Miroslav Stampar
e61c4c22c9
Implementation for an Issue #200
2012-10-09 15:19:47 +02:00
Bernardo Damele
162da75a04
modified homepage address
2012-07-12 18:38:03 +01:00
Miroslav Stampar
8e18514e56
Minor refactoring for all that stickyness
2012-07-12 15:58:45 +02:00
Bernardo Damele
f704a46341
silly blank line added
2012-07-12 01:38:29 +01:00
Bernardo Damele
a5924739f6
minor code refactoring in preparation of ticket #75
2012-07-12 01:12:30 +01:00
Miroslav Stampar
e948e4d45b
Some more refactoring
2012-07-06 17:18:22 +02:00
Miroslav Stampar
1a8ebbfd43
Minor refactoring
2012-07-06 17:05:47 +02:00
jekil
c39e5a85ba
Removed $id$ tags
2012-06-27 20:56:43 +02:00
Miroslav Stampar
ec44e88db8
lots of refactoring regarding removal of already obsolete session file mechanism
2012-06-21 10:09:10 +00:00
Miroslav Stampar
76c873a222
minor fix
2012-06-15 06:22:44 +00:00
Miroslav Stampar
facce2c0df
some more cleanup
2012-06-14 13:50:36 +00:00
Miroslav Stampar
4e6fcce9ca
minor update
2012-05-26 07:04:32 +00:00
Miroslav Stampar
ce077137c9
minor language update
2012-05-26 07:01:37 +00:00
Miroslav Stampar
d335ec0c34
turning back on time auto-adjustment mechanism (if turned off) after a threshold run of valid chars
2012-05-26 07:00:26 +00:00
Miroslav Stampar
556b349be3
minor fix for retrieving non-printable chars in inference and non-multi threading mode
2012-04-03 14:04:07 +00:00
Miroslav Stampar
7fd64df167
minor code cleaning
2012-03-28 13:31:07 +00:00
Miroslav Stampar
d66056fe39
one more related commit
2012-03-16 13:16:53 +00:00
Miroslav Stampar
ac02a2d92c
minor fix
2012-03-16 13:14:14 +00:00
Miroslav Stampar
b130a9e14e
minor fix (writing to HashDB on any interrupt)
2012-03-16 10:15:43 +00:00
Miroslav Stampar
f4e410db16
minor fix
2012-03-01 10:17:39 +00:00
Miroslav Stampar
37db27b720
turning back on automatic adjusting of delays in time based queries
2012-02-29 15:51:23 +00:00
Miroslav Stampar
c36cbbb3ae
minor fix
2012-02-24 14:54:10 +00:00
Miroslav Stampar
f94b91ad87
added helper function for HashDB data storing/retrieval
2012-02-24 13:07:20 +00:00
Miroslav Stampar
b481c0352f
minor update
2012-02-24 11:25:56 +00:00
Miroslav Stampar
5afbd52b61
more update related to last commits
2012-02-24 10:57:23 +00:00
Miroslav Stampar
570d3a19c2
more general fix
2012-02-24 10:53:28 +00:00
Miroslav Stampar
e8352e504f
fixing problems with chars deletition by logging messages in inference mode
2012-02-24 10:48:19 +00:00
Miroslav Stampar
b3bd4144f5
removing of unused imports together with some general code refactoring
2012-02-22 10:40:11 +00:00
Miroslav Stampar
bcf3255fe1
implementation of switch --hex for 4 major DBMSes
2012-02-21 11:44:48 +00:00
Miroslav Stampar
aee269cc14
gazillion changes, nothing will work, muhahaha
2012-02-17 14:22:48 +00:00
Miroslav Stampar
c1368053e5
minor fix
2012-02-12 18:46:25 +00:00
Miroslav Stampar
b140ef4a14
minor update (preparing for switching to HashDB from old sessionFile)
2012-02-10 10:24:48 +00:00
Miroslav Stampar
8405ef59ac
some estetic updates
2012-02-01 14:49:42 +00:00
Miroslav Stampar
46f42f2fe4
minor fix
2012-01-30 13:10:35 +00:00
Miroslav Stampar
95f89ab63a
updating copyright date
2012-01-11 14:59:46 +00:00
Miroslav Stampar
1f085a0241
now [SLEEPTIME] is changeable properly in vivo
2012-01-05 14:45:05 +00:00
Miroslav Stampar
9d50c806e1
bug fix
2012-01-05 10:55:58 +00:00
Miroslav Stampar
29f502fe29
some refactoring
2011-12-28 16:27:17 +00:00
Miroslav Stampar
526aacb640
code cleanup
2011-12-21 22:59:23 +00:00
Miroslav Stampar
f39170a2c4
minor update
