| 
							
							
								 Miroslav Stampar | 690281dce1 | didn't know this to be honest | 2011-01-11 10:17:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0676b38063 | revert of one thing for Bernardo and minor update | 2011-01-10 10:30:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 77b51dae57 | adding openFile method with an exception block around file opening part | 2011-01-08 09:30:10 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e3899f7467 | fix of a fix | 2011-01-07 18:07:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8e83a26acf | minor fix | 2011-01-07 17:53:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ed2aed972f | minor fix | 2011-01-07 17:38:28 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 27628dca42 | cosmetics | 2011-01-07 17:25:22 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 97ae7e330f | cosmetics | 2011-01-07 17:10:58 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | e373dac1f2 | Cosmetics | 2011-01-07 16:50:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c17714c423 | suppress session in case of brute methods | 2011-01-07 16:47:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b313a20a3f | some fixes | 2011-01-07 16:39:47 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 16a06117f7 | Mere cosmetics | 2011-01-07 16:36:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1a079c62cb | minor update (generic tests now have bigger priority in test queue than parsed DBMS related ones) | 2011-01-07 16:08:01 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 1c86ec374e | Code refactoring and cosmetics | 2011-01-07 15:41:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a8d660db54 | fixes for bugs reported by pragmatk@gmail.com | 2011-01-06 16:59:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c968b438f2 | Ctrl+C added to union dump | 2011-01-06 09:48:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0616edcc44 | adding progress to --union-test | 2011-01-06 09:26:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8b9a624546 | added progress into union based entry retrieval | 2011-01-06 09:10:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cc9ca802bf | minor update | 2011-01-06 08:54:50 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1297df66da | fix for a bug reported by abc abc <biedimc@gmx.net> (HierarchyRequestErr: two document elements disallowed) | 2011-01-06 08:04:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 694a65f6f1 | minor fix/update | 2011-01-05 13:32:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7411052456 | minor update regarding last commit | 2011-01-05 12:09:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 042e3f76ba | bug fix for a bug reported by nightman (RuntimeError: maximum recursion depth exceeded) | 2011-01-05 11:36:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7ae5192070 | adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data) | 2011-01-05 10:25:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c83e9f6ca5 | foundation for filtering binary string values (for example, replacement of non readable chars with #) | 2011-01-04 21:56:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | aa81ed4033 | implementation of a feature suggested by pan@knownsec.com (usage of charset type from http-equiv attribute in case when charset is not defined in headers) | 2011-01-04 15:49:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | eb11f5b2e0 | minor update | 2011-01-04 13:07:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c1dc73d0a1 | minor, just in case update related to the previous commit | 2011-01-04 12:56:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 709a7d156b | fix for a bug reported by shaohua pan (UnicodeDecodeError: 'ascii' codec can't decode...) | 2011-01-04 12:51:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d288c6d6e3 | minor update | 2011-01-04 08:40:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fdc463d08b | fix for a bug reported by deep_freeze@mail.ru (IndexError: list index out of range) | 2011-01-03 23:36:35 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0eabca9fd4 | update for a previous update (putting conf.dataEncoding in getUnicode wherever we know that data won't be 'touched' or 'used' in anyway related to the current web page - if not sure, just leave it as it is) | 2011-01-03 22:31:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 08ccbf2c1e | important fix for a bug reported by x <deep_freeze@mail.ru> (along with normal fixes, getUnicode now uses kb.pageEncoding) | 2011-01-03 22:02:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 572f403069 | update of one thing that was missing | 2011-01-03 21:28:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ce48ea75d0 | noticed that google search page sometimes contain double html escaped links - double htmlunescape solves the problem, while dealing no harm to single html escaped links | 2011-01-03 14:39:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6aa616bd0d | minor minor fix | 2011-01-03 14:28:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 92e4cdb241 | raising critical when google detects strange traffic and also removing obsolete sqlmapSiteTooDynamic | 2011-01-03 14:21:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 07129371bf | bug fix for time based injections with keepalive (keepalive module has timeout argument which screwed tbMsg); also, bug fix for cases when remote hosts forcefully disconnects the user on some tests (instead of retrying and critically going out, continue with further tests) | 