sqlmap

mirror of https://github.com/sqlmapproject/sqlmap.git synced 2024-11-23 01:56:36 +03:00

Author	SHA1	Message	Date
Miroslav Stampar	30a4173249	I like users which don't know the difference between detection and identification	2016-05-22 12:40:23 +02:00
Miroslav Stampar	5e8b105677	Fixes #1880	2016-05-19 19:46:12 +02:00
Miroslav Stampar	be9381abc5	Implements #1845	2016-05-06 13:06:59 +02:00
Miroslav Stampar	9dd5cd8eb6	Removing CloudFlare check	2016-04-29 00:17:07 +02:00
Miroslav Stampar	aa21550712	Minor patch for integer casting heuristics (circumvent auto-casting by DBMS itself)	2016-04-15 13:47:19 +02:00
Miroslav Stampar	d7cdb6cbd8	Minor update	2016-02-06 20:16:33 +01:00
Miroslav Stampar	62f94f6587	Adding comments (Issue #1681 )	2016-01-26 07:52:25 +01:00
Miroslav Stampar	574b3a79aa	Adding support for detection of CloudFlare responses	2016-01-21 10:16:23 +01:00
Miroslav Stampar	59695af101	Minor improvement of heuristic checks	2016-01-14 22:21:47 +01:00
Miroslav Stampar	bdcf3fffba	Minor update related to the last (error results in OR boolean-based blind should not be the same as True to be able to do proper comparison)	2016-01-14 13:40:50 +01:00
Miroslav Stampar	c7ef9429ae	Minor check for problematic injections	2016-01-14 13:16:44 +01:00
Miroslav Stampar	4c1fc095d8	Adding heuristic check for FI vulnerability	2016-01-14 09:59:13 +01:00
Miroslav Stampar	a8c6c6fca1	Minor update related to the last one	2016-01-13 23:47:34 +01:00
Miroslav Stampar	4e29e1b351	Fixing wrong commit #4f939b5719716dfe9bd085c4f67696bc11064edd	2016-01-13 23:34:42 +01:00
Miroslav Stampar	8362bdcf66	Fix for screw up made by #52dd92748a50bcee4fb979ea49185840ff6743b9	2016-01-13 23:16:27 +01:00
Miroslav Stampar	eb989469f3	Minor just in case update	2016-01-12 10:27:04 +01:00
Miroslav Stampar	48ac2101f2	Using only once the dummy checkWaf payload	2016-01-08 23:23:41 +01:00
Miroslav Stampar	d0d676ccce	Update of copyright string	2016-01-06 00:06:12 +01:00
Miroslav Stampar	c6d4217495	Minor update (just in case)	2015-12-03 02:08:59 +01:00
Miroslav Stampar	53de0e8949	Implements #1442	2015-10-01 11:57:33 +02:00
Miroslav Stampar	81caf14b6d	Adding switch --skip-waf	2015-09-21 14:57:44 +02:00
Miroslav Stampar	e81e474646	Minor adjustment	2015-09-21 14:46:34 +02:00
Miroslav Stampar	56f0b811a6	Minor patch	2015-09-21 13:23:56 +02:00
Miroslav Stampar	f494004f44	Switching to the getSafeExString (where it can be used)	2015-09-10 15:51:33 +02:00
Miroslav Stampar	c1f829d131	Removing last remnants of bad handling the exceptions as strings	2015-09-08 11:15:31 +02:00
Miroslav Stampar	e623ee66ad	Better approach for #1320	2015-07-30 23:29:31 +02:00
Miroslav Stampar	58002c5057	Minor cosmetics	2015-07-23 09:55:59 +02:00
Miroslav Stampar	21e8182ac6	Fixes #1305	2015-07-18 17:01:34 +02:00
Miroslav Stampar	16f8e4c8ba	Removing unused imports	2015-07-12 12:25:02 +02:00
Miroslav Stampar	10f8c6a0b6	Introducing --offline switch (to perform session only lookups)	2015-07-10 16:10:24 +02:00
Miroslav Stampar	0ba264bfa0	Minor patch	2015-07-10 09:51:11 +02:00
Miroslav Stampar	4baaa4a5ad	Minor improvement	2015-07-10 09:24:14 +02:00
Miroslav Stampar	9ff115ce71	Minor patch	2015-07-10 01:33:53 +02:00
Miroslav Stampar	02470ea683	Further decreasing number of testing payloads	2015-07-10 01:19:46 +02:00
Miroslav Stampar	48b627f3ff	Prevent double tests (e.g. in same final tests where suffix is cut by the comment)	2015-07-10 00:54:02 +02:00
