sqlmapproject/sqlmap
1
1
Fork 0
mirror of https://github.com/sqlmapproject/sqlmap.git synced 2025-02-25 08:10:39 +03:00
Code Issues Packages Projects Releases Wiki Activity
4,669 Commits 4 Branches 122 Tags 100 MiB
96df0ba061
Commit Graph

392 Commits

Author SHA1 Message Date
Miroslav Stampar
3532d23933 automatically extending ranges for UNION tests in case where at least one other injection technique is usable (boundaries has been established) 2012-04-23 13:41:36 +00:00
Miroslav Stampar
54576ab3a6 making a random choice from candidates 2012-04-13 10:54:30 +00:00
Miroslav Stampar
bbbcc95fe5 use it only if page is stable 2012-04-13 10:19:26 +00:00
Miroslav Stampar
b45ae10da4 minor fixes 2012-04-11 21:36:37 +00:00
Miroslav Stampar
e33ea7c33a minor fix 2012-04-10 22:29:39 +00:00
Miroslav Stampar
a82206cec4 minor cosmetics 2012-04-10 21:57:00 +00:00
Miroslav Stampar
119eec3598 improving "boolean detection" by automatic recognition of convenient --string candidate 2012-04-10 21:48:34 +00:00
Miroslav Stampar
56638f9e95 making --no-cast unhidden and renaming --negative-logic to --logical-negate to prevent confusion with stuff used in OR boolean based injection 2012-03-30 10:50:01 +00:00
Miroslav Stampar
637a8d8273 improvement toward proper implementation of OR-based injection by usage of "negative logic" mechanism 2012-03-29 14:33:27 +00:00
Miroslav Stampar
ce4c697bbd disabling "negative logic" as it's not half done (it was "luckily" working for --string/--regex/--code but it was a sheer luck); removing "dirty fix" from checks.py; proof that this was not ready for the release is that there was not check for negative logic anywhere for anything more then --string/--regex/--code 2012-03-29 13:39:12 +00:00
Miroslav Stampar
c9cac957bb adding one more case for false positive check (Generic tests without any DBMS knowledge) 2012-03-29 09:56:09 +00:00
Miroslav Stampar
3abcd6910a strange combination of "Set-Cookie" and interleaved pattern of True/False like responses can result in bypassing of the ABAB test 2012-03-22 00:06:50 +00:00
Miroslav Stampar
0fc4288a7c modifying redirection code for only two choices 2012-03-18 17:27:08 +00:00
Miroslav Stampar
577caac4de putting kb.negativeLogic setting to the safe place 2012-03-16 09:17:11 +00:00
Miroslav Stampar
7d313ac911 few more fixes for proper redirecting mechanism 2012-03-15 19:47:59 +00:00
Bernardo Damele
4520744b4d second step toward negative logic support (ported to detection phase too) - works well with --string, --regexp and --code now 2012-03-15 16:25:26 +00:00
Miroslav Stampar
a7fbc55748 grammar fix 2012-03-13 22:03:23 +00:00
Miroslav Stampar
c878dd3e5a doing a dummy test for --os-shell in case of xp_cmdshell 2012-03-09 14:21:41 +00:00
Miroslav Stampar
a0b46963cb minor fix for some special "unusable" cases (seen on Access/ODBC/Linux setup) 2012-03-09 10:28:19 +00:00
Miroslav Stampar
0ead1fd87e minor update 2012-03-05 09:42:52 +00:00
Miroslav Stampar
1ec56f93ec minor update 2012-03-01 10:10:19 +00:00
Miroslav Stampar
f142c0f782 minor update 2012-02-28 14:04:13 +00:00
Miroslav Stampar
6e54cb171f minor code restyling 2012-02-22 15:53:36 +00:00
Miroslav Stampar
b3bd4144f5 removing of unused imports together with some general code refactoring 2012-02-22 10:40:11 +00:00
Miroslav Stampar
844fc8addb minor cleanup 2012-02-16 10:19:36 +00:00
Miroslav Stampar
11af0b1bbc minor fix 2012-02-07 11:16:03 +00:00
Miroslav Stampar
8405ef59ac some estetic updates 2012-02-01 14:49:42 +00:00
Miroslav Stampar
23117e72ca minor improvement 2012-01-13 20:56:06 +00:00
Miroslav Stampar
95f89ab63a updating copyright date 2012-01-11 14:59:46 +00:00
Miroslav Stampar
1f085a0241 now [SLEEPTIME] is changeable properly in vivo 2012-01-05 14:45:05 +00:00
Miroslav Stampar