2011-01-03 13:04:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3629c2737b | automatically turn on --text-only in case of heavily-dynamicity instead of critical exit | 2011-01-03 11:06:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | adc41181e6 | some DBMSes (MS Access for example) don't play well with a simple query suffix OR 1>2 which should represent NOP one | 2011-01-03 10:37:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5860b8942f | minor update | 2011-01-03 09:16:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d19a8d53e4 | minor update | 2011-01-03 08:46:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8625494ff2 | added one new quick check for multiple target(s) mode | 2011-01-03 08:32:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5f9b6b2254 | code refactoring | 2011-01-02 16:51:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f762f32de8 | bug fix for proper --parse-errors on .aspx pages | 2011-01-02 13:00:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | dce9a762f1 | important update regarding restoring of potentially changed switch values in multi-target mode and/or missing switch values in resume mode | 2011-01-02 10:37:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 96341f8f78 | minor fix | 2011-01-02 09:16:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5c6c870db4 | removed some problematic user agents (google won't work with them) and added page rank next to tested item in multi target mode | 2011-01-02 08:43:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6651ba05eb | another fix (OS was set to None at all previous sessions if there was no explicit OS testing done) | 2011-01-02 08:08:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | da138c46c1 | added support for displaying HTTP error codes (particularly interesting ones are 403 and 406 which screw up data retrieval and DBMS fingerprinting badly) | 2011-01-02 07:37:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ec4440108b | minor cosmetics | 2011-01-02 07:09:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 428e817a32 | some refactoring | 2011-01-01 23:57:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 212035e64d | user can now choose if he wants to skip non-heuristic based DBMS tests | 2011-01-01 23:38:11 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8a93cfd975 | minor update | 2011-01-01 22:43:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 52e44df86c | minor update | 2011-01-01 21:11:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 942cbafba6 | minor update | 2011-01-01 20:19:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e4fd8b3f0c | (e) finally works as it should | 2011-01-01 19:22:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0e815177c8 | minor update | 2011-01-01 19:07:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ef27fd5ea1 | there is a huge problem with urllib2 connections that sockets are left opened causing problems with lots of disposable connections used (like in --threads) (http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html, http://mail.python.org/pipermail/python-bugs-list/2007-January/036873.html) | 2011-01-01 15:20:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 15e6911fd8 | fix for a bug reported by ragos@joker.ms (AttributeError: 'NoneType' object has no attribute 'write') | 2011-01-01 12:23:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 91f665aaaa | bug fix for Ctrl+C | 2010-12-31 15:00:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5db8ebbfa9 | update of mysql comment versions | 2010-12-31 12:42:12 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 281d124fa6 | minor bug fix | 2010-12-31 12:04:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 613242e298 | bug fix (dynamic markings were not restored in program rerun which potentially led to no data retrieved) | 2010-12-29 19:48:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8f32c740ff | code refactoring | 2010-12-29 19:39:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6700cabc36 | minor optimization | 2010-12-29 19:01:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d1f5c1d7b7 | now when we "decode page" based on a charset, sanitizeAsciiString only brings unneeded filtering | 2010-12-29 15:10:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 79e97824ef | adding user names to the attack dictionary | 2010-12-29 00:37:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 93838fb155 | "patch" for a problem reported by black zero (v = self._sslobj.write(data)...UnicodeError) | 2010-12-28 14:40:34 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c0423761e8 | minor update | 2010-12-27 18:27:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c8f8dbf0a7 | minor update | 2010-12-27 15:39:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9fb0e0fc85 | resume of brute forced data is now available | 2010-12-27 14:17:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c7a160bf72 | minor update (users want this to see) | 2010-12-27 12:00:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 51a492e17d | pretty important commit (now dumped tables are prone to dictionary attack) | 2010-12-27 10:56:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 269d6bde24 | this one is pretty complicated (authentication handler tries to call keep alive module, while keep alive module tries to call authentication handler, leading to an infinite recursion) | 2010-12-27 00:14:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 89c2640d23 | basic --search now works with MS Access | 