Miroslav Stampar	ca2f63c672	Test speed up in case of boolean based blind	2015-07-10 00:37:59 +02:00
Miroslav Stampar	96327b6701	Fixes #1290	2015-07-05 01:47:01 +02:00
Miroslav Stampar	1f71d809d4	Fixes #1288	2015-07-03 08:55:33 +02:00
Miroslav Stampar	08caca387b	Minor patch of automatic WAF heuristic check	2015-05-29 16:01:41 +02:00
Miroslav Stampar	adc8ac267d	Fixes #1190	2015-03-10 09:23:26 +01:00
Bernardo Damele	8281fe48e5	bug fix: test for boundaries with high levels if the test was extended	2015-03-01 11:02:05 +00:00
Bernardo Damele	2f08c8b666	bug fix: do not skil heuristic check if previous page (test for dynamicity) had DBMS message. Code cleanup	2015-02-27 13:57:28 +00:00
Bernardo Damele	475cc8b24b	trivial code cleanup	2015-02-21 13:12:30 +00:00
Bernardo Damele	d235ee375b	code cleanup	2015-02-21 12:59:44 +00:00
Bernardo Damele	52dd92748a	rework some of the logic of the detection phase based on identified DBMS along the way	2015-02-21 02:23:42 +00:00
Bernardo Damele	4f939b5719	avoid false positive message when extensive heuristic check is performed following detection of boolean blind injection detection: do only heuristic DBMS fingerprint for DBMS specific tables	2015-02-20 18:36:34 +00:00
Bernardo Damele	214b9360e9	Minor fix to check for inline query payloads regardless of previously identified payloads and code cleanup	2015-02-20 18:30:42 +00:00
Bernardo Damele	79d4d970a5	trivial code cleanup	2015-02-20 15:42:28 +00:00
Bernardo Damele	201b605f9b	Minor fix and consistency: do not ask to include all tests if level and risk are at the max settings already	2015-02-20 10:21:44 +00:00
Bernardo Damele	e17d212c23	bug fix introduced with `863d5a6281`	2015-02-15 20:07:52 +00:00
Bernardo Damele	863d5a6281	--test-filter now ignores values of --risk and --level	2015-02-15 16:28:37 +00:00
Miroslav Stampar	2e5c11e427	Closes #1163	2015-02-13 10:59:03 +01:00
Miroslav Stampar	2e9bf47703	Heuristic check for WAF/IDS/IPS is now prone to tamper functions (Issue #1145 )	2015-01-30 22:12:35 +01:00
Miroslav Stampar	b7cfaa6ca5	Minor style update	2015-01-22 08:55:37 +01:00
Miroslav Stampar	a603002acd	Adding a choice to automatically turn on --identify-waf if protection has been detected	2015-01-20 09:38:18 +01:00
Miroslav Stampar	45bdefd29b	Update of copyright	2015-01-06 15:02:16 +01:00
Miroslav Stampar	6fc41ca940	Heuristically checking for WAF/IDS/IPS by default	2015-01-06 14:01:47 +01:00
Miroslav Stampar	e6de92ce88	Minor patch (unicode related)	2014-12-15 13:36:08 +01:00
Miroslav Stampar	1e06e7c386	Adding a debug message during name resolution	2014-12-11 13:29:26 +01:00
Miroslav Stampar	9b32e69f26	Adding new WAF script (UrlScan)	2014-12-04 10:06:15 +01:00
Miroslav Stampar	f0802c6fb9	Update for an Issue #431	2014-11-21 11:20:54 +01:00
Miroslav Stampar	c6a8feea8a	Fix for an Issue #831	2014-10-07 12:00:11 +02:00
Miroslav Stampar	f67a38dba9	Minor adjustment	2014-10-01 13:42:10 +02:00
Miroslav Stampar	a9454fbb43	Minor commit related to the last one (bypassing DBMS error trimming problem)	2014-10-01 13:35:20 +02:00
Miroslav Stampar	8c9014c39f	Adding a dummy (auxiliary) XSS check	2014-10-01 13:31:48 +02:00
Miroslav Stampar	bfc8ab0e35	Language update	2014-09-08 14:48:31 +02:00
Miroslav Stampar	53d0d5bf8b	Minor update (adding a warning message about potential dropping of requests because of protection mechanisms involved)	2014-09-08 14:33:13 +02:00
