Commit Graph

108 Commits

Author SHA1 Message Date
Miroslav Stampar
9957881040 you won't believe commit 2010-12-10 13:20:59 +00:00
Miroslav Stampar
1fc9ed10a8 minor refactoring 2010-12-10 12:30:36 +00:00
Miroslav Stampar
4d8628e8fb fix for booleans 2010-12-10 12:26:01 +00:00
Miroslav Stampar
471d9ccd65 another fix of my lala 2010-12-10 10:11:25 +00:00
Miroslav Stampar
029a6abba2 quick fix 2010-12-10 09:54:25 +00:00
Miroslav Stampar
441fc8dbd9 update regarding boolean based expressions 2010-12-09 21:15:18 +00:00
Miroslav Stampar
1492823de0 it wasn't pretty, now it's pretty 2010-12-09 20:06:20 +00:00
Miroslav Stampar
3fd1c37d53 update 2010-12-09 07:49:18 +00:00
Bernardo Damele
b5c6527c72 Minor fix 2010-12-09 00:25:48 +00:00
Bernardo Damele
f5ce739bdf Added support for time-based blind SQL injection via stacked queries too. Need to add vectors for some DBMS yet. 2010-12-08 23:52:31 +00:00
Miroslav Stampar
54f6673609 update 2010-12-08 22:38:26 +00:00
Miroslav Stampar
d6077273e0 update 2010-12-08 22:14:42 +00:00
Miroslav Stampar
40fadf2f35 minor update 2010-12-08 14:33:10 +00:00
Miroslav Stampar
6223f25dd9 code beautification 2010-12-08 13:04:48 +00:00
Miroslav Stampar
64cc2588f1 now resume is available for time-based blinds too 2010-12-08 12:49:26 +00:00
Miroslav Stampar
537b619165 removing junk 2010-12-08 12:30:25 +00:00
Miroslav Stampar
b5e45939e3 sqlmap premiere of blind time based query/bisection 2010-12-08 12:28:54 +00:00
Miroslav Stampar
e53fef546e update regarding session page templates 2010-12-07 14:35:31 +00:00
Miroslav Stampar
add6235b16 removed pageTemplate from injection(s), it's not longer stored in session, and it's reloaded when resuming from session 2010-12-07 14:06:54 +00:00
Miroslav Stampar
d77ddbee47 OR based inference works for the first time in history and fingerprint of 4 major DBMSes is now injection based (instead of AND) 2010-12-06 18:20:57 +00:00
Bernardo Damele
17449754fe Got rid of UNION false cond 2010-12-05 16:16:15 +00:00
Miroslav Stampar
5764816891 minor cosmetics 2010-12-03 22:28:09 +00:00
Bernardo Damele
11058667e4 Better naming 2010-12-03 14:45:13 +00:00
Bernardo Damele
22de82634a Important update to parse correctly the <where> tag during exploitation phase.
Minor code cleanup.
2010-12-03 10:44:16 +00:00
Bernardo Damele
283a04e29a On my way to properly parse test's <where> tag in exploitation phase 2010-12-01 23:32:58 +00:00
Bernardo Damele
089c16a1b8 Added tag <epayload> to the payloads.xml's <test> tag to define which payload to use when exploiting the test type.
Removed some useless tests.
Moved <error> from queries.xml to payloads.xml as it makes more sense.
Beeps at sql inj found only if --beep is provided.
Minor fix in order to be able to pickle advancedDict() objects.
Minor code refactoring.
Removed useless folders.
2010-12-01 17:09:52 +00:00
Bernardo Damele
025361c970 Higher precedence to union query sql inj than error-based 2010-12-01 10:57:17 +00:00
Bernardo Damele
472f4465a6 Prioritize DBMS fingerprint based on DBMS (<dbms>) identified during the detection phase.
Minor bug fix to properly handle the case that no injections are found.
Nicer display of injection vulnerabilities detected.
Minor code refactoring.
2010-11-28 21:27:47 +00:00
Bernardo Damele
7e3b24afe6 Rewrite from scratch the detection engine. Now it performs checks defined in payload.xml. User can specify its own.
All (hopefully) functionalities should still be working.
Added two switches, --level and --risk to specify which injection tests and boundaries to use.
The main advantage now is that sqlmap is able to identify initially which injection types are present so for instance if boolean-based blind is not supported, but error-based is, sqlmap will keep going and work!
2010-11-28 18:10:54 +00:00
Bernardo Damele
17486e472a Proper english (--postfix is now --suffix) and --string/--regexp does not necessarily need to match into the original response body, it might well be in the injected True condition only! 2010-11-17 22:00:09 +00:00
Bernardo Damele
f83dd2251b Properly save error-based enumerated data in session file, able to be resumed like with other techniques 2010-11-12 11:40:37 +00:00
Bernardo Damele
45ec8c169a Consistency between --*-test switches/output 2010-11-08 16:46:25 +00:00
Miroslav Stampar
862395ced1 further refactoring (all enumerations are now put into enums.py) 2010-11-08 09:20:02 +00:00
Bernardo Damele
b6da946883 Added one new verbose level, -v 3 now shows the full injected payload.
Fixed also -d verbose output.
2010-11-07 22:34:29 +00:00
Miroslav Stampar
d3e7e89e60 major improvement with display of payloads (all payloads are displayed now) and removal of "pesky" spaces 2010-11-07 21:18:09 +00:00
Miroslav Stampar
685a8e7d2c refactoring of hard coded dbms names 2010-11-02 11:59:24 +00:00
Bernardo Damele
486a113560 Consolidate logger messages for --*-test switches 2010-10-31 16:58:38 +00:00
Miroslav Stampar
5a38ac7ea9 important update regarding (Bug #209) - probably more will be needed 2010-10-29 16:11:50 +00:00
Bernardo Damele
f5904d0bc0 Major bug fix to --union-test 2010-10-25 23:39:55 +00:00
Bernardo Damele
215175e3b7 Minor code adjustments 2010-10-25 14:11:47 +00:00
Miroslav Stampar
32728d14b7 fix for --union-use with --error-test 2010-10-25 12:25:29 +00:00
Miroslav Stampar
db260c44d3 minor update 2010-10-24 22:25:05 +00:00
Miroslav Stampar
dec4d858b3 fix for Bug #207 2010-10-22 14:01:48 +00:00
Miroslav Stampar
bc79eec702 removed queriesfile.py, implemented XMLObject approach (still shell.py and udf.py TODO) 2010-10-21 13:13:12 +00:00
Miroslav Stampar
be443c6947 refactoring regarding __START__,... 2010-10-21 09:51:07 +00:00
Bernardo Damele
7f1aa3b94f Removed unused imports 2010-10-20 22:48:51 +00:00
Miroslav Stampar
934adb5e8d code refactoring 2010-10-20 09:09:04 +00:00
Miroslav Stampar
b032fdbf74 added randInt to error injection vectors 2010-10-20 08:56:58 +00:00
Miroslav Stampar
dabbcf9e23 fix for that 'Subquery returns more than 1 row' 2010-10-20 08:50:05 +00:00
Miroslav Stampar
82f44989ce update of error based injection and bug fix for --roles on MSSQL server 2010-10-20 06:40:33 +00:00