2010-12-26 23:50:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f2373121d0 | noticed little DoS behavior and lots of connections in netstat (best way to deal with zombie connections is to explicitly close them if not needed any more) | 2010-12-26 14:36:51 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ceeb6374e8 | bug fix (TypeError: object of type 'NoneType' has no len()) | 2010-12-26 13:27:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 569e060aab | important improvement | 2010-12-26 13:20:52 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a555d1ad68 | minor improvement | 2010-12-26 11:15:02 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 320a6f9efb | minor minor update | 2010-12-26 09:55:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 17d74fc83c | cosmeticado | 2010-12-26 09:53:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cd337d9f39 | minor fix | 2010-12-26 09:46:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | eaf4b93856 | minor update | 2010-12-26 09:40:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 562a6440d1 | fix for a bug reported by nightman (same as http://bugs.python.org/issue8797) | 2010-12-26 09:33:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6c72e41972 | minor fix/update | 2010-12-26 02:19:10 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c5c4aae3d5 | minor update (to prevent adding too much items) | 2010-12-25 10:42:36 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b472b96f92 | bug fix, refactoring and improved extractErrorMessage capabilities | 2010-12-25 10:16:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ea7ba19f6b | minor update | 2010-12-25 09:43:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 272476773f | getPageTextWordsSet on tableExists is pretty powerful stuff | 2010-12-25 09:37:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6845d402fa | well, here and there, merry Christmas to all :) | 2010-12-24 20:17:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2d115e0350 | one more fix | 2010-12-24 18:44:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | edcf1a0872 | few bug fixes | 2010-12-24 18:40:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 96a06351a1 | minor fix (in testing phase raise404 should be set to False) | 2010-12-24 12:36:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 2c23a59ba5 | fix for one of those more complex bugs (comparison was returning None while original page and/or page template were already had already DBMS error inside) | 2010-12-24 12:13:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | aab14fa2d3 | minor refactoring/cosmetics | 2010-12-24 11:06:57 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 23dc408901 | prioritization of tests based on DBMS error messages and some comments in common.py | 2010-12-24 10:55:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a09716a701 | minor update | 2010-12-24 10:07:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d9f08e4aa3 | randomization of user agents | 2010-12-24 10:04:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d5eebb1cbf | fix for a fundamentally bad presumtion (ratio should be > 0.6 in stable pages), especially today when we have stuff like where=2; also, just imagine 500s which could just say something like FALSE, while on ratio level it would be far below 0.6 | 2010-12-24 09:49:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cb17e61f35 | bug fix (UnicodeDecodeError: 'ascii' codec can't decode byte 0xa9 in position 959) | 2010-12-24 02:54:26 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8470de7b76 | bug fix for boolean proxy when using time based payloads | 2010-12-23 23:46:08 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7f7fb93155 | cosmetics | 2010-12-23 18:44:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 017ea9e686 | update | 2010-12-23 14:06:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 73f33c1999 | bug fix of re-introduced bug (in multiple target mode sites with similar URI weren't skipped) | 2010-12-23 11:28:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8fc60215ed | lol. this was a pesky bug. heuristic wasn't working on one mssql test site and i couldn't find why. at end the problem was that when the HTTP code was raised (like 500) no parseResponse was called. | 2010-12-22 19:12:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7c06dbffc3 | bug fix (AttributeError: 'unicode' object has no attribute 'sort') | 2010-12-22 18:55:50 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | c1f2534e9a | More bug fixes to properly distinguish between full inband and single-entry inband sql injections | 2010-12-22 15:47:52 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 250608660d | Minor bug fix to always show HTTP request and response when verbose is set accordingly to 4, 5 or 6 regardless of the HTTP response code (error or not) | 2010-12-22 13:41:36 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 5228f336da | Minor fix for ctrl+c during detection phase | 2010-12-22 13:15:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 08c88495d0 | removed that ugly hack | 2010-12-22 13:09:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8212b7b745 | bug fix | 2010-12-22 12:16:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5be9c04e44 | update regarding Sybase syntax | 2010-12-22 10:39:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d974a966b8 | minor fix for end phase (Ctrl+C) | 2010-12-21 23:55:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fb75d0636b | minor update | 