2011-11-22 15:06:51 +00:00
Miroslav Stampar
e290f2b80b
minor update
2011-10-28 11:11:55 +00:00
Miroslav Stampar
8bd3cfdc8e
minor update
2011-10-24 00:17:38 +00:00
Miroslav Stampar
e1dbb4443b
minor update related to the last commit
2011-08-16 07:01:14 +00:00
Miroslav Stampar
7cc5743c5d
minor adjustment of a time based char retrievals (no more infinite increasing of timeSec value for problematic characters)
2011-08-16 06:50:20 +00:00
Miroslav Stampar
6bbb8139a0
update (smaller memory footprint in postprocessing phase because of safecharencode part)
2011-07-25 20:40:31 +00:00
Bernardo Damele
aedcf8c8d7
Changed homepage address
2011-07-07 20:10:03 +00:00
Miroslav Stampar
34d9a91af1
bulk of fixes
2011-07-02 22:48:56 +00:00
Bernardo Damele
9eb683531d
Minor improvement at blind SQL inj technique for DB2
2011-06-27 22:28:12 +00:00
Miroslav Stampar
905fef0eae
now user can explicitly state number of UNION affected columns via --union-cols (e.g. --union-cols=5)
2011-06-18 10:51:14 +00:00
Miroslav Stampar
fde3e4cece
better
2011-06-18 09:52:07 +00:00
Miroslav Stampar
2f129b01c0
"Please consider to provide" is a bad English
2011-06-18 09:46:22 +00:00
Miroslav Stampar
9498a3f259
little stabilization of multi threading
2011-06-17 12:50:28 +00:00
Bernardo Damele
0d8d6a4ace
Cosmetics
2011-06-08 16:08:20 +00:00
Miroslav Stampar
4a9640160e
more concise
2011-06-08 14:35:23 +00:00
Miroslav Stampar
6b81eef65a
refactoring
2011-06-08 14:30:12 +00:00
Miroslav Stampar
50dde39e68
minor update
2011-06-07 10:32:18 +00:00
Miroslav Stampar
8227298057
user friendliness uber 9000
2011-05-27 08:30:52 +00:00
Miroslav Stampar
5369657cd5
fix for cases with retrieved binary files (preventing difflib nagging around comparison)
2011-05-25 20:54:30 +00:00
Bernardo Damele
f56d135438
Minor code restyling
2011-04-30 13:20:05 +00:00
Miroslav Stampar
29ee760021
improving time based data retrieval mechanism
2011-04-17 07:24:18 +00:00
Miroslav Stampar
0387654166
update of copyright string (until year)
2011-04-15 12:33:18 +00:00
Miroslav Stampar
277f16d6b3
removing commented out debug print
2011-04-08 22:44:05 +00:00
Miroslav Stampar
ea52d7acad
minor revisit of inference
2011-03-24 20:10:40 +00:00
Bernardo Damele
60605b6e7c
Major bug fix to make --first and --last apply only to --dump's entries dump phase (in either of the blind SQL injection techs only)
2011-02-27 12:14:13 +00:00
Miroslav Stampar
0edb4ee314
minor fix
2011-02-03 13:28:10 +00:00
Bernardo Damele
6761933f75
Just.. cosmetics ;)
2011-01-31 22:51:14 +00:00
Miroslav Stampar
777a19cfa9
LOL. removing that debug 'True'
2011-01-31 16:22:55 +00:00
Miroslav Stampar
a80fe28631
one more thing ;)
2011-01-31 16:21:28 +00:00
Miroslav Stampar
933d701667
cosmetics
2011-01-31 16:14:44 +00:00
Miroslav Stampar
b1dc928e68
implemented validation for time-based inference
2011-01-31 16:07:23 +00:00
Miroslav Stampar
25463bc67c
fix for a bug (--predict-output) noticed by Bernardo
2011-01-31 15:00:41 +00:00
Bernardo Damele
2a0b03e5c6
Unused import
2011-01-30 17:07:27 +00:00
Miroslav Stampar
367d0639f0
refactoring (class names should always be Capital cased)
2011-01-28 16:36:09 +00:00
Miroslav Stampar
ddd296030d
added some more info to unhandled exception message(s)
2011-01-28 16:15:45 +00:00
Miroslav Stampar
8d0c2efbe2
unescaping of char marked payloads
2011-01-24 12:00:16 +00:00
Miroslav Stampar
a4a0f10950
minor minor minor
2011-01-20 09:25:34 +00:00
Bernardo Damele
bade0e3124
Major code refactoring - centralized all kb.dbms* info for both retrieval and set.
