refactoring 2010-11-08 09:44:32 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Miroslav Stampar
8e44aa605a refactoring regarding injection place (more left) 2010-11-08 08:02:36 +00:00
Miroslav Stampar
0482e02c37 minor optimization 2010-11-07 23:37:15 +00:00
Miroslav Stampar
4f346eab33 fix for resume from session 2010-11-07 23:25:53 +00:00
Bernardo Damele
ea1b0d31be Avoid displaying single retrieved character when --verbose > 2 2010-11-07 22:42:56 +00:00
Bernardo Damele
b6da946883 Added one new verbose level, -v 3 now shows the full injected payload. 
Fixed also -d verbose output.
 2010-11-07 22:34:29 +00:00
Bernardo Damele
a96467b3e2 Refactoring 2010-11-07 21:55:24 +00:00
Miroslav Stampar
7a6c086a27 setting direct query info output to same level as payload info (logger.DEBUG) 2010-11-07 21:42:36 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
620fa1c8fb trust me, i know what i am doing :) 2010-11-07 20:33:33 +00:00
Bernardo Damele
73e85bfc75 Minor bug fix: the --tamper scripts have to be provided from the highest to the lowest priority, if not, sqlmap will reverse-sort them automatically as per user's choice. Tested, works now 2010-11-07 16:24:44 +00:00
Bernardo Damele
4d81da6bc8 Cosmetics 2010-11-07 16:23:03 +00:00
Bernardo Damele
6716315a76 Minor bug fix to properly set the ratio just before the check for injection, not before the check for dynamicity 2010-11-07 15:45:26 +00:00
Bernardo Damele
9669dbdae1 Minor cosmetics and adjustments 2010-11-07 15:34:52 +00:00
Miroslav Stampar
afba26a53f tiny winy update 2010-11-07 09:00:45 +00:00
Miroslav Stampar
2b8c942b4a more update 2010-11-07 08:58:24 +00:00