2010-12-21 23:42:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 39a13077c4 | minor bug fix | 2010-12-21 23:09:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 09479c85dc | minor bug fix | 2010-12-21 22:35:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7a525f28d4 | cosmetics | 2010-12-21 15:26:23 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b2e7f9484d | minor tuning (2 techniques MAX per value used) | 2010-12-21 15:24:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6c1133c4d4 | some code refactoring | 2010-12-21 15:13:13 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 466d61ee85 | minor fix | 2010-12-21 14:29:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 385e208f38 | code refactoring regarding standard output suppression and some threading issues | 2010-12-21 14:21:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0e68248f60 | minor update of heuristic check | 2010-12-21 12:56:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 16f1f4e13e | when doing dynamic checks there are cases when 404 can be raised (perfectly normal) | 2010-12-21 11:04:49 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | aca074b769 | Removed unused outdated code | 2010-12-21 10:49:52 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | ad6b528b33 | Bit more verbose comment | 2010-12-21 10:47:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6b37ddada4 | removed some blank trailing spaces (with extra/shutils/blanks.sh) | 2010-12-21 10:31:56 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 1a3f57e5fe | Cosmetics | 2010-12-21 09:23:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d554460aec | minor fix | 2010-12-21 01:09:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 116c141dfa | another fix | 2010-12-21 00:47:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 416755c0b7 | minor adjustments | 2010-12-21 00:25:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8067365b93 | fix for a bug reported by m4l1c3 (AttributeError: '_MainThread' object has no attribute 'ident') | 2010-12-20 23:47:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e10670d9ac | added end detection phase choice into Ctrl+C list | 2010-12-20 23:34:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 29001a4fce | minor update | 2010-12-20 23:21:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b34fe5c334 | no more need for such a huge timeout because any timeout exceptions will now be considered as a successful time-based attack (previously we wanted to get back to the program, hence there was such a huge timeout) | 2010-12-20 22:49:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 8fd3e7ba1f | thread based data added | 2010-12-20 22:45:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c9e8aae8a2 | we'll need to do some cleanup around threading data model we use (some of the data we currently use we'll need to spread via copies around used threads) | 2010-12-20 19:34:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e09bc2406c | minor refactoring | 2010-12-20 19:24:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5852bad963 | some refactoring | 2010-12-20 18:56:06 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 19d8733e9a | this is strictly for educational purposes | 2010-12-20 17:30:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c948bced61 | should solve the problem with timeout problems in time-based payloads | 2010-12-20 16:45:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | eaf8929085 | more minor updates | 2010-12-20 10:48:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fd00ff7a82 | minor bug fix | 2010-12-20 10:37:03 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e9f1ecb9e7 | minor update | 2010-12-20 10:32:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 10a7a2dfb2 | kids, don't use this at home | 2010-12-20 10:13:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 13d5b2c0ff | code refactoring | 2010-12-20 09:44:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4cb83654dc | minor update | 2010-12-18 16:28:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 36862e2efa | update | 2010-12-18 15:57:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 21d083272e | minor minor fix | 2010-12-18 14:31:41 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4f73feec2f | now dictionary attack on multiple hash formats is supported (like mysql_passwd and mysql_old_passwd in one database) | 2010-12-18 14:11:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 05c6d661e8 | cosmetics | 2010-12-18 10:49:49 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 03220d34ba | added Ctrl+C check in detection phase | 2010-12-18 10:42:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e355f92f22 | bug fix | 2010-12-18 10:02:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fe67d3827c | code refactoring and some fixes | 2010-12-18 09:51:34 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 108a96c6b4 | some fixes | 2010-12-17 21:45:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a19cb2c13a | code refactoring (added UNKNOWN_DBMS_VERSION instead of "Unknown") | 2010-12-17 21:29:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b4450c6ddd | added one more level of MSSQL version check (if first fails for some reason) | 2010-12-17 21:01:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 07609bfb53 | minor fix | 2010-12-17 19:33:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 323af45ce4 | added one more time request payload to confirm test results | 2010-12-17 