94d43a4135 minor bug fix 2011-12-30 14:20:06 +00:00
Miroslav Stampar
f622995a29 compatibility with partial union and error technique resumed data 2011-12-22 12:20:21 +00:00
Miroslav Stampar
6f8d8a15aa minor update 2011-12-22 11:55:02 +00:00
Miroslav Stampar
95cd9e2af3 adding support for scanning Host header values (-p host) 2011-12-20 12:52:41 +00:00
Miroslav Stampar
c57941c102 minor beautification 2011-12-15 23:33:44 +00:00
Miroslav Stampar
27d244b326 minor update 2011-12-15 23:29:11 +00:00
Miroslav Stampar
0f5d48ff20 minor update 2011-12-05 09:25:56 +00:00
Miroslav Stampar
2842c13d75 minor update 2011-11-29 16:59:06 +00:00
Miroslav Stampar
2ed3efba12 speed optimization and bug fix (kb.absFilePaths were not stored previously; also, they are now extracted only in heuristic phase) 2011-11-22 08:39:13 +00:00
Miroslav Stampar
49fddaf668 minor update (for cases with 404 original page - e.g. time based injections in some cases) 2011-11-20 23:11:18 +00:00
Miroslav Stampar
8c32b3653b minor update of false positive check (in considerable amount of cases minus char is filtered/used for other means) 2011-11-20 20:27:30 +00:00
Miroslav Stampar
20ae1c2187 added switch --logic-negative 2011-10-24 00:40:06 +00:00
Miroslav Stampar
4989e8e6d3 minor update 2011-10-10 17:29:54 +00:00
Miroslav Stampar
b888a84764 minor update 2011-09-27 14:31:58 +00:00
Miroslav Stampar
88f1110c44 adding a new (for now) hidden switch --test-filter for filtering tests by their name 2011-09-27 14:09:25 +00:00
Miroslav Stampar
7e80274fac refactoring 2011-09-25 21:10:45 +00:00
Miroslav Stampar
f46baac70b bug fix (when comment is None this was errornous) 2011-08-17 10:58:29 +00:00
Bernardo Damele
702ed73a65 Added --code switch to match in boolean-based tests against the HTTP response code 2011-08-12 16:48:11 +00:00
Bernardo Damele
fff4c34e33 Search for --string and --regexp matches also in HTTP response headers 2011-08-12 15:33:37 +00:00
Miroslav Stampar
2ad267132a minor update for empty normal responses (like AJAX requests) 2011-08-05 10:55:21 +00:00
Miroslav Stampar
07afcd5440 fix for a bug reported by Ahmed Shawky (when user uses --suffix intermixing test default comments with the provided suffix is a big no no) 2011-08-02 18:20:21 +00:00
Bernardo Damele
6cbb927012 Partial fix for -o not resumed at following runs if missing from command line 2011-07-25 11:05:49 +00:00
Miroslav Stampar
c517e97a44 few fixes and minor cosmetics 2011-07-08 06:02:31 +00:00
Bernardo Damele
aedcf8c8d7 Changed homepage address 2011-07-07 20:10:03 +00:00
Bernardo Damele
0d28c1e9e7 cosmetics 2011-07-06 20:41:13 +00:00
Miroslav Stampar
93b296e02c few bug fixes (NTLM credential parsing was wrong), some switch reordering (few Misc to General), implemented --check-waf switch (irony is that this will also be called highly experimental/unstable while other things will be called "major/turbo/super bug fix/implementation") 2011-07-06 05:44:47 +00:00
Miroslav Stampar
8a8b94883b minor update (that default quit in --batch was bothering me - my original idea and it was bad :) 2011-06-27 14:14:49 +00:00
Miroslav Stampar
c4cb367e65 looks nicer (though --tor is implicitly converted into --proxy) 2011-06-24 19:00:53 +00:00
Miroslav Stampar
2de88bd90b minor update 2011-06-24 17:19:24 +00:00
Bernardo Damele
f8c32cf6b9 Moved folder 2011-06-18 12:34:41 +00:00
Miroslav Stampar
25b923bbc3 minor fixes and minor updates 2011-06-16 12:12:30 +00:00
Miroslav Stampar
4d51fa8155 minor update planned for a long time (in case of heuristic test was positive warn the user properly at the end if program fails) 2011-06-15 17:37:28 +00:00
Miroslav Stampar
9331abb96f minor update 2011-06-11 08:33:36 +00:00
Bernardo Damele
d217cf71b2 Minor bug fix 2011-06-08 23:32:44 +00:00
Miroslav Stampar