2011-01-19 23:06:15 +00:00
Miroslav Stampar
eadaf680de
fuck yea
2011-01-19 15:25:48 +00:00
Bernardo Damele
3822b494ea
Major bug fix to properly deal with EXISTS() when forging query or retrieving the query columns.
2011-01-17 23:43:37 +00:00
Miroslav Stampar
5c857779c1
important fix for unicode based character inference
2011-01-17 10:15:19 +00:00
Miroslav Stampar
30d6791968
update regarding time based data retrieval
2011-01-16 17:52:42 +00:00
Miroslav Stampar
71391874eb
slightly faster and thread safer inference
2011-01-16 10:52:42 +00:00
Bernardo Damele
6e4b65a822
Minor refactoring
2011-01-15 23:28:31 +00:00
Bernardo Damele
2ac8debea0
Major code refactoring - moved to one location only (getIdentifiedDBMS() in common.py) the retrieval of identified/fingerprinted DBMS.
...
Minor bug fixes thanks to previous refactoring too.
2011-01-13 17:36:54 +00:00
Bernardo Damele
06230e4d92
Minor code refactoring and cosmetics
2011-01-11 21:46:21 +00:00
Miroslav Stampar
7ae5192070
adding filtering of strings for control chars in blind inference mode (way to handle either errornous values, or either binary data)
2011-01-05 10:25:07 +00:00
Miroslav Stampar
edcf1a0872
few bug fixes
2010-12-24 18:40:48 +00:00
Miroslav Stampar
385e208f38
code refactoring regarding standard output suppression and some threading issues
2010-12-21 14:21:24 +00:00
Miroslav Stampar
5852bad963
some refactoring
2010-12-20 18:56:06 +00:00
Miroslav Stampar
36862e2efa
update
2010-12-18 15:57:47 +00:00
Miroslav Stampar
6a24048aa6
urllib2 doesn't play well with '\n' when non unescaped chars used
2010-12-11 21:17:54 +00:00
Miroslav Stampar
f021548bd0
added inference failsafe (like in for instance Firebirds SUBSTR always returns a string value, no matter which starting index you use)
2010-12-11 10:52:04 +00:00
Miroslav Stampar
c17f444aab
minor fix
2010-12-11 10:22:18 +00:00
Miroslav Stampar
fe2039f5ba
coollyy little commits
2010-12-10 11:32:46 +00:00
Miroslav Stampar
cdff29ada7
update
2010-12-09 11:23:44 +00:00
Bernardo Damele
f5ce739bdf
Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet.
2010-12-08 23:52:31 +00:00
Miroslav Stampar
01cf1394a4
code refactoring
2010-12-08 14:26:40 +00:00
Miroslav Stampar
6223f25dd9
code beautification
2010-12-08 13:04:48 +00:00
Miroslav Stampar
b5e45939e3
sqlmap premiere of blind time based query/bisection
2010-12-08 12:28:54 +00:00
Bernardo Damele
c22338ce90
Removed --error-test, --stacked-test and --time-test switches and adapted the code accordingly. This is due to the fact that the new XML based detection engine already supports all of those tests (and more).
2010-11-29 11:47:58 +00:00
Bernardo Damele
7e3b24afe6
Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
...
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
17486e472a
Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only!
2010-11-17 22:00:09 +00:00
Bernardo Damele
45ec8c169a
Consistency between --*-test switches/output
2010-11-08 16:46:25 +00:00
Miroslav Stampar
862395ced1
further refactoring (all enumerations are now put into enums.py)
2010-11-08 09:20:02 +00:00
Bernardo Damele
ea1b0d31be
Avoid displaying single retrieved character when --verbose > 2
2010-11-07 22:42:56 +00:00
Bernardo Damele
b6da946883
Added one new verbose level, -v 3 now shows the full injected payload.
...