07:53:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e3fa3b0e8e | fix for a minor bug reported by nightman (AttributeError: 'NoneType' object has no attribute 'getFingerprint') | 2010-12-17 07:48:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 95b2c0803b | minor fix | 2010-12-15 20:51:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | de54219571 | code refactoring | 2010-12-15 12:50:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cda00c7501 | code refactoring | 2010-12-15 12:43:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3f34b06a24 | minor cosmetics | 2010-12-15 12:34:14 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 445cc3bf3c | minor cosmetics | 2010-12-15 12:15:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c1c525aaea | quick fix of a fix | 2010-12-15 12:10:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 7cfeb5447b | minor update | 2010-12-15 11:46:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4dec24d056 | quick fix for a bug reported by Andreas Constantinides (KeyError: 5) | 2010-12-15 11:30:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f8a01ddaf8 | minor update | 2010-12-15 11:21:47 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 63f5c35c23 | bug fix | 2010-12-15 10:02:58 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c3d0295d21 | minor update (checking for --time-sec value) | 2010-12-14 12:37:21 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b75d7fa348 | minor cache based optimization | 2010-12-14 12:22:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 270ae0f080 | just in case as maybe there will be some boolean expression to check where we won't expect None, but explicitly True/False | 2010-12-14 09:05:00 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 04caef6de0 | Tuning | 2010-12-13 23:04:26 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | cfcee6439e | Cosmetics | 2010-12-13 21:55:30 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 86690682c7 | Minor bug fix to respect -v value in --common-tables and --common-columns | 2010-12-13 21:37:12 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 4b79227b5a | Minor bug fix to properly merge options from .conf file (-c) with command line switches | 2010-12-13 21:36:23 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | db844c1785 | No point in showing the error-based inject payload, it's same as the one showed in -v3 | 2010-12-13 21:35:20 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 698f30e65e | Cosmetics | 2010-12-13 21:34:35 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | a02dd6b55b | Minor enhancement to speedup active dbms fingerprint (-f). Code cleanup and refactoring. | 2010-12-13 21:33:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d56f47d530 | fix for a bug reported by black zero (ValueError: invalid literal for int() with base 10: '1-20') | 2010-12-12 23:59:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6a3c4485e6 | minor update (removing extra ()) | 2010-12-12 14:44:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e98d9c08e1 | dumping table is now possible on Firebird too | 2010-12-12 14:38:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c93634b6c7 | blind dumping of tables in sqlite implemented | 2010-12-11 22:13:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b1babeefe5 | update regarding dumping of tables with blind on Sqlite | 2010-12-11 22:00:16 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f7344a5fc3 | update | 2010-12-11 21:28:11 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6a24048aa6 | urllib2 doesn't play well with '\n' when non unescaped chars used | 2010-12-11 21:17:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e6c66fa37c | update regarding expectingNone in fingerprinting mode to cancel drop down to other techniques available | 2010-12-11 17:55:28 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | e32fa9df43 | further update regarding bugtrace's report | 2010-12-11 17:32:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 5d18c98ec2 | quick fix for a bug reported by bugtrace (not using __goBooleanProxy because we don't have a proper vector this moment) | 2010-12-11 17:20:39 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 03447acc1d | avoiding some trashy match ratios | 2010-12-11 17:12:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d2a3e8f44f | first time firebird error-based query success | 2010-12-11 11:17:24 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | f021548bd0 | added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use) | 2010-12-11 10:52:04 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c17f444aab | minor fix | 2010-12-11 10:22:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3dc0a51d34 | major bug fix with boolean expressions | 2010-12-11 08:46:19 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ac9080c07b | update | 2010-12-11 08:24:29 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 66db80804d | fix | 2010-12-10 16:03:32 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 435f48b8cc | polite cosmetics | 2010-12-10 15:28:56 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 977988c0ab | cosmetics | 2010-12-10 15:24:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fa8d378e80 | another update | 2010-12-10 15:18:15 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1ef44cfe60 | fix | 2010-12-10 15:06:53 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fe186cde55 | proper fix | 2010-12-10 13:26:31 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 9957881040 | you won't believe commit | 