d8155dfae9 change by request 2011-06-08 14:44:11 +00:00
Bernardo Damele
0d3e8a76d8 Cosmetics and a missing param 2011-06-08 14:40:42 +00:00
Miroslav Stampar
4a9640160e more concise 2011-06-08 14:35:23 +00:00
Miroslav Stampar
1c633b7351 i am tired of pressing hundred times Ctrl+C in testing phase if --batch is specified 2011-06-07 22:14:18 +00:00
Miroslav Stampar
97d8c60c3f better language 2011-06-03 15:58:19 +00:00
Miroslav Stampar
0a620bf322 more info to the user 2011-06-03 15:43:50 +00:00
Miroslav Stampar
8aa5625cd0 proper fix related to the last commit 2011-06-01 23:00:18 +00:00
Miroslav Stampar
fd57aae779 bug fix (until this moment we had UNION unfunctional for MSSQL) 2011-06-01 22:47:54 +00:00
Miroslav Stampar
45caadbd4a important update - finally found what was causing headache for UNION payloads in noticeable number of cases 2011-05-26 21:54:19 +00:00
Miroslav Stampar
97bd5355dd minor update 2011-05-26 21:18:55 +00:00
Miroslav Stampar
4f46a5ab63 minor usability enhancement regarding warning for --text-only switch 2011-05-26 20:48:18 +00:00
Miroslav Stampar
f11d5c91e3 minor update so that only one DNS request per scan is being done (before this commit there were two) 2011-05-12 14:32:39 +00:00
Miroslav Stampar
120b0d756e unfix 2011-05-10 21:33:06 +00:00
Bernardo Damele
3a8309c4b0 Major bug fix to detect UNION query technique and various improvements to parsing and using of --union-char and --union-cols switches 2011-05-10 15:34:54 +00:00
Bernardo Damele
1151af52bb More fix for save/resume of --technique 2011-05-07 21:08:14 +00:00
Bernardo Damele
2d8408c885 More fix for --technique resume 2011-05-05 16:38:46 +00:00
Bernardo Damele
6cff3e97f4 cosmetics 2011-05-02 21:48:08 +00:00
Miroslav Stampar
06498796b9 minor cosmetics 2011-05-02 20:51:53 +00:00
Bernardo Damele
955dbc85e7 Minor variable rename 2011-04-30 15:29:59 +00:00
Bernardo Damele
f56d135438 Minor code restyling 2011-04-30 13:20:05 +00:00
Bernardo Damele
441c288dd9 cosmeticados 2011-04-25 00:36:09 +00:00
Miroslav Stampar
304500a2e8 implemented checkFalsePositives method (simple Turing like tests) 2011-04-22 12:24:16 +00:00
Miroslav Stampar
df0331fe9b some more refactoring 2011-04-19 23:04:10 +00:00
Miroslav Stampar
9b0db33cc5 initial page request can result in unwanted lag (e.g. slow DNS response,...), hence it's response time shouldn't be a part of response time statistical model 2011-04-19 08:55:38 +00:00
Miroslav Stampar
0387654166 update of copyright string (until year) 2011-04-15 12:33:18 +00:00
Bernardo Damele
5b21352656 cosmeticados ;) 2011-04-08 10:39:07 +00:00
Bernardo Damele
c6b9d89d31 Accept [RANDNUM] as <char> in payloads.xml and handle it accordingly 2011-04-07 11:10:35 +00:00
Bernardo Damele
05d12790f1 closes #219 - unhidden switch --technique and adapted code accordingly (renamed conf.technique to conf.tech to fit properly in the -h help message) 2011-04-06 14:41:44 +00:00
Miroslav Stampar
0916117447 improvement of error-based testing (no more sqlmap aborting on error-based payloads which happens very often on MySQL servers); also, minor improvement on brute forcing of column names 2011-03-30 18:32:10 +00:00
Miroslav Stampar
dd01d66f13 proper update regarding last commit 2011-03-29 22:10:08 +00:00
Miroslav Stampar
b5c9ccb755 Oracle XML based error payload has problems with char $ as with space 2011-03-21 13:13:12 +00:00
Miroslav Stampar
970cde5a8a minor update regarding last commit 2011-03-17 09:23:46 +00:00
Miroslav Stampar
e64f225e65 minor refactoring 2011-03-11 20:16:34 +00:00
Miroslav Stampar
90582ed7dc minor change 2011-02-21 11:35:21 +00:00
Miroslav Stampar
6cdf08b81c minor fix 2011-02-17 21:51:40 +00:00
Miroslav Stampar
22cd49a217 --technique can now be something like 123 which includes both techniques 1, 2 and 3 2011-02-17 21:39:16 +00:00