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
d3e7e89e60
major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces
2010-11-07 21:18:09 +00:00
Miroslav Stampar
3f0a443b83
some updates
2010-11-04 23:08:59 +00:00
Miroslav Stampar
cd0d4135ac
implemented --banner for MaxDB and some minor fixes
2010-11-02 20:51:55 +00:00
Miroslav Stampar
5269cb8c08
some code refactoring and beautification
2010-11-02 09:06:38 +00:00
Miroslav Stampar
13e93f564a
one bug fix in dynamic content engine and some code refactoring
2010-11-02 07:32:08 +00:00
Miroslav Stampar
73b33ed765
fix for a bug reported by Ulisses Castro (Too many open files) - also, added an important caching mechanism with thread safe logic
2010-11-01 20:56:13 +00:00
Bernardo Damele
486a113560
Consolidate logger messages for --*-test switches
2010-10-31 16:58:38 +00:00
Miroslav Stampar
5a38ac7ea9
important update regarding (Bug #209 ) - probably more will be needed
2010-10-29 16:11:50 +00:00
Bernardo Damele
215175e3b7
Minor code adjustments
2010-10-25 14:11:47 +00:00
Miroslav Stampar
98f5586b87
minor update
2010-10-23 08:05:24 +00:00
Miroslav Stampar
bc79eec702
removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO)
2010-10-21 13:13:12 +00:00
Miroslav Stampar
4009ef385e
more update regarding error based injection support
2010-10-19 18:17:34 +00:00
Bernardo Damele
64b9f94fcf
Renamed --common-prediction switch to --predict-output
2010-10-16 23:50:13 +00:00
Bernardo Damele
2129935e06
Split character for tamper scripts (--tamper option) is now comma, not semi-colon.
...
Minor enhancement
2010-10-16 21:52:16 +00:00
Miroslav Stampar
1336b97c2c
removed --useBetween switch and added new tampering module ./tamper/between.py
2010-10-15 23:48:07 +00:00
Miroslav Stampar
4f7f20b94f
sorry, cosmetics
2010-10-14 23:18:29 +00:00
Bernardo Damele
1674142d82
Minor cosmetic fixes
2010-10-14 15:28:54 +00:00
Miroslav Stampar
8b48833136
large commit with copyright header modifications
2010-10-14 14:41:14 +00:00
Miroslav Stampar
b37dca1c2c
minor adjustment
2010-07-19 09:06:19 +00:00
Miroslav Stampar
9edd468caf
multithreading save to session on abort
2010-07-19 08:37:45 +00:00
Bernardo Damele
7349f3a70f
Closes #197
2010-07-01 15:25:57 +00:00
Miroslav Stampar
bb9401ba52
minor minor fixup
2010-07-01 14:14:43 +00:00
Miroslav Stampar
9d28ae23ca
fixup for situations with unexpected LENGTHs in multithreaded mode (e.g. UTF8 data retrieval)
2010-07-01 14:11:45 +00:00
Bernardo Damele
17e228024b
Minor enhancements and bug fixes to "good samaritan" feature - see #4
2010-06-21 14:40:12 +00:00
Bernardo Damele
b98f6ac71c
Minor layout adjustment
2010-06-17 13:27:43 +00:00
Bernardo Damele
fd76f048b6
Added common pattern value support to bisection algorithm
2010-06-17 11:38:32 +00:00
Miroslav Stampar
35642a0450
some more adjustments
2010-06-10 15:03:08 +00:00
Miroslav Stampar
1b30c46348
fix for an bug reported by David Guimaraes
2010-06-10 14:52:33 +00:00
Miroslav Stampar
7fbeebc4d9
grammar fix
2010-06-03 08:55:13 +00:00
Miroslav Stampar
bf071d33d2
some comments added
2010-06-02 15:18:33 +00:00
Miroslav Stampar
af2f184464
some comments regarding inference.py
2010-05-31 15:20:20 +00:00
Bernardo Damele
6df2d98fc9
Minor bug fix in common.py goGoodSamaritan().
...
Minor code cleanup and adjustments.
2010-05-31 15:05:29 +00:00
Miroslav Stampar
4bb5885413
some changes regarding --common-outputs feature
2010-05-31 09:41:41 +00:00
Bernardo Damele
b798222dd7
Minor fixes
2010-05-30 14:53:13 +00:00
Miroslav Stampar
655bd79fc4
some renaming
2010-05-28 10:50:54 +00:00
Miroslav Stampar
838762fb00
previous quick fix removal
2010-05-28 10:38:23 +00:00
Miroslav Stampar
7ef286a76f
some speed up
2010-05-28 10:33:09 +00:00
Miroslav Stampar
48c0f4f053
minor fix
2010-05-28 10:17:03 +00:00
Miroslav Stampar
4eccf1a25d
quick fix
2010-05-28 10:01:19 +00:00
Bernardo Damele
9de1671b8f
Code refactoring and minor bug fixes.
2010-05-27 16:45:09 +00:00
Miroslav Stampar
ce29c841cf
some comments added
2010-05-26 11:14:22 +00:00
Miroslav Stampar
bbdbe44e3f
fuck yea, first tests (MySQL/--tables & --common-prediction) are great :)
2010-05-26 10:41:37 +00:00
Miroslav Stampar
7f0db26e99
more code updates regarding good samaritan (common output) feature
2010-05-26 09:48:20 +00:00
Miroslav Stampar
8ed76b3024
minor update regarding good samaritan
2010-05-25 14:51:02 +00:00