Miroslav Stampar	20ff402103	Minor patch	2014-08-30 22:04:55 +02:00
Miroslav Stampar	1a9a331422	Bug fix (proper extending of tests when dbms is known)	2014-08-30 21:34:23 +02:00
Miroslav Stampar	834f8e18c8	Minor patch for an Issue #802	2014-08-28 00:45:57 +02:00
Miroslav Stampar	b77d8d617b	Minor patch for an Issue #800	2014-08-28 00:31:49 +02:00
Miroslav Stampar	7828f61642	Minor style update	2014-08-20 13:35:41 +02:00
Miroslav Stampar	6795b51c7e	Another minor update	2014-08-20 01:59:30 +02:00
Miroslav Stampar	d08c1b7c04	Minor update	2014-08-20 01:45:42 +02:00
Miroslav Stampar	ebc964267f	Better reporting on filtered-chars cases	2014-08-20 01:11:26 +02:00
Miroslav Stampar	b31e141012	Fix for an Issue #772	2014-07-29 14:37:48 +02:00
Miroslav Stampar	0eb5fb1e5a	Update for an Issue #757	2014-07-19 23:02:14 +02:00
Miroslav Stampar	2a88436417	Patch for an Issue #724	2014-06-16 09:51:24 +02:00
Miroslav Stampar	106102bd3c	Fix for an Issue #648	2014-03-21 20:28:29 +01:00
Miroslav Stampar	3b47418a1d	Fix for an Issue #640	2014-03-14 22:20:20 +01:00
Miroslav Stampar	2ffdee5733	Bug fix for PAYLOAD.WHERE.REPLACE payloads containing custom injection marker ([ORIGVALUE] was screwed)	2014-02-26 11:41:48 +01:00
Miroslav Stampar	edc8ef9d5b	Patch for an Issue #611 (original page used in case of tamper functions was wrong - e.g. if --tamper=base64encode was used)	2014-02-25 13:48:34 +01:00
Miroslav Stampar	2a423d61ef	Raising number of requests for false positive testing in case of higher levels	2014-02-23 19:40:01 +01:00
Miroslav Stampar	fe0ff6e679	Changing 'is injectable' to 'seems to be injectable' for boolean and time-based blind injection cases - for false positive cases	2014-02-09 17:50:16 +01:00
Miroslav Stampar	f97fcb7bb3	Adding a switch --invalid-string	2014-01-23 21:56:06 +01:00
Miroslav Stampar	f88f6dcd7e	Changing --invalid-bignum from float producing to int producing	2014-01-23 09:07:25 +01:00
Bernardo Damele	43a4e85749	updated copyright	2014-01-13 17:24:49 +00:00
Miroslav Stampar	6c80f2903b	Patch for an Issue #564	2013-12-27 11:02:59 +01:00
Miroslav Stampar	7ed05f01b3	Minor update	2013-10-27 00:24:57 +02:00
Miroslav Stampar	334c698d53	Adding change verbosity level in testing phase when Ctrl+C pressed	2013-10-17 16:54:53 +02:00
Miroslav Stampar	2dc570d7a8	Minor patch (for ORDER BY 'col' cases)	2013-10-10 23:08:20 +02:00
Miroslav Stampar	369006ca73	Bug fix	2013-10-07 12:54:25 +02:00
Miroslav Stampar	0cf2bdeb1c	Minor language update	2013-08-22 11:11:30 +02:00
Miroslav Stampar	941b2387c0	Minor fix	2013-07-31 09:22:45 +02:00
stamparm	e6f71c2130	Making 10% less requests in futile higher level/risk runs (using static template payloads for where==NEGATIVE)	2013-07-15 16:24:49 +02:00
stamparm	c9d3974205	Minor fix (templatePayload had duplicate string patterns for where==NEGATIVE)	2013-07-15 13:54:02 +02:00
stamparm	ac2d40e259	Revert of last commit (there is a chance that that big integer value is really valid :)	2013-07-15 13:34:38 +02:00
stamparm	a097ee1505	Switching --invalid-bignum to a pure integer constant (more generic - more statements require pure integer constant)	2013-07-15 13:31:56 +02:00
stamparm	d7c0805e7c	Removing leftover	2013-07-08 12:45:02 +02:00
stamparm	a548eb5c70	Minor text update	2013-07-08 12:44:14 +02:00

1 2 3 4 5 ...

599 Commits