2010-12-10 13:20:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1fc9ed10a8 | minor refactoring | 2010-12-10 12:30:36 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 4d8628e8fb | fix for booleans | 2010-12-10 12:26:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | fe2039f5ba | coollyy little commits | 2010-12-10 11:32:46 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d5e7a8d305 | update | 2010-12-10 10:54:17 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b6dcbcef5b | Minor fix | 2010-12-10 10:52:55 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 471d9ccd65 | another fix of my lala | 2010-12-10 10:11:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 029a6abba2 | quick fix | 2010-12-10 09:54:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 441fc8dbd9 | update regarding boolean based expressions | 2010-12-09 21:15:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d5fb921154 | removed debug print | 2010-12-09 20:08:59 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1492823de0 | it wasn't pretty, now it's pretty | 2010-12-09 20:06:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bbffea2cbc | bug fix | 2010-12-09 17:10:22 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 0eb2c408a9 | code refactoring | 2010-12-09 16:49:02 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | df5f6bc1b7 | Little precaution | 2010-12-09 14:06:43 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9230877d98 | cosmetics | 2010-12-09 13:57:38 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 5fb04515d3 | Added hidden (for the moment) switch --technique | 2010-12-09 13:47:17 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | cdff29ada7 | update | 2010-12-09 11:23:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 196131bbca | minor cosmetics | 2010-12-09 10:42:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ec5c08ca7a | cosmetics | 2010-12-09 09:24:20 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 3fd1c37d53 | update | 2010-12-09 07:49:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | db39dc32fc | minor update | 2010-12-09 00:59:39 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 0c01be0eeb | Ugly work-around to avoid unescaping WAITFOR DELAY time between single quotes (unescaped CHAR(..) value does not work). | 2010-12-09 00:34:02 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 9c61adb21d | Cosmetics | 2010-12-09 00:26:06 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | b5c6527c72 | Minor fix | 2010-12-09 00:25:48 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | f5ce739bdf | Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet. | 2010-12-08 23:52:31 +00:00 |  | 
			
				
					| 
							
							
								 Bernardo Damele | 10ef2b5de8 | Minor bug fix | 2010-12-08 23:09:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 54f6673609 | update | 2010-12-08 22:38:26 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | d6077273e0 | update | 2010-12-08 22:14:42 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 258e9fb50e | fix for a "bug" reported by Spencer J. McIntyre (os.makedirs(conf.outputPath, 0755) -> permission denied) | 2010-12-08 21:16:18 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 81c16926c1 | code refactoring some more | 2010-12-08 14:46:07 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 40fadf2f35 | minor update | 2010-12-08 14:33:10 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 95b48746a6 | cosmetics | 2010-12-08 14:29:09 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | ed09c53ee4 | minor minor update | 2010-12-08 14:27:37 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 01cf1394a4 | code refactoring | 2010-12-08 14:26:40 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | af22679605 | minor update | 2010-12-08 13:09:27 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 6223f25dd9 | code beautification | 2010-12-08 13:04:48 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 64cc2588f1 | now resume is available for time-based blinds too | 2010-12-08 12:49:26 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 537b619165 | removing junk | 2010-12-08 12:30:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b5e45939e3 | sqlmap premiere of blind time based query/bisection | 2010-12-08 12:28:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 47bb31fb47 | code refactoring | 2010-12-08 11:30:25 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 1ae2fa7f1a | update regarding time based payloads | 2010-12-08 11:26:54 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | bdff4aba6a | switching to quick_ratio | 2010-12-07 23:57:43 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | c1b82cf09c | ratio() gives a considerable lag on real life cases, as real_quick_ratio() gives almost as good results | 2010-12-07 23:53:44 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | a4a63f5b1e | minor update | 2010-12-07 23:49:00 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 293ce18fed | two major bug fixes regarding time calculation (previously comparison was also a part of "delta", which screwed results in cases with large pages; other was a standard distribution based one) | 2010-12-07 23:32:33 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | b21eb88905 | minor update | 2010-12-07 22:45:38 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 575e50673b | minor update | 2010-12-07 19:27:01 +00:00 |  | 
			
				
					| 
							
							
								 Miroslav Stampar | 398b82644a | little explanation | 2010-12-07 19:25:26